Hi,

there is a brief description of RFC 6072: in the SIP domain, there is a credential server. User agent (e.g. IP Phone, SIP softphone) uploads his public key on the server. If somebody would like to contact the user, he can get user's public key from the credential server and send to the user encrypted message. Another function of credential server is storing private key of user. It is good in reason, that user registers on new endpoint. The endpoint can download private and public key from server, and there would not be problem in for example forking encrypted call to several endpoints.

Marek

Dňa 25. 2. 2016 o 8:42 Daniel-Constantin Mierla napísal(a):

Hello,

On 24/02/16 11:13, Marek Moravčík wrote:

...

Hi guys,

I am currently doing research in SIP security. As described in RFC 6072, there can be credential server storing public and private keys (certificates). I have question, if there is any support from Kamailio for this, or if somebody has tried similar things with Kamailio. Thanks!

I haven't had the time to look at the RFC, can you describe shortly what exactly is supposed to happen in this case?

Kamailio supports loading the tls certificates from local file system at this moment and caches them in memory for speed. Reloading them at runtime can be done with a rpc command, without restarting kamailio.

Cheers, Daniel