OK- I see - I wanted to double check if the module does also
authentication as server. In this case, we have to work around an way to
compute the code based on the final format of the request.
regards,
bogdan
Klaus Darilion wrote:
The module is both: an authentication service and a verifier.
The verifier will verify the signature. As this should be done before
manipulating the request there is no problem.
The authentication service adds the signature on behalf of the user.
Thus, here message manipulation matters.
btw: If also come around a problem if a client does verification too:
alice---atlanta-proxy---------biloxy-proxy---bob
atlanta proxy will add the signature on behalf of alice. If this is
done after NAT traversal there is no problem.
Biloxy receives the request, can perform signature validation, and if
the signature is fine forwards the request to bob. If biloxy proxy
activates an RTP proxy, then bob can't validate the signature any more.
regards
klaus
Bogdan-Andrei Iancu wrote:
Hi Klaus,
do you have any idea if the module is for implementing server auth or
also for client auth (for proxy 2 proxy scenarios)?
if it's only for client-server auth, we do not care about changes...
regards,
bogdan
Klaus Darilion wrote:
Juha Heinanen wrote:
Henning Westerholt writes:
> Blocks this the inclusion of the module in the trunk?
not necessarily if someone thinks that he/she needs this module even
if it doesn't work with nathelper or this someone is willing to fix
the
module so that it does start working with nathelper.
taking a quick look at the rfc, i didn't see any other showstoppers
for
identity digest calculation except message body.
The digest also includes Contact header and Date header. Thus, in
most cases the digest can't be added immediately - only by looping
the message back to openser after applying the message manipulations.
_______________________________________________
Devel mailing list
Devel@openser.org
http://openser.org/cgi-bin/mailman/listinfo/devel
_______________________________________________
Devel mailing list
Devel@openser.org
http://openser.org/cgi-bin/mailman/listinfo/devel
