[Serusers] Proxy-to-Proxy authentication
Victor Huertas Garcia
vhuertas at hotmail.com
Tue May 3 12:07:56 CEST 2005
Thank you very much for your answer, Cesc.
Now I have an idea about this issue.
Regards
Victor
>From: "Cesc Santasusana" <cesc.santasusana at nl.thalesgroup.com>
>To: <vhuertas at hotmail.com>, <serusers at lists.iptel.org>
>Subject: Re: [Serusers] Proxy-to-Proxy authentication
>Date: Tue, 03 May 2005 10:53:06 +0200
>
>Hi,
>
>TLS was meant exactly for that. The RFC specifies it as a hop by hop
>security (auth + crypto) mechanism
>
>I think SER has a module that allows it to authenticate via Digest (UAC
>module). I have not tried it, because with the availability of a free TLS
>implementation for SER, and TLS being a mandatory feature for proxies ...
>why go along with such an simple mechanism as digest?
>
>The only poblem many people see with using tls is that it requires a tcp
>connection, thus for high traffic servers it may be a problem (though u can
>use force_tcp_alias, and reuse the same socket for same P2P connections,
>thus reducing the connection setup delay associated with tcp and specially
>with tls).
>
>If tcp/tls is not an option in your network, then probably you could think
>of IPSec (works for both tcp and udp) ... or maybe you want to implement
>something fancier ... say ... tunnel SIP messages withing S/MIME protected
>sip messages :D
>
>Regards,
>
>Cesc
>
> >>> "Victor Huertas Garcia" <vhuertas at hotmail.com> 05/02/05 06:01PM >>>
>
>
>Hi all!
>
>I'm newie in this mailing list and I am working with SER at this momen in a
>project.
>
>However I have a doubt I would like to clarify.
>
>Does anyone know if there is a way to perform SIP Proxy to SIP Proxy
>authentication (I mean in SIP protocol in general)?
>
>If a SIP proxy receives an INVITE from another SIP Proxy, how does the
>proxy
>which receives the INVITE that the originating proxy can be trusted?
>
>I have read something about TLS but I took it from an article of 2003...
>Which is the most used method nowadays?
>
>Thank you very much for your attentio
>
>Regards
>
>Victor
>Unclassified
>
>_______________________________________________
>Serusers mailing list
>serusers at lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers
>
More information about the sr-users
mailing list