[sr-dev] SIP identity - AUTH_identity
Olle E. Johansson
oej at edvina.net
Wed Oct 26 17:22:09 CEST 2011
Hello!
Today at SIPit 29 we successfully tested the kamailio auth_identity module that implements RFC 4474.
We could successfully add SIP identity headers and verify incoming headers from one other implementation.
Now, the module is not built for scalability and redundance. A lot of stuff is cached in RAM, like certificates - which could lead to an DOS attack vector. It doesn't make it simple either when you have multiple servers for one domain. Maybe a memcached backend could help.
We will also try to look for other attack vectors, like sending bad HTTPS URL's.
Regardless, this was the first time I got SIP identity working and the others are struggling with their code to get their end working :-)
Kamailio rocks.
/O
More information about the sr-dev
mailing list