[asterisk-dev] Challenging a sendonly INVITE
Maxim Sobolev
sobomax at sippysoft.com
Tue Jan 29 05:05:28 CST 2008
Johansson Olle E wrote:
> 28 jan 2008 kl. 14.03 skrev SCG2:
>
>> Hi,
>>
>> Is there any circumstance at all where it makes sense to challenge
>> an INVITE which is putting a call on hold?
>>
>> I can find nothing in 3264 that suggests it, but wondered if:
>>
>> Phone A -> Phone B (in doing so phone A may have been authenticated)
>> Phone B later goes to put phone A on hold
>>
>> The only authentication Phone B has had prior to this interaction is
>> the implicit REGISTER challenge response that may have been several
>> minutes ago.
>>
>> Is that good enough?
>>
> I would say that it's up to the implementation when to challenge. You
> can make an assumption here that
> phone B is within a current dialog. B could have authenticated A on
> the first INVITE. Or a proxy between
> A and B could have.
>
> A has the right to authenticate B on the re-invite if it wants to,
> since the music on hold music is licensed
> from ABBA and only authenticated users are allowed to put anyone on
> hold and listen in... :-)
>
> Normally you separate re-invites from initial invites and say that
> since B knows the tags, the caller ID
> and is involved in the call, we'll accept the invite without
> authentication.
There is also a security aspect. Implementation that requires all
requests within a dialog to be authenticated will be more secure.
Especially this is relevant for re-INVITEs, as not challenging them
would allow anybody who can passively sniff the SIP traffic diverting
RTP to his own IP. By issuing two of such re-INVITEs it should be even
possible to add third party (either passive listener or active talker)
into the conversation without two existing parties noticing a thing.
Regards,
--
Maksym Sobolyev
Sippy Software, Inc.
Internet Telephony (VoIP) Experts
T/F: +1-646-651-1110
Web: http://www.sippysoft.com
More information about the asterisk-dev
mailing list