[Asterisk-Dev] IAX Spec online
Kenny Shumard
kshumard at gmail.com
Thu Apr 28 03:42:35 MST 2005
On 4/27/05, Tim Robbins <tim at teragen.com.au> wrote:
> Great work so far. A few points (based on a quick reading):
>
> * The procedure for computing response to MD5 and RSA challenges is not
> specified. The MD5 response is the ASCII hexadecimal representation of the
> MD5 digest (RFC 1321) of the challenge concatenated with the shared secret.
> The RSA result is the Base-64 encoding (RFC 3548) of the PKCS #1 2.0 RSA
> signature of the SHA1 digest of the challenge.
>
Excellent, thanks for that. I'll add this soon.
> * Encryption is not adequately specified.
>
It's not *completely* specified, but I daresay it may be *adequately*
specified: Mark's philosophy on this (last I talked to him) was that
we should provide the appropriate tools for native encryption (e.g.
ENCRYPTION and ENCKEY IEs), but not specify how the encryption itself
is done. He wants as much flexibility as possible, so that
implementors can choose how they want to encrypt their calls. So the
vagueness of it is somewhat intentional.
Now: keeping that in mind, is it *too* vague? If so, how could I
clarify it while still maintaining the desired flexibility?
> * The format of the CODEC PREFS IE is not adequately specified. The best
> (only?) description I can find is
> http://bugs.digium.com/bug_view_page.php?bug_id=0002971 .
>
Thanks for the link, I'll look there. A lot of the codec negotiation
parts are vague/incomplete/need work. Does anyone know of a reasonably
modern summary of "How IAX codec negotiation works"? I don't want to
duplicate work if there's something already out there.
Thanks for all the input. It's much appreciated. : )
~K
More information about the asterisk-dev
mailing list