[asterisk-dev] bug or feature (use From: instead of Digest
username to match INVITE) ?
Kevin P. Fleming
kpfleming at digium.com
Thu Oct 12 09:19:48 MST 2006
----- Luigi Rizzo <rizzo at icir.org> wrote:
> 3. we allow calls because we match the wrong entry on a
> non-authenticated INVITE and hit one that does not need
> authentication.
>
> the latter seems the most serious problem...
And that results in most people never using unauthenticated SIP connections unless they only allow them by IP address.
> So if we could at least put in some (optional) mechanism to
> reduce the chance of problems, it would be a step forward.
If you can come up with something feel free to propose it, but everyone who has worked on chan_sip has struggled with this problem and was unable to come up with a satisfactory solution, other than switching to domain-based authentication.
--
Kevin P. Fleming
Senior Software Engineer
Digium, Inc.
More information about the asterisk-dev
mailing list