On 31 October 2013 13:12, Peter Dunkley <peter.dunkley(a)crocodilertc.net>wrote;wrote:
In my opinion being able to choose to use DMQ over
TCP, TLS, or UDP
through setting the ";transport=" URI parameter in the modparams, and being
able to validate the TLS certificate in the configuration file (in the same
way as you do for all other traffic) is a good solution. Flexibility is
good and TLS isn't always necessary and doesn't have to be used. It should
be easy to use TLS when you want and easy to not use it when you want, and
no-one (however well intentioned) should ever be able to force me to build
my network by their rules. Also, this will mean that any future TLS
enhancements (for example, validation of certificate on outgoing messages
and DANE) will automatically be picked up too.
This has been added already (locally, not yet pushed).
DMQ is a very advanced module and I don't think
there should be too much
concern over students who can't edit config files. If they can't work that
out they are never going to be able to use Kamailio properly anyway. The
fact that Kamailio is "hard" is a necessary function of its flexibility -
it is because Kamailio doesn't do anything clever by default that makes it
so powerful (because you can have full control over all the behaviour).
And none of this stops a teacher providing their students with good
example configuration files for things like DMQ that do all of these things
properly. Or even providing configuration file libraries (using
"import_file" and check_route_exists()/route_if_exists()) that do all of
the right stuff for them.
I guess there will always be two very distinct camps, and long may the
discussion continue, but ultimately it is beyond the scope of DMQ alone. So
here lies the remaining question - regarding DMQ module specifically, for
now - is it acceptable to leave it up to the user now that they have a
choice of transport and therefore the ability to validate TLS certificates
if required?
Regards,
Charles
--
www.sipcentric.com
Follow us on twitter @sipcentric <http://twitter.com/sipcentric>
Sipcentric Ltd. Company registered in England & Wales no. 7365592. Registered
office: Unit 10 iBIC, Birmingham Science Park, Holt Court South, Birmingham
B7 4EJ.