-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Saturday 11 January 2003 03:55, Greg Fausak wrote:
What is the difference between these two functions?
Their are two authorization responses in SIP 401 and 407. In theory you should
receive 401 for an unauthorized registration, and 407 from a proxy in a chain
which processes for example your Invite. But i think in practice their is no
such well defined distinction what you will receive or send.
Also, when it comes to authentication, I've
finally
got my PSTN secure. It seems that every request
that you want guarded must be preceeded by a
www_authorize(), right? When I ngrep for the
packets going back and forth, I see that each INVITE is
now being authorized....not just the REGISTERs.
Correct.
The easiest and securest way is to authorize everything and to make exceptions
for special cases (responses for example).
A little bit like firewalling ;) : check only special cases and allow
everything else, or check everything and open only small holes.
I was assuming that you logged in and were authorized
once, and
then each request was under that login. However, I see that
isn't the case, right??? You *can* make a INVITE request
without REGISTERing...right?
Please be aware that a registrar and a proxy can be two completly (also
physical) seperated untis. And each unit can have it's own authorization
scheme.
A proxy can challenge Invites and Byes, but should not do this with external
Invites to your local user. Otherwise your your user wouldn't be reachable
from outside.
If you really want to control each SIP call in your network you should be
aware that your users and the SIP clients do not have to use your local proxy
and/or registrar. This means you have to forward every SIP request (and this
do not have to be only port 5060) by your outgoing router to your local
proxy.
Regards
Nils
- --
gpg-key:
http://www.ohlmeier.org/public_key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+IFBMx8PydbrWykARAvNdAJ9WThl3Z8nfQHe2PywjkXkyufZRJACdGjlo
9E6iaG/Vi9g9q4CmrkNO5rs=
=+1xN
-----END PGP SIGNATURE-----