[Devel] "SIP identity" module
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Mon May 14 12:29:03 CEST 2007
OK- I see - I wanted to double check if the module does also
authentication as server. In this case, we have to work around an way to
compute the code based on the final format of the request.
regards,
bogdan
Klaus Darilion wrote:
> The module is both: an authentication service and a verifier.
>
> The verifier will verify the signature. As this should be done before
> manipulating the request there is no problem.
>
> The authentication service adds the signature on behalf of the user.
> Thus, here message manipulation matters.
>
> btw: If also come around a problem if a client does verification too:
>
>
> alice---atlanta-proxy---------biloxy-proxy---bob
>
> atlanta proxy will add the signature on behalf of alice. If this is
> done after NAT traversal there is no problem.
>
> Biloxy receives the request, can perform signature validation, and if
> the signature is fine forwards the request to bob. If biloxy proxy
> activates an RTP proxy, then bob can't validate the signature any more.
>
> regards
> klaus
>
> Bogdan-Andrei Iancu wrote:
>> Hi Klaus,
>>
>> do you have any idea if the module is for implementing server auth or
>> also for client auth (for proxy 2 proxy scenarios)?
>>
>> if it's only for client-server auth, we do not care about changes...
>>
>> regards,
>> bogdan
>>
>> Klaus Darilion wrote:
>>>
>>> Juha Heinanen wrote:
>>>> Henning Westerholt writes:
>>>>
>>>> > Blocks this the inclusion of the module in the trunk?
>>>>
>>>> not necessarily if someone thinks that he/she needs this module even
>>>> if it doesn't work with nathelper or this someone is willing to fix
>>>> the
>>>> module so that it does start working with nathelper.
>>>>
>>>> taking a quick look at the rfc, i didn't see any other showstoppers
>>>> for
>>>> identity digest calculation except message body.
>>>
>>> The digest also includes Contact header and Date header. Thus, in
>>> most cases the digest can't be added immediately - only by looping
>>> the message back to openser after applying the message manipulations.
>>>
>>> _______________________________________________
>>> Devel mailing list
>>> Devel at openser.org
>>> http://openser.org/cgi-bin/mailman/listinfo/devel
>>>
>>
>
More information about the Devel
mailing list