[asterisk-dev] Summary: SIP, NAT, security concerns, oh my!
bruceb444 at gmail.com
Wed Nov 9 16:10:30 CST 2011
Thanks. Everything is much more clear now. I will do the reading.
On Wed, Nov 9, 2011 at 3:58 PM, Olle E. Johansson <oej at edvina.net> wrote:
> 9 nov 2011 kl. 21:05 skrev Bruce B:
> > I just did an X-Lite register to Asterisk extension and first SIP invite
> included extension but then Asterisk rejected and asked for authentication
> to which X-Lite provided password?!
> > So, why is there the need to invite without providing authentication in
> the first place? Why is there a two step to authentication? This really
> shows a shortcoming of SIP v2.0 RFC when it comes to this type of security
> I suggest you do some reading on challenge-response authentication and
> HTTP Digest MD5 auth.
> To succeed with challenge-response, you need a challenge to respond to.
> You get that in the first response, the 401 or 407.
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the asterisk-dev