[sr-dev] Kamailio security in general
Peter Dunkley
peter.dunkley at crocodilertc.net
Thu Oct 31 15:17:44 CET 2013
On 31 October 2013 14:07, Olle E. Johansson <oej at edvina.net> wrote:
>
>
> Hitting me with my own argument and code, that's cheating Peter :-)
>
>
It's fun to play dirty once in a while :-)
> Well, DMQ is one very strange and advanced module, I admit that. Like I
> said earlier I think my discussion now is more generic to how we
> communicate and build the product. I'm trying to change the attitude in a
> large group of stubborn engineers, including most of me, myself and I...
>
>
I certainly favour having security (and easy to use security) as a goal.
But one of the things I like about Kamailio is the flexibility. For
example, secure signalling is harder to trace (that's kind of the point),
so when building a network I will tend do so with security disabled (or at
least not enforced) so that I can make sure I am happy with the routing,
and then tighten things up before I let other people on it.
> Having said that, I haven't forgotten that I need to work on your
> to-do-list, Peter. TLS connection verification is one of the items high on
> that list.
>
>
Indeed. Currently my personal hit-list for Kamailio 4.2 is:
- auth_ephemeral secrets in a database table
- per-message/frame deflate for WebSockets
- validation of outbound TLS connections
- SIP DANE
And if there is time I'd like to do some more work on MSRP too :-)
> /O :-)
>
> _______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
>
>
--
Peter Dunkley
Technical Director
Crocodile RCS Ltd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20131031/74e6136c/attachment.html>
More information about the sr-dev
mailing list