[Users] Secure SIP messages
Steffen Witt
witt.steffen at googlemail.com
Thu Jan 4 09:54:02 CET 2007
Hello,
> > My questions:
> > - Is there any mechanism that prevents me from corrupting or faking
> > SIP messages?
>
> What do you want? Do you want to manipulate SIP messages or do you want
> that nobody can manipulate your SIP messages?
I want to prevent manipulation of SIP messages.
> > - Is it possible to create a kind of binding between the certificates
> > used for TLS/IPSec and the SIP accounts?
>
> Not for IPsec as IPsec is not in the application. Thus, the application
> has no access to any IPsec settings - it even does not know if a message
> is sent via IPsec or not.
>
> Regarding TLS: Usually you use TLS for encryption and digest for
> authentication.
>
> Using TLS certificates for clients is not that simple. You can't use
> host certificates as the IP address and hostnames of the clients will
> change. Thus, the TLS certificate must be for a sip URI (for details see
> RFC 3261). Then you could use the pseudo variable exported by tlsops
> module to compare the certificate parameter against the From: URI. This
> will work for incoming requests, but not for outgoing requests (when you
> want to compare the certificate name against the To or Request URI)
Thanks for the info.
Best regards,
Steffen
More information about the Users
mailing list