[asterisk-dev] Summary: SIP, NAT, security concerns, oh my!

Bruce B bruceb444 at gmail.com
Wed Nov 9 16:10:30 CST 2011


Thanks. Everything is much more clear now. I will do the reading.

-Bruce

On Wed, Nov 9, 2011 at 3:58 PM, Olle E. Johansson <oej at edvina.net> wrote:

>
> 9 nov 2011 kl. 21:05 skrev Bruce B:
>
> > I just did an X-Lite register to Asterisk extension and first SIP invite
> included extension but then Asterisk rejected and asked for authentication
> to which X-Lite provided password?!
> >
> > So, why is there the need to invite without providing authentication in
> the first place? Why is there a two step to authentication? This really
> shows a shortcoming of SIP v2.0 RFC when it comes to this type of security
> implementation.
>
> Bruce,
> I suggest you do some reading on challenge-response authentication and
> HTTP Digest MD5 auth.
>
> To succeed with challenge-response, you need a challenge to respond to.
> You get that in the first response, the 401 or 407.
>
> /O
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20111109/942f0827/attachment.htm>


More information about the asterisk-dev mailing list