On 10/10/11 3:58 PM, IƱaki Baz Castillo wrote:
2011/10/10 Juha Heinanenjh@tutpro.com:
For platforms where you want some sort of integrity check in the message, like with S/MIME or SIP Identity, rewriting the message will break security. If we want to build secure platforms in SIP, we need to find solutions that doesn't require SDP and SIP rewrites in the proxys.
based on my observations from many users and also based what kind of new modules people have written for sr lately, there is more and more tendency towards adding b2bua kind of stuff to sip proxy.
Indeed. And honestly I don't like that at all.
who is working on such extensions for our project? I am not aware of anyone trying to push b2bua in kamailio/ser and very happy with that.
My personal opinion is not against a b2bua in the proxy, but against any b2bua in SIP. This concept brought the PSTN architecture back to life in SIP, killing the flexibility and service extensibility of client side. They are promoting a bunch of benefits, but actually inducing a false impression of offering extra security and other b**ls**t-bingo capabilities -- a short analyze proves all of them useless. If I have to name the top enemies of SIP, the order is ALG (since affects irremediably at some point SIP signaling) then SBCs/B2BUAs (not breaking a call in two legs, but in a set of troubles, stopping evolution, bringing devolution).
To clarify my statement, this is not like I will be against a b2bua contribution in the form of a module (which has no or insignificant impact on the core and commonly used modules) -- this is a project open to contributions, just that I don't expect at all to get my attention for testing or maintenance. Cheers, Daniel