<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 09/20/2012 01:12 AM, David Thomson
wrote:<br>
</div>
<blockquote cite="mid:SNT140-W213936FC5FE9D4170C5617B79B0@phx.gbl"
type="cite">
<div dir="ltr">
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
<div dir="ltr">
<div>Hi,</div>
<div><br>
</div>
<div>I am working on a project where a custom sip client will
be integrated into a suite of applications to provide voip.
The sip client will be working with Kamailio. The goal is
to ensure that the client is authorized for communication
with kamailio before allowing any calls to be made.
Conventional username/password authentication for
individual users will also be used once the client has been
authenticated.</div>
<div><br>
</div>
</div>
</div>
</blockquote>
Hello,<br>
<br>
Why not rely on TLS with client-side authentication. Just deploy the
client with a CA signed with a certificate known by Kamailio, and
then use the tls module with the following configuration to perform
the client-certificate check:<br>
<br>
1.9.8. <code class="varname">require_certificate</code> (boolean)
<p> When enabled it will require a certificate from a client. If the
client does not offer a certificate and <code class="varname">verify_certificate</code>
is on, the certificate verification will fail. </p>
<p> The default value is off.<br>
</p>
<p>More information
<a class="moz-txt-link-freetext" href="http://kamailio.org/docs/modules/devel/modules/tls.html">http://kamailio.org/docs/modules/devel/modules/tls.html</a><br>
</p>
<p>Cheers,<br>
Marius<br>
</p>
<br>
<blockquote cite="mid:SNT140-W213936FC5FE9D4170C5617B79B0@phx.gbl"
type="cite">
<div dir="ltr">
<div dir="ltr">
<div>Currently other applications in the suite use a digital
signature in the http headers when communicating with server
processes. If the signature is validated by the server
process then the applications identity is validated and
communication with the server process is allowed.</div>
<div><br>
</div>
<div>Is it possible to include a public key and digital
signature in the register events and have kamailio perform
the transformation to validate the client's identity? If so
which module provides such functionality? Has something
like this been implemented in the past? Thanks for any
input.</div>
<div><br>
</div>
<div>ttyl,</div>
<div>Dave</div>
</div>
</div>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Zbihlei Marius
Head of
Linux Development Services Romania
1&1 Internet Development srl Tel KA: 754-9152
Str Mircea Eliade 18 Tel RO: +40-31-223-9152
Sect 1, Bucuresti mailto: <a class="moz-txt-link-abbreviated" href="mailto:marius.zbihlei@1and1.ro">marius.zbihlei@1and1.ro</a>
71295, Romania
</pre>
</body>
</html>