Thank you very much for your answer, Cesc.
Now I have an idea about this issue.
Regards
Victor
From: "Cesc Santasusana" cesc.santasusana@nl.thalesgroup.com To: vhuertas@hotmail.com, serusers@lists.iptel.org Subject: Re: [Serusers] Proxy-to-Proxy authentication Date: Tue, 03 May 2005 10:53:06 +0200
Hi,
TLS was meant exactly for that. The RFC specifies it as a hop by hop security (auth + crypto) mechanism
I think SER has a module that allows it to authenticate via Digest (UAC module). I have not tried it, because with the availability of a free TLS implementation for SER, and TLS being a mandatory feature for proxies ... why go along with such an simple mechanism as digest?
The only poblem many people see with using tls is that it requires a tcp connection, thus for high traffic servers it may be a problem (though u can use force_tcp_alias, and reuse the same socket for same P2P connections, thus reducing the connection setup delay associated with tcp and specially with tls).
If tcp/tls is not an option in your network, then probably you could think of IPSec (works for both tcp and udp) ... or maybe you want to implement something fancier ... say ... tunnel SIP messages withing S/MIME protected sip messages :D
Regards,
Cesc
"Victor Huertas Garcia" vhuertas@hotmail.com 05/02/05 06:01PM >>>
Hi all!
I'm newie in this mailing list and I am working with SER at this momen in a project.
However I have a doubt I would like to clarify.
Does anyone know if there is a way to perform SIP Proxy to SIP Proxy authentication (I mean in SIP protocol in general)?
If a SIP proxy receives an INVITE from another SIP Proxy, how does the proxy which receives the INVITE that the originating proxy can be trusted?
I have read something about TLS but I took it from an article of 2003... Which is the most used method nowadays?
Thank you very much for your attentio
Regards
Victor Unclassified
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers