On Wed, Mar 11, 2015 at 3:31 PM, Olle E. Johansson <o...@edvina.net> wrote: > >>> >>> So far most of authorization between Kamailio and Asterisk relies on IP >>> addresses, but those need to be provisioned one by one in both sides. The >>> new module is practically adding a custom header with a hash over parts of >>> the message or other environment attributes (eg., IP address) and a shared >>> secret. The www-digest with username and password has the overhead of an >>> extra round of signaling messages, but also the constraint on CSeq increment >>> after the challenge. Also, the MD5 is rather week hashing these days. >>> > > Why can't this be done in the dialplan?. This is exactly why I implemented > the MD5 > dialplan stuff in Asterisk years ago. We need something else than MD5 today, > but still - both Asterisk and Kamailio can handle it without modules or extra > coding... > > The IETF is working on OAUTH authentication for SIP - which is the solution > we really want to look into - not copy weak auth from the API world... :-)
Do you really want to spin up a PBX thread for every single request that fails authentication? -- Matthew Jordan Digium, Inc. | Director of Technology 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: http://digium.com & http://asterisk.org -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev