<br><br><div><span class="gmail_quote">On 10/10/05, <b class="gmail_sendername">Iqbal</b> <<a href="mailto:iqbal@gigo.co.uk">iqbal@gigo.co.uk</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I read the the first line without the word "this" almost fell backwards<br>off my chair.....</blockquote><div><br>
heh<br>
</div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I have looked into this also, the second sip server you need to ensure<br>that no auth is done, but then this means you need to be able to trust
<br>what is coming from the first ser, which can be done in terms of IP, but<br>then this can be spoofed.</blockquote><div><br>
But if you are peering with an ITSP that does requires authentication its a problem. Some do some dont.<br>
</div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">What would be nice is to have SER itself authenticate, i.e instead of<br>each call being authenticaterd, autheticate the entire box, and then
<br>possibly have a open connection between the two, which if no traffic<br>passes for sometime is dropped, and then re-intiated when next call<br>comes in<br>Iqbal</blockquote><div><br>
proxy-proxy SSL using stunnel + X.509 certs works great for this if you own both proxies.<br>
</div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Mark Aiken wrote:<br><br>> I've just been playing with this myself.<br>><br>
> There is a function, uac_auth, in the uac module which can be used to<br>> authenticate a challenge from another SIP server. Unfortunately it has<br>> the following problems:<br>><br>> 1. Does not handle increment of the cseq. At least in my experience
<br>> this causes authentication failure, you may have better luck.<br>> 2. Missing quotes in the auth header sent by the other server causes<br>> parse errors.<br>> 3. Digest comparison is case sensitive (DIGEST in auth header causes
<br>> parse error).<br>><br>> 2 and 3 are easy to fix but 1 is a major problem for SER as there is<br>> no dialog state kept between requests.<br>><br>><br>> Mark<br>><br>> On 10/7/05, *KaveH Aasaraai* <
<a href="mailto:asi_ka@yahoo.com">asi_ka@yahoo.com</a><br>> <mailto:<a href="mailto:asi_ka@yahoo.com">asi_ka@yahoo.com</a>>> wrote:<br>><br>> Hi,<br>><br>> I was wondering how I can route my SER users to other
<br>> SIP servers, without need of authentication to other<br>> server.<br>><br>> I mean this:<br>><br>> My User -> Auth -> My SER<br>><br>> My SER -> Auth -> Other SIP Server
<br>><br>><br>> My User --------make call--------> My SER<br>> --------route call-------> Other SIP Server<br>><br>><br>> Thank you.<br>><br>> Kaveh<br>><br>><br>>
<br>><br>> __________________________________<br>> Yahoo! Mail - PC Magazine Editors' Choice 2005<br>> <a href="http://mail.yahoo.com">http://mail.yahoo.com</a><br>><br>> _______________________________________________
<br>> Serusers mailing list<br>> <a href="mailto:serusers@lists.iptel.org">serusers@lists.iptel.org</a> <mailto:<a href="mailto:serusers@lists.iptel.org">serusers@lists.iptel.org</a>><br>> <a href="http://lists.iptel.org/mailman/listinfo/serusers">
http://lists.iptel.org/mailman/listinfo/serusers</a><br>><br>><br>>------------------------------------------------------------------------<br>><br>>_______________________________________________<br>>Serusers mailing list
<br>><a href="mailto:serusers@lists.iptel.org">serusers@lists.iptel.org</a><br>><a href="http://lists.iptel.org/mailman/listinfo/serusers">http://mail.iptel.org/mailman/listinfo/serusers</a><br>><br>><br></blockquote></div>
<br>