2011/7/6 Olle E. Johansson oej@edvina.net:
I agree that SIPS is a pain. But that's is the standard.
The question: for what? :-)
I agree that SIPS is useful,
I don't agree, it's clearly a pain :)
but when and for whom? - is this something we only use in infrastructure? - or is this something a client can use to set up a "secure call" ?
The only secure-secure-secure stuff would be encrypting the message itself, using some stupid and unfeasible stuff like S/MIME. If a message goes across intermediary nodes, you can never expect not to find a node breaking security.
You can clearly mandate yourself that anything using SIP: should run over TLS. You can implement SIPS in outbound proxys and stuff.
Do we have good documentation on how Kamailio handles SIPS uri's in - request uri's - contacts for registration - route headers - via headers
etc etc...
Which error codes are used if I have a via header with SIPS and kamailio can't set up a secure connection to the upstream SIP server?
In the kamailio team, we should at least have one policy for how to support it and how to handle TLS certificate verification.
Yes, time to time :) This thread could be a good start point :)
I will go deeper into this stuff in the next days/weeks/months. Maybe we should start a section in the wiki documenting current sips/TLS status in Kamailio. Let me some time and I will start it.
Cheers.