[Dundi] [RFC] Reliability of contact information
Mark Spencer
markster at digium.com
Thu Dec 9 10:00:46 CST 2004
> Another thought: isn't this covered by the provisions in the GPA that say you
> have to originate calls from the same node you are peering from? I think this
> could reasonably be interpreted to say that you can only originate calls from
> a node that you can also send queries from, which would keep you from adding
> a "evil box" inside your network, since you cannot _directly_ send queries
> from that machine (none of your GPA peers would accept them).
evilbox in this case is peering with notsoevilbox.
> In other words, is it reasonable to enforce a restriction that since you can
> only send queries from nodes that you have exchanged RSA keys with your peers
> for, that you must only originate calls from those same peers? That's how I
> do it in my network, we have multiple Asterisk servers running IAX on public
> IPs that _could_ originate calls, but we don't: our outbound DUNDi calls are
> all funneled through the same machine that sends out DUNDi queries.
You cannot know all the IP's of all the peers in the system at this point
unless you used the EID as the authentication token and then tried to
authenticate by IP doing an EIDQUERY on the EID being used to
authenticate.
Mark
More information about the Dundi
mailing list