[OpenSIPS-Users] [NEW Module] SIP Identity

Bogdan-Andrei Iancu bogdan at voice-system.ro
Fri Feb 20 18:27:04 CET 2009


and in my understanding, if a hope changes something in the body, It 
should be authorized to do that and also it needs to update the Identity..

Regards,
Bogdan


Adrian Georgescu wrote:
> I imagine one would want to use this mechanism exactly between two  
> legitimate hops to make sure that no intermediate has tempered with  
> the messages, isn't it?
>
> Adrian
>
> Bogdan-Andrei Iancu wrote:
>  > Hi Victor,
>  >
>  > I think this "limitation" is part of the mechanism :).
>  >
>  > it is the same as for secure sip and TLS
>
> not really -- changes to payload by legitimate SIP hops work with TLS
> but not with RFC4474.
> That was Victor's point.
>
> -jiri
>
>  > - if you get on the path a node
>  > with not TLS support, the call will fail. In this case, if a hop does
>  > not understand SIP identity and changes the message, the call will be
>  > denied.
>  >
>  > Regards,
>  > Bogdan
>  >
>  > Victor Pascual Ávila wrote:
>  >> On Tue, Feb 10, 2009 at 10:11 PM, Adrian Georgescu <ag at ag- 
> projects.com> wrote:
>  >>
>  >>> Beyond being plain interesting, it is the most cost-efective way to
>  >>> implement secure identity between SIP Proxies serving different  
> domains.
>  >>>
>  >> Unless you had a node along the path breaking the signature
>  >>
>  >
>  >
>  > _______________________________________________
>  > Users mailing list
>  > Users at lists.opensips.org
>  > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>  >
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>   




More information about the Users mailing list