El Miércoles, 20 de Enero de 2010, [email protected] escribió: > Hello list, > > I know that strategies differ according to security needs but... > > Which SIP messages are typically challenged for authentication? > > Right now we're challenging INVITE, SUBSCRIBE, and NOTIFY, although > it's not clear to me if challenging SUBSCRIBE or NOTIFY is useful. > > Of course ACK and BYE are not challenged, but then there are others > like MESSAGE, INFO, OPTION... whatever. This falls in the gray zone > as far as my understanding of SIP and security go.
If you don't challange an *initial* request for authentication then the identity could be spoofed. In the case of dialogs (INVITE, SUBSCRIBE) it's typically just required to chanllenge the initial request forming such dialog (initial INVITE, initial SUBSCRIBE). The rest of requests in-dialog contain to_tag so usually it's not needed to authenticate them. -- Iñaki Baz Castillo <[email protected]> _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
