On Tuesday 24 May 2005 10:26 am, you wrote:
Also I don't understand what you mean by #3. Taking ip address from authenticated REGISTER and then doing IP auth on that?
No, using sipsak to actually do a REGISTER on behalf of your ser. No IP auth, basically it makes your ser a registered client of the GW. Of course, if INVITEs still must be authenticated, you are back to the UAC module problem.
Sorry, Greger, I still don't understand how would registering adds any INVITE-security if INVITEs not authenticated. Still anyone can send INVITE putting ip address of my server as source of ip packet.
;-) Yes, that's is exactly what I'm saying. I was just listing the various alternatives, not complete solutions. Basically, as a GW provider, you decide on your level of security and how you want to implement it. Ex. ACLs on IP addresses and always replying to source IP is one way. Authenticating INVITEs is another. It all boils down to working with your providers to figure out the best way to do it. (AFAIK, you are the customer when buying PSTN minutes...)
Exactly, I'm a customer. And I actually want to authenticate for my own peace of mind. Now, it's in the planning stage and I'm trying to understand my options. Thanks for your comments.
g-)
Michael