I must say that I'm a bit shocked by the lack of interest on this topic. I can agree that it may not be part of the Pinemango project itself, but I would not accept Pinemango inclusion without a proper API in the Asterisk core.
The fact that Russell, who's the current maintainer of Asterisk, votes for taking authorization out of the picture is very disappointing to me. For a long time, we've discussed enhancing manager, agi and cli confidentiality, authentication and authorization. We've added TLS to the manager and http server as a first step, and I've seen some work on the CLI. To build a new API that exposes even more than we do in the current API, and removing security mechanisms from the picture means that we make Asterisk less secure than it is today. That can't be the goal of the project . "Asterisk 1.6.x - now with less security than any previous release. More fun, more possibilities!" Well, if that's the goal I'll be happy to rip out the broken TLS implementation in chan_sip... ;-) (couldn't resist that last part, my apologies) /O _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-security mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-security
