[Users] Secure SIP messages

Steffen Witt witt.steffen at googlemail.com
Thu Jan 4 09:54:02 CET 2007


> > My questions:
> > - Is there any mechanism that prevents me from corrupting or faking
> > SIP messages?
> What do you want? Do you want to manipulate SIP messages or do you want
> that nobody can manipulate your SIP messages?

I want to prevent manipulation of SIP messages.

> > - Is it possible to create a kind of binding between the certificates
> > used for TLS/IPSec and the SIP accounts?
> Not for IPsec as IPsec is not in the application. Thus, the application
> has no access to any IPsec settings - it even does not know if a message
> is sent via IPsec or not.
> Regarding TLS: Usually you use TLS for encryption and digest for
> authentication.
> Using TLS certificates for clients is not that simple. You can't use
> host certificates as the IP address and hostnames of the clients will
> change. Thus, the TLS certificate must be for a sip URI (for details see
> RFC 3261). Then you could use the pseudo variable exported by tlsops
> module to compare the certificate parameter against the From: URI. This
> will work for incoming requests, but not for outgoing requests (when you
> want to compare the certificate name against the To or Request URI)

Thanks for the info.

Best regards,

More information about the sr-users mailing list