[Serusers] Proxy-to-Proxy authentication
Cesc Santasusana
cesc.santasusana at nl.thalesgroup.com
Tue May 3 10:53:06 CEST 2005
Hi,
TLS was meant exactly for that. The RFC specifies it as a hop by hop security (auth + crypto) mechanism
I think SER has a module that allows it to authenticate via Digest (UAC module). I have not tried it, because with the availability of a free TLS implementation for SER, and TLS being a mandatory feature for proxies ... why go along with such an simple mechanism as digest?
The only poblem many people see with using tls is that it requires a tcp connection, thus for high traffic servers it may be a problem (though u can use force_tcp_alias, and reuse the same socket for same P2P connections, thus reducing the connection setup delay associated with tcp and specially with tls).
If tcp/tls is not an option in your network, then probably you could think of IPSec (works for both tcp and udp) ... or maybe you want to implement something fancier ... say ... tunnel SIP messages withing S/MIME protected sip messages :D
Regards,
Cesc
>>> "Victor Huertas Garcia" <vhuertas at hotmail.com> 05/02/05 06:01PM >>>
Hi all!
I'm newie in this mailing list and I am working with SER at this momen in a
project.
However I have a doubt I would like to clarify.
Does anyone know if there is a way to perform SIP Proxy to SIP Proxy
authentication (I mean in SIP protocol in general)?
If a SIP proxy receives an INVITE from another SIP Proxy, how does the proxy
which receives the INVITE that the originating proxy can be trusted?
I have read something about TLS but I took it from an article of 2003...
Which is the most used method nowadays?
Thank you very much for your attentio
Regards
Victor
Unclassified
_______________________________________________
Serusers mailing list
serusers at lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
More information about the sr-users
mailing list