On Wed, 7 Jan 2009, Jiri Kuthan wrote:
I respectfully disagree -- the field has clearly shown that working NAT traversal today is more valuable than message integrity and ICE architecture both together. (Whcih happens to be my personal preference too: getting over NATs today is more important to me than any sort of securing free phone calls.) Generally I tend to prefer priorities as articulated by live deployments.
I think we both agree on where we want to go.
The difference is probably that current way SIP is used might be enough for you, but as a 10 years SIP endpoint stack builder, I'm just bored about using SIP over non transparent network. Not your fault...
I'm sorry to be so differently opinionated on this, particularly because I like ICE esthetically as the "e2e" solution. However, somehow in the Internet the things that are deployable today always matter. (even if considered evil, such as NATs)
Don't be sorry. My intention for this thread was just to ask ser/kamailio/whatever to make sure the future will not be the same as the 10 past years. My intention was not to say "you are all wrong".
Aymeric
-jiri
Aymeric Moizard wrote:
On Sun, 4 Jan 2009, Juha Heinanen wrote:
Aymeric Moizard writes:
If you have a 100% working trick, I'll be interested to learn it! Very interested!
no, i don't have 100% working trick, but normal means cover 90+% of the cases. trying to avoid needless use of rtp proxy for the remainder is not worth of the extreme complexity that comes with ice.
So the 10% calls are the one that use relay when they should not? right? I'm pretty convinced this is not a true value. Anyway, I don't think this is a problem of number here.
Let's describe a case:
I send an INVITE and encrypt the SDP. I'm behind a symmetric NAT. I'm calling somebody (a UA of course) who is able to decrypt it.
Whatever trick you provide, I will not have always voice (except if ICE is supported or if the NAT are kind with me)
Conclusion: I'm forced to provide UA and ask my customer to NOT encrypt their signalling. NEVER encrypt their signalling.
i don't understand what you try to say in above. sip works fine over the internet today.
SIP works today **if**:
- no security
- no SIP message integrity is used
- sip server are well configured (...)
- sip server is not compliant (modifying contact and SDP...)
My conclusion is that it's not acceptable. I want my applications to do security and I don't want to be dependant on badly configured servers.
I don't want "SIP works today **if**", I want "SIP works today."
I just need a SIP compliant internet infrastructure.
tks, Aymeric MOIZARD / ANTISIP amsip - http://www.antisip.com osip2 - http://www.osip.org eXosip2 - http://savannah.nongnu.org/projects/exosip/
-- juha
Users mailing list Users@lists.kamailio.org http://lists.kamailio.org/cgi-bin/mailman/listinfo/users