[asterisk-dev] Security Request for discussion: Should sip.confallowguest=yes be the default
Olle E. Johansson
oej at edvina.net
Tue Nov 17 03:03:45 CST 2009
17 nov 2009 kl. 09.59 skrev Nick Lewis:
>> Then we introduce channel variable "authenticated" which is initially
>> inherited from originating peer, but can be altered in dialplan.
>
> Any such channel variable may need a range of enumerations since a
> call that claims to come from a recognised ip address is in no way
> as secure as one that has been properly digest authenticated.
> Admins may wish permitted actions of each to be different.
>
Going down that path means we will have to go through a lot of issues,
like TLS auth - with or without verification. What's a "generic" authentication
and how do we handle that in the dialplan? What's an "authenticated"
caller ID? Is the caller ID verified just because we had a MD5 digest auth?
These are large issues that needs serious architecture work.
What you're talking about is more "matched" - we matched an incoming call to a device specification.
/O
More information about the asterisk-dev
mailing list