[sr-dev] DMQ security
Charles Chance
charles.chance at sipcentric.com
Tue Oct 29 12:27:27 CET 2013
>
> What are the use cases you see for this functionality?
Purely to ensure messages between nodes cannot be faked and sent from some
other source. The dmq module could simply be configured with a predefined
list of peers, but then it loses the self-discoverability which makes it so
flexible.
Charles
On 29 October 2013 11:22, Olle E. Johansson <oej at edvina.net> wrote:
> I agree with Peter that we may want to integrate TLS - both client and
> server certificates. I haven't tried the module so I can't comment on how
> this should be done, but using TLS by default in a way controlled by the
> module would make me feel a little bit better about it.
>
> What are the use cases you see for this functionality? Curious.
>
> /O
>
> On 29 Oct 2013, at 12:18, Charles Chance <charles.chance at sipcentric.com>
> wrote:
>
> Do I need to do anything special within my module in order to do this? I
> assumed (perhaps wrongly) that it would work out of the box, providing tls
> was enabled correctly in config. Admittedly, I haven't tried it yet.
>
> Best,
>
> Charles
>
>
> On 29 Oct 2013 10:25, "Peter Dunkley" <peter.dunkley at crocodilertc.net>
> wrote:
>
>> Hello,
>>
>> Are there any options for pushing the traffic through the TLS module?
>>
>> Regards,
>>
>> Peter
>>
>>
>> On 29 October 2013 10:17, Charles Chance <charles.chance at sipcentric.com>wrote:
>>
>>> Devs,
>>>
>>> I'm looking for some advice/opinions.
>>>
>>> Regarding security of the dmq messages between kamailios - currently it
>>> can be achieved by using a separate port (and/or ip) for dmq use and
>>> locking this down at firewall level. Of course, tls can be used to protect
>>> the content of the messages over the wire.
>>>
>>> So is this enough? Or should I look to implement some kind of
>>> authentication mechanism as well? Perhaps something as simple as a
>>> pre-shared key would suffice, assuming the messages are encrypted of
>>> course. Full digest authentication is way too heavy in my opinion.
>>>
>>> Any ideas? Or just leave it up to the user to secure it in network layer?
>>>
>>> Cheers,
>>>
>>> Charles
>>>
>>> www.sipcentric.com
>>>
>>> Follow us on twitter @sipcentric <http://twitter.com/sipcentric>
>>>
>>> Sipcentric Ltd. Company registered in England & Wales no. 7365592. Registered
>>> office: Unit 10 iBIC, Birmingham Science Park, Holt Court South, Birmingham
>>> B7 4EJ.
>>> _______________________________________________
>>> sr-dev mailing list
>>> sr-dev at lists.sip-router.org
>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
>>>
>>>
>>
>>
>> --
>> Peter Dunkley
>> Technical Director
>> Crocodile RCS Ltd
>>
>> _______________________________________________
>> sr-dev mailing list
>> sr-dev at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
>>
>>
> www.sipcentric.com
>
> Follow us on twitter @sipcentric <http://twitter.com/sipcentric>
>
> Sipcentric Ltd. Company registered in England & Wales no. 7365592. Registered
> office: Unit 10 iBIC, Birmingham Science Park, Holt Court South, Birmingham
> B7 4EJ._______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
>
>
>
> _______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
>
>
--
*Charles Chance*
Managing Director
t. 0121 285 4400 m. 07932 063 891
--
www.sipcentric.com
Follow us on twitter @sipcentric <http://twitter.com/sipcentric>
Sipcentric Ltd. Company registered in England & Wales no. 7365592. Registered
office: Unit 10 iBIC, Birmingham Science Park, Holt Court South, Birmingham
B7 4EJ.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20131029/ffd084f9/attachment-0001.html>
More information about the sr-dev
mailing list