[Devel] SIP Identity support
Klaus Darilion
klaus.mailinglists at pernau.at
Fri Mar 23 11:00:42 CET 2007
Alexander Christ wrote:
> Hello Klaus!
>
> Yes, this is correct. So there is a problem, if you want to use this module in scenarios where rewriting of the message body (or other parts which will be signed) is needed.
A workaround would be to spiral the message to the proxy again for
signing - but IMO this is not very nice.
Bogdan, Daniel - is it possible to execute the signing function after
all the lumps has been applied?
In branch route - does openser.cfg sees the original message or the
rewriten message?
regards
klaus
> regards
> Alexander
>
> Klaus Darilion wrote:
>
>> Alexander Christ wrote:
>>> Hello Klaus!
>>>
>>> I know that there is the auth_identity module in ser. But I do not know much
>>> more about it. I have developed my module completely independent of this one.
>>>
>>> I build the identity header using the original received message.
>> Thus, if the proxy rewrites the message (e.g. nathelper rewrites the
>> SDP) then the signature is wrong - correct?
>>
>> klaus
>>
>>> I am going to port it to devel version, write a (short) English documentation
>>> and upload it on the "patches" tracker within the next few days.
>>>
>>> regards
>>> Alexander
>>>
>>> Am Donnerstag, 22. März 2007 17:26 schrieb Klaus Darilion:
>>>> Hi Alexander!
>>>>
>>>> Great! Contributions are always welcome. Please upload the source code
>>>> on the "patches" tracker on sourceforge:
>>>> http://sourceforge.net/tracker/?group_id=139143&atid=743022
>>>>
>>>> btw: do you know about the auth_identity module in ser (which provides
>>>> probably the some functionality) ? advantages/disadvantages?
>>>>
>>>> Do you build the identity header using the original received message or
>>>> after all the message rewriting (lumps) have been applied?
>>>>
>>>> regards
>>>> klaus
>>>>
>>>> Alexander Christ wrote:
>>>>> Hello all!
>>>>>
>>>>> As part of my diploma thesis about SIP security, I have written a module
>>>>> which adds support for SIP Identity (RFC 4474). I would like to publish
>>>>> this module, if someone is interested.
>>>>>
>>>>> The module is written for version 1.1.0.
>>>>>
>>>>> There are 2 known limitations for the Verifier in this module:
>>>>> 1.)Certificates are not downloaded. They have to be stored locally. (see
>>>>> chapter 6 of RFC 4474)
>>>>> 2.)Call-IDs of valid requests containing an Identity header are not
>>>>> recorded. Hence the Verifier does not provide full replay protection.
>>>>> (see section 13.1 of RFC 4474)
>>>>>
>>>>> At the moment documentation is in German, but I am going to make an
>>>>> English translation.
>>>>>
>>>>> Regards
>>>>> Alexander Christ
>>>>>
>>>>> ----
>>>>> Alexander Christ - student at Cologne University of Applied Sciences
>>>>> ----
>>>>>
>>>>> _______________________________________________
>>>>> Devel mailing list
>>>>> Devel at openser.org
>>>>> http://openser.org/cgi-bin/mailman/listinfo/devel
>
>
> _______________________________________________________________
> SMS schreiben mit WEB.DE FreeMail - einfach, schnell und
> kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192
>
More information about the Devel
mailing list