[Serusers] Proxy-to-Proxy authentication

Victor Huertas Garcia vhuertas at hotmail.com
Tue May 3 12:07:56 CEST 2005 

Thank you very much for your answer, Cesc.

Now I have an idea about this issue.

Regards

Victor

>From: "Cesc Santasusana" <cesc.santasusana at nl.thalesgroup.com>
>To: <vhuertas at hotmail.com>, <serusers at lists.iptel.org>
>Subject: Re: [Serusers] Proxy-to-Proxy authentication
>Date: Tue, 03 May 2005 10:53:06 +0200
>
>Hi,
>
>TLS was meant exactly for that. The RFC specifies it as a hop by hop 
>security (auth + crypto) mechanism
>
>I think SER has a module that allows it to authenticate via Digest (UAC 
>module). I have not tried it, because with the availability of a free TLS 
>implementation for SER, and TLS being a mandatory feature for proxies ... 
>why go along with such an simple mechanism as digest?
>
>The only poblem many people see with using tls is that it requires a tcp 
>connection, thus for high traffic servers it may be a problem (though u can 
>use force_tcp_alias, and reuse the same socket for same P2P connections, 
>thus reducing the connection setup delay associated with tcp and specially 
>with tls).
>
>If tcp/tls is not an option in your network, then probably you could think 
>of IPSec (works for both tcp and udp) ... or maybe you want to implement 
>something fancier ... say ... tunnel SIP messages withing S/MIME protected 
>sip messages :D
>
>Regards,
>
>Cesc
>
> >>> "Victor Huertas Garcia" <vhuertas at hotmail.com> 05/02/05 06:01PM >>>
>
>
>Hi all!
>
>I'm newie in this mailing list and I am working with SER at this momen in a
>project.
>
>However I have a doubt I would like to clarify.
>
>Does anyone know if there is a way to perform SIP Proxy to SIP Proxy
>authentication (I mean in SIP protocol in general)?
>
>If a SIP proxy receives an INVITE from another SIP Proxy, how does the 
>proxy
>which receives the INVITE that the originating proxy can be trusted?
>
>I have read something about TLS but I took it from an article of 2003...
>Which is the most used method nowadays?
>
>Thank you very much for your attentio
>
>Regards
>
>Victor
>Unclassified
>
>_______________________________________________
>Serusers mailing list
>serusers at lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers
>

More information about the sr-users mailing list