<div>I just did an X-Lite register to Asterisk extension and first SIP invite included extension but then Asterisk rejected and asked for authentication to which X-Lite provided password?!</div><div><br></div>So, why is there the need to invite without providing authentication in the first place? Why is there a two step to authentication? This really shows a shortcoming of SIP v2.0 RFC when it comes to this type of security implementation.<div>
<br></div><div>Regards,</div><div>Bruce</div><br><div class="gmail_quote">On Wed, Nov 9, 2011 at 10:33 AM, Terry Wilson <span dir="ltr"><<a href="mailto:twilson@digium.com">twilson@digium.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im"> > Method REGISTER? No known username in the From/To? => No answer.<br>
> Method anything else? Not from a known IP+port? => No answer.<br>
<br>
</div>Of course, answering when we have a user and not answering when we don't makes it pretty easy to scan for usernames.<br>
<div><div></div><div class="h5"><br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
<br>
asterisk-dev mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-dev" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-dev</a><br>
</div></div></blockquote></div><br>