<div dir="ltr"><div><div><div><div>Hi Geeks,<br><br></div>While exploring further I found a draft explaining elliptic curve secure remote protocol (<b>EC-SRP</b>) for SIP authentication<br><a href="https://tools.ietf.org/html/draft-liu-sipcore-ec-srp5-03">https://tools.ietf.org/html/draft-liu-sipcore-ec-srp5-03</a><br><br></div>This explanation seems align with my requirements of not storing password in database.<br>UAC and UAS both should support EC-SRP.<br><br></div>Do we have any road-map of opensips implementing of EC-RSP or similar authentication mechanism?<br></div><div>I will check the same with PJSIP because i couldn't find any traces on their forum as well. <br></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div><font size="2"><span style="font-family:verdana,sans-serif"><span style="color:rgb(39,78,19)">--<br>regards,</span></span></font></div><font size="2"><span style="font-family:verdana,sans-serif"><span style="color:rgb(39,78,19)"><br>abdul basit<br><br></span></span></font></div></div>
<br><div class="gmail_quote">On Wed, Mar 8, 2017 at 9:53 PM, Abdul Basit <span dir="ltr"><<a href="mailto:basit.engg@gmail.com" target="_blank">basit.engg@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div>Hi Bogdan,<br><br></div>I am using PJSIP as UAC and Opensips as UAS with radius for AAA.<br></div>I wanted to avoid getting into the code but let me check the flexibility.<br><br>Thank you for your reply :)<br><div class="gmail_extra"><div><div class="gmail-m_7413305819554289247m_4114199847205901490gmail_signature"><div><font size="2"><span style="font-family:verdana,sans-serif"><span style="color:rgb(39,78,19)"><br>--<br>regards,</span></span></font></div><font size="2"><span style="font-family:verdana,sans-serif"><span style="color:rgb(39,78,19)"><br>abdul basit</span></span></font></div></div><div><div class="gmail-h5">
<br><div class="gmail_quote">On Wed, Mar 8, 2017 at 1:34 AM, Bogdan-Andrei Iancu <span dir="ltr"><<a href="mailto:bogdan@opensips.org" target="_blank">bogdan@opensips.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<tt>Hi Abdul,<br>
<br>
Besides the digest auth, there is no other standard auth mechanism
for SIP, AFAIK.<br>
<br>
If you have control over the SIP UAC, of course, you could try to
build your own auth mechanism - OpenSIPS offers enough flexibility
in terms of both header manipulation and data computing.<br>
<br>
Regards,<br>
</tt>
<pre class="gmail-m_7413305819554289247m_4114199847205901490gmail-m_7274627969134338607moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="gmail-m_7413305819554289247m_4114199847205901490gmail-m_7274627969134338607moz-txt-link-freetext" href="http://www.opensips-solutions.com" target="_blank">http://www.opensips-solutions.<wbr>com</a>
OpenSIPS Summit May 2017 Amsterdam
<a class="gmail-m_7413305819554289247m_4114199847205901490gmail-m_7274627969134338607moz-txt-link-freetext" href="http://www.opensips.org/events/Summit-2017Amsterdam.html" target="_blank">http://www.opensips.org/events<wbr>/Summit-2017Amsterdam.html</a>
</pre><div><div class="gmail-m_7413305819554289247m_4114199847205901490gmail-h5">
<div class="gmail-m_7413305819554289247m_4114199847205901490gmail-m_7274627969134338607moz-cite-prefix">On 03/07/2017 10:26 AM, Abdul Basit
wrote:<br>
</div>
</div></div><blockquote type="cite"><div><div class="gmail-m_7413305819554289247m_4114199847205901490gmail-h5">
<div dir="ltr">
<div>
<div>
<div>Hi,<br>
<br>
</div>
I have a scenario where I will create password <span style="color:rgb(153,0,0)">HASH</span> = <span style="color:rgb(153,0,0)">SALT</span> + <span style="color:rgb(32,18,77)">STRING</span> and save <span style="color:rgb(153,0,0)">SALT</span> and resulted <span style="color:rgb(153,0,0)">HASH</span> only in DB.<br>
<br>
I will transport random <span style="color:rgb(12,52,61)">STRING</span>
value to my custom sip application as password.<br>
<br>
</div>
Digest authentication is not comply with this requirement.<br>
<br>
Is that any supported authentication mechanism that can
fulfill this requirement.<br>
</div>
or is there any more appropriate authentication mechanism by
opensips/kamailio? <br>
<div>
<div><br>
</div>
<div>One of the objectives is in case DB will compromise,
users passwords will not available because random <span style="color:rgb(12,52,61)">STRING will not store in DB.<br>
</span></div>
<div><br>
</div>
<div>Looking forward for suggestions and comments.<br>
<br clear="all">
</div>
<div>
<div>
<div>
<div class="gmail_extra">
<div>
<div class="gmail-m_7413305819554289247m_4114199847205901490gmail-m_7274627969134338607gmail_signature">
<div><font size="2"><span style="font-family:verdana,sans-serif"><span style="color:rgb(39,78,19)">--<br>
regards,</span></span></font></div>
<font size="2"><span style="font-family:verdana,sans-serif"><span style="color:rgb(39,78,19)"><br>
abdul basit<br>
</span></span></font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="gmail-m_7413305819554289247m_4114199847205901490gmail-m_7274627969134338607mimeAttachmentHeader"></fieldset>
<br>
</div></div><pre>______________________________<wbr>_________________
Users mailing list
<a class="gmail-m_7413305819554289247m_4114199847205901490gmail-m_7274627969134338607moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a>
<a class="gmail-m_7413305819554289247m_4114199847205901490gmail-m_7274627969134338607moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-<wbr>bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</div>
</blockquote></div><br></div></div></div></div>
</blockquote></div><br></div></div>