[sr-dev] DMQ security

Olle E. Johansson oej at edvina.net
Tue Oct 29 12:22:26 CET 2013 

I agree with Peter that we may want to integrate TLS - both client and server certificates. I haven't tried the module so I can't comment on how this should be done, but using TLS by default in a way controlled by the module would make me feel a little bit better about it.

What are the use cases you see for this functionality? Curious.

/O

On 29 Oct 2013, at 12:18, Charles Chance <charles.chance at sipcentric.com> wrote:

> Do I need to do anything special within my module in order to do this? I assumed (perhaps wrongly) that it would work out of the box, providing tls was enabled correctly in config. Admittedly, I haven't tried it yet.
> Best,
> 
> Charles
> 
> 
> 
> On 29 Oct 2013 10:25, "Peter Dunkley" <peter.dunkley at crocodilertc.net> wrote:
> Hello,
> 
> Are there any options for pushing the traffic through the TLS module?
> 
> Regards,
> 
> Peter
> 
> 
> On 29 October 2013 10:17, Charles Chance <charles.chance at sipcentric.com> wrote:
> Devs,
> 
> I'm looking for some advice/opinions.
> 
> Regarding security of the dmq messages between kamailios - currently it can be achieved by using a separate port (and/or ip) for dmq use and locking this down at firewall level. Of course, tls can be used to protect the content of the messages over the wire.
> 
> So is this enough? Or should I look to implement some kind of authentication mechanism as well? Perhaps something as simple as a pre-shared key would suffice, assuming the messages are encrypted of course. Full digest authentication is way too heavy in my opinion.
> 
> Any ideas? Or just leave it up to the user to secure it in network layer?
> 
> Cheers,
> 
> Charles
> 
> www.sipcentric.com
> 
> Follow us on twitter @sipcentric
> 
> Sipcentric Ltd. Company registered in England & Wales no. 7365592. Registered office: Unit 10 iBIC, Birmingham Science Park, Holt Court South, Birmingham B7 4EJ.
> _______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
> 
> 
> 
> 
> -- 
> Peter Dunkley
> Technical Director
> Crocodile RCS Ltd
> 
> _______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
> 
> 
> www.sipcentric.com
> 
> Follow us on twitter @sipcentric
> 
> Sipcentric Ltd. Company registered in England & Wales no. 7365592. Registered office: Unit 10 iBIC, Birmingham Science Park, Holt Court South, Birmingham B7 4EJ._______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20131029/00610aa6/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2374 bytes
Desc: not available
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20131029/00610aa6/attachment.bin>

More information about the sr-dev mailing list