[sr-dev] DMQ security
Olle E. Johansson
oej at edvina.net
Tue Oct 29 16:29:20 CET 2013
On 29 Oct 2013, at 13:38, Charles Chance <charles.chance at sipcentric.com> wrote:
> I agree with Olle that the common "pass the buck" attitude is wrong, although in this case I don't believe securing the messages should be mandatory. Often the communication between servers will be over a private/secure network and the user should be allowed to disable it if they deem it an unnecessary overhead.
Is that another myth - the secure/private/inside network? :-)
>
> Either way, the ability to use TLS where required is a definite must, so I'll go away and look into that now.
At least write the documentation so that most people believe that they have to have TLS and work hard to disable it :-)
>
> Thanks for the comments,
You're welcome!
/O
>
> Charles
>
>
>
> On 29 October 2013 11:45, Peter Dunkley <peter.dunkley at crocodilertc.net> wrote:
> I don't know what would be involved in pushing DMQ messages through TLS as I am not familiar with the routing DMQ messages take through the Kamailio stack.
>
> I don't think that TLS should be mandatory for DMQ, just as it is not mandatory for SIP. My thinking was just that if there is a way to configure DMQ to use TLS (perhaps by just putting "tls:" on the front of the server address) it would be a good thing.
>
> Regards,
>
> Peter
>
>
> On 29 October 2013 11:36, Charles Chance <charles.chance at sipcentric.com> wrote:
>
> On 29 October 2013 11:24, Alex Balashov <abalashov at evaristesys.com> wrote:
>
> It's not my decision, but personally, I'd leave this to the user to secure, just like everything else that is kind of IPC in nature (database connections, HTTP queries, etc originating from script).
>
>
> I'm inclined to agree. The DMQ module is indeed IPC in nature, so by default I would expect to be responsible for securing that communication at network layer. But still I question myself, is this the correct approach.
>
> Charles
>
>
> www.sipcentric.com
>
> Follow us on twitter @sipcentric
>
> Sipcentric Ltd. Company registered in England & Wales no. 7365592. Registered office: Unit 10 iBIC, Birmingham Science Park, Holt Court South, Birmingham B7 4EJ.
>
> _______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
>
>
>
>
> --
> Peter Dunkley
> Technical Director
> Crocodile RCS Ltd
>
> _______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
>
>
>
>
>
> www.sipcentric.com
>
> Follow us on twitter @sipcentric
>
> Sipcentric Ltd. Company registered in England & Wales no. 7365592. Registered office: Unit 10 iBIC, Birmingham Science Park, Holt Court South, Birmingham B7 4EJ._______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20131029/3ebcbe47/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2374 bytes
Desc: not available
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20131029/3ebcbe47/attachment.bin>
More information about the sr-dev
mailing list