[VOIPSEC] Asterisk security
diana-liste at voip.null.ro
Wed Dec 27 12:16:00 GMT 2006
In any SIP library there are 2 parts. First of all is the SIP parser,
which can be better or worse, it doesn't matter much. And the second and
often misimplemented is the transaction layer, which takes care of
retransmissions, default answers and so on. This is true mainly for a
B2BUA like Asterisk.
The SIP stack that Asterisk has now, is messing up quite lovely with the
transaction part. I can go into technical details if is necessary.
The osip library doesn't even have a transaction engine. They didn't
even bother. So most of the people have to use exosip which has a
transaction engine, but is designed for a SIP client and assume things.
When i started to design a SIP stack, first of all i had some experience
with Asterisk SIP stack, and than I've wrote 2 modules for Yate, one
based on exosip and one based on osip. After I've spend 6 months trying
to figure out how to make it work, I've realize that what i need for SIP
is a stack that can handle some answers by himself. An engine which gets
the message and is handling retransmissions and so on. And an engine
that is flexible enough to not be for a client. And also that doesn't
have his internal thread system like OPAL or OpenH323 at that time that
will fight against my threading system from my telephony engine.
Anyway chan_exosip will never go there because it doesn't deserve to be
Security always means first of all unbreakable systems, and after that
it means encrypted communications.
Michael Billerbeck wrote:
>is anybody familiar with asterisk security?
>I know this document on "Setting up Asterisk for SRTP" (http://www.e164.org/wiki/AsteriskSRTP) which uses libSRTP.
>It also relies on the asterisk patch which can be found on http://bugs.digium.com/view.php?id=5413.
>There is also the codename pineapple branch from Olle E. Johansson which is about the development of a chan_sip3 SIP channel (http://www.asterisk.org/node/117).
>Sometimes you can find discussions on chan_exosip (or was it chan_exosip2?), an exosip (extended osip) channel which won't get into asterisk branch because it doesn't agree with the asterisk license if I understood correctly. Please correct me if I am wrong.
More information about the Voipsec