[sr-dev] DMQ security
Charles Chance
charles.chance at sipcentric.com
Tue Oct 29 13:38:50 CET 2013
I agree with Olle that the common "pass the buck" attitude is wrong,
although in this case I don't believe securing the messages should be
mandatory. Often the communication between servers will be over a
private/secure network and the user should be allowed to disable it if they
deem it an unnecessary overhead.
Either way, the ability to use TLS where required is a definite must, so
I'll go away and look into that now.
Thanks for the comments,
Charles
On 29 October 2013 11:45, Peter Dunkley <peter.dunkley at crocodilertc.net>wrote:
> I don't know what would be involved in pushing DMQ messages through TLS as
> I am not familiar with the routing DMQ messages take through the Kamailio
> stack.
>
> I don't think that TLS should be mandatory for DMQ, just as it is not
> mandatory for SIP. My thinking was just that if there is a way to
> configure DMQ to use TLS (perhaps by just putting "tls:" on the front of
> the server address) it would be a good thing.
>
> Regards,
>
> Peter
>
>
> On 29 October 2013 11:36, Charles Chance <charles.chance at sipcentric.com>wrote:
>
>>
>> On 29 October 2013 11:24, Alex Balashov <abalashov at evaristesys.com>
>> wrote:
>>
>> It's not my decision, but personally, I'd leave this to the user to
>>> secure, just like everything else that is kind of IPC in nature (database
>>> connections, HTTP queries, etc originating from script).
>>>
>>>
>> I'm inclined to agree. The DMQ module is indeed IPC in nature, so by
>> default I would expect to be responsible for securing that communication at
>> network layer. But still I question myself, is this the correct approach.
>>
>> Charles
>>
>>
>> www.sipcentric.com
>>
>> Follow us on twitter @sipcentric <http://twitter.com/sipcentric>
>>
>> Sipcentric Ltd. Company registered in England & Wales no. 7365592. Registered
>> office: Unit 10 iBIC, Birmingham Science Park, Holt Court South, Birmingham
>> B7 4EJ.
>>
>> _______________________________________________
>> sr-dev mailing list
>> sr-dev at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
>>
>>
>
>
> --
> Peter Dunkley
> Technical Director
> Crocodile RCS Ltd
>
> _______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
>
>
--
www.sipcentric.com
Follow us on twitter @sipcentric <http://twitter.com/sipcentric>
Sipcentric Ltd. Company registered in England & Wales no. 7365592. Registered
office: Unit 10 iBIC, Birmingham Science Park, Holt Court South, Birmingham
B7 4EJ.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20131029/f5a08e1b/attachment-0001.html>
More information about the sr-dev
mailing list