[Serusers] Security methods for PSTN termination of SIP calls

Alan Litster alitster at telcoelectronics.co.uk
Mon Feb 21 11:30:29 CET 2005 

Marian,

That sounds very interesting, I was thinking about writing one myself to
authenticate invites between our own proxies for outbound pstn calls. Will
this module be released in the same way that your avpops was?

If feel that that's one of the main missing fetaures of SIP, some kind of
proxy-to-proxy auth. We've used a RADIUS auth model previously to
authenticate UAC from one domain on another although this does not work
under all circumstances.

Regards,

Alan


-----Original Message-----
From: Marian Dumitru [mailto:marian.dumitru at voice-sistem.ro]
Sent: 18 February 2005 19:53
To: Alan Litster
Cc: SER Mailing List
Subject: Re: [Serusers] Security methods for PSTN termination of SIP
calls


Hi Alan,

I was referring to proxy to proxy authentication.
We, Voice System, prepare to launch in terms of days a new SER module
that will enhance SER with the capability of performing UAC authentication.
With this feature, your SER proxies will be able to authenticate between
  them totally transparent for the end users.

Best regards,
Marian

Alan Litster wrote:
> Marian,
>
> When you say to use authentication between server are you suggesting that
> the proxy that the users are hanging off authenticates all INVITE requests
> before forwarding them onto the proxy that controls access to the gateway?
> Or are you referring to some form of proxy to proxy authentication
> mechanism? If so what is it, as I've never come across one before and
would
> be very interested in knowing more about it.
> I think using IPSEC/TLS is a little heavy duty for our needs. We require
> some means of verifying the identity of the remote SIP proxy that does not
> go by source IP address.
>
> Regards,
>
> Alan
>
> -----Original Message-----
> Hi Alan,
>
> Excepting source IP check (which is not reliable), you can also use
> authentication between server - SIPproxy2 authenticates all request sent
> to SIP proxy1 and vice-versa.
>
> Since the end points are fixed (PSTN GWs), you can create IPSEC tunnels
> to transport the signaling part. Tunneling also the media will probably
> introduce delay and will require some really performat machines :-).
>
> Also you can go for TLS, which is as concept basically the same thing
> IPSEC tunnels. The major difference is that TLS is not free as IPSEC is.
>
> Best regards,
> Marian
>
>
>
> --------------------------------------------------------------------------
-----------------------------
> This email, and any files transmitted with it, is copyright and may
contain confidential information.
> The contents are intended for the use of the addressee(s) only.
> Unauthorized use may be unlawful.
> If you receive this email by mistake, please advise sender immediately.
> The views of the author may not necessarily constitute the views of Telco
Electronics Limited.
> Nothing in this mail shall bind Telco Electronics Limited in any contract
or obligation.
>
> Telco Electronics Limited
> 6-8 Oxford Court
> Brackley
> Northants
> NN13 7XY
>
> Tel 01280 761600
> Fax 01280 841174
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>

--
Voice System
http://www.voice-system.ro


-------------------------------------------------------------------------------------------------------
This email, and any files transmitted with it, is copyright and may contain confidential information.
The contents are intended for the use of the addressee(s) only.
Unauthorized use may be unlawful.
If you receive this email by mistake, please advise sender immediately.
The views of the author may not necessarily constitute the views of Telco Electronics Limited.
Nothing in this mail shall bind Telco Electronics Limited in any contract or obligation.

Telco Electronics Limited
6-8 Oxford Court
Brackley
Northants
NN13 7XY

Tel 01280 761600
Fax 01280 841174

More information about the sr-users mailing list