[Serusers] Loose routing question
Cesc Santasusana
cesc.santasusana at nl.thalesgroup.com
Tue May 3 15:49:02 CEST 2005
I actually gave up trying to this kind of checks on routed messages. Why?
Not all phones behave the same way and some had problems when authentication (digest) was required for messages different than INVITE.
For example, Kphone can resend an INV if challenged which contains the auth-data. On the other hand, if a kphone is the receiver of the INV, and it hangs up, kphone generates a BYE message which does NOT contain auth-data. Thus, ser will challlenge the kphone back, kphone will reply with a CANCEL and resend the BYE without (again) the auth-data, entering an endless loop. Ain't it funny?
By the way ... i notified this to kphone developers ... no news :(
I repeat, i tried other phones and it worked fine: minisip, polycom hardphone (has many other bugs ...), snom, ...
But i agree with Juha (and this makes it twice this afternoon) ... you should authenticate them as you would with any other message. Try using a phone which supports TLS and then you are good to go :)
Regards,
Cesc
>>> Juha Heinanen <jh at tutpro.com> 05/03/05 11:58AM >>>
>Klaus Darilion writes:
>
> > What would be a normal (out-of-dialog) check?
>
>the same checks you do for initial requests that don't have Route
>header, i.e., check if domain of request uri is local, authenticate
>caller if local, etc.
>
>-- juha
>
_______________________________________________
Serusers mailing list
serusers at lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
Unclassified
More information about the sr-users
mailing list