[Asterisk-Users] Good explanation somewhere of SIP security?

Mon, 12 Jun 2006 17:37:02 -0700

I'm slightly confused about how SIP security and authorization works.

 

I've looked at the Wiki (http://www.voip-info.org/wiki/view/Asterisk+SIP+user+vs+peer) , but it's, um, flawed:

 

> As of Asterisk 1.2, there is no reason to actually use 'user' entries

> any more at all; you can use 'type=peer' for everything and the behavior

> will be much more consistent.

 

Seems to imply that you should never use "user" for type, and 100% of the time type should be set to "peer."  Unfortunately, two paragraphs later there's a description of when you might want to use "user."  Seems like this paragraph should just be deleted?

 

> All configuration options supported under 'type=user' are also

> supported under 'type=peer'.

 

> The difference between friend and peer is the same as defining _both_ a

> user and peer, since that is what 'type=friend' does internally.

 

This is confusing; the first paragraph says that there's no reason to use "user" entries.  Since "friend" == "user" + "peer", to me this reads like "friend" is also obsolete and should never be used.  You'd never want to use something that defines both a current, valid thingy ("user") and an obsolete POS ("user"), right?

 

> The only benefit of type=user is when you _want_ to match on username

> regardless of IP the calls originate from. If the peer is registering to

> you, you don't need it. If they are on a fixed IP, you don't need it.

> 'type=peer' is _never_ matched on username for incoming calls, only

> matched on IP address/port number (unless you use insecure=port or > higher).

 

Here’s where I’m confused.  Paragraph 1 says “user BAD!” and then this paragraph says “user GOOD, occasionally”

 

Seems like there’s a table that looks something vaguely like:

 

type=user | type=peer | type=friend | (interaction with “register”) that could be filled out with things like:

 

Matches against IP?

Matches against username?

Cares about insecure option?

Should use this combo in the following circumstances: XXX

Use this combination for bidirectional traffic:

Use this combination when you want to place calls, but not receive calls:

Use this combination when you want to receive calls, but not place them:

 

 - James

_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --

Asterisk-Users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Reply via email to