[OpenSIPS-Users] [NEW Module] SIP Identity

Adrian Georgescu ag at ag-projects.com
Fri Feb 20 13:26:05 CET 2009


I imagine one would want to use this mechanism exactly between two  
legitimate hops to make sure that no intermediate has tempered with  
the messages, isn't it?

Adrian

Bogdan-Andrei Iancu wrote:
 > Hi Victor,
 >
 > I think this "limitation" is part of the mechanism :).
 >
 > it is the same as for secure sip and TLS

not really -- changes to payload by legitimate SIP hops work with TLS
but not with RFC4474.
That was Victor's point.

-jiri

 > - if you get on the path a node
 > with not TLS support, the call will fail. In this case, if a hop does
 > not understand SIP identity and changes the message, the call will be
 > denied.
 >
 > Regards,
 > Bogdan
 >
 > Victor Pascual Ávila wrote:
 >> On Tue, Feb 10, 2009 at 10:11 PM, Adrian Georgescu <ag at ag- 
projects.com> wrote:
 >>
 >>> Beyond being plain interesting, it is the most cost-efective way to
 >>> implement secure identity between SIP Proxies serving different  
domains.
 >>>
 >> Unless you had a node along the path breaking the signature
 >>
 >
 >
 > _______________________________________________
 > Users mailing list
 > Users at lists.opensips.org
 > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
 >





More information about the Users mailing list