24 Feb
2016
24 Feb
'16
12:13 p.m.
Hi guys,
I am currently doing research in SIP security. As described in RFC 6072,
there can be credential server storing public and private keys
(certificates).
I have question, if there is any support from Kamailio for this, or if
somebody
has tried similar things with Kamailio. Thanks!
Best regards
Marek Moravcik
25 Feb
25 Feb
9:42 a.m.
Hello,
On 24/02/16 11:13, Marek Moravčík wrote:
Hi guys,
I am currently doing research in SIP security. As described in RFC 6072,
there can be credential server storing public and private keys
(certificates).
I have question, if there is any support from Kamailio for this, or if
somebody
has tried similar things with Kamailio. Thanks!
I haven't had the time to look at the RFC, can you describe shortly what
exactly is supposed to happen in this case?
Kamailio supports loading the tls certificates from local file system at
this moment and caches them in memory for speed. Reloading them at
runtime can be done with a rpc command, without restarting kamailio.
Cheers,
Daniel
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Berlin, March 7-9, 2016 - http://www.asipto.com
12:09 p.m.
Hi,
there is a brief description of RFC 6072: in the SIP domain, there is a
credential server. User agent
(e.g. IP Phone, SIP softphone) uploads his public key on the server. If
somebody would like to contact
the user, he can get user's public key from the credential server and
send to the user encrypted message.
Another function of credential server is storing private key of user. It
is good in reason, that user
registers on new endpoint. The endpoint can download private and public
key from server, and there
would not be problem in for example forking encrypted call to several
endpoints.
Marek
Dňa 25. 2. 2016 o 8:42 Daniel-Constantin Mierla napísal(a):
Hello,
On 24/02/16 11:13, Marek Moravčík wrote:
Hi guys,
I am currently doing research in SIP security. As described in RFC 6072,
there can be credential server storing public and private keys
(certificates).
I have question, if there is any support from Kamailio for this, or if
somebody
has tried similar things with Kamailio. Thanks!
I haven't had the time to look at the RFC, can you describe shortly what
exactly is supposed to happen in this case?
Kamailio supports loading the tls certificates from local file system at
this moment and caches them in memory for speed. Reloading them at
runtime can be done with a rpc command, without restarting kamailio.
Cheers,
Daniel
3193
days inactive
3194
days old
2 comments
2 participants
participants (2)
-
Daniel-Constantin Mierla -
Marek Moravčík