Hi Henning,
Your willingness in principle is appreciated. However, despite the idea of SIP-DTLS having been around for years, the lack of obvious implementations suggests there is little enthusiasm for formal adoption. Were it more generally available, I believe usage would grow, and that may lead to formal adoption.
Presently, I can’t see SIP-DTLS happening unless a major platform goes out on a limb to adopt it, with others then following suite. Such a de-facto adoption could be good thing in the current climate of enhancing cyber-security.
Many thanks - Martin
From: Henning Westerholt hw@skalatan.de Sent: 12 July 2019 21:13 To: Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org Cc: martin@netconfigs.com Subject: RE: [SR-Users] SIP-DTLS support
Hi Martin,
if there is an updated standard for SIP-DTLS (which I was also not able to find) this could be of course added to Kamailio. Somebody just needs to implement it, we are happy to review and contributions.
Cheers,
Henning
-- Henning Westerholt - https://skalatan.de/blog/ Kamailio services - https://skalatan.de/services
From: sr-users mailto:sr-users-bounces@lists.kamailio.org On Behalf Of Aymeric Moizard Sent: Monday, July 8, 2019 12:52 PM To: Kamailio (SER) - Users Mailing List mailto:sr-users@lists.kamailio.org Subject: Re: [SR-Users] SIP-DTLS support
Hi Martin,
I have implemented DTLS inside my open source -and closed source- code years ago.
Obviously, not being used by anyone, this code is almost never tested. I can tell that it worked in labs years ago and I don't think it was ever used in production by any one that I know.
To test on a linux:
git clone https://git.savannah.gnu.org/git/osip.git cd osip ./autogen.sh ./configure make sudo make install cd ..
THEN:
git clone https://git.savannah.nongnu.org/git/exosip.git cd exosip ./autogen.sh ./configure make sudo make install
./tools/sip_reg -d -p 3456 -r sip:http://sip.antisip.com -u mailto:sip%3Axxxx@sip.antisip.com -U xxxxx -P yyyyy -t DTLS
I just fixed a crash upon failure... and pushed the change in git.
Anyway, feel free to test! I have only started the above "sip_reg" test without any proxy listening behind. Use your own kamailio and credentials!
And let me know the results ;) Aymeric
Le lun. 8 juil. 2019 à 12:23, Martin Meadows mailto:martin@netconfigs.com a écrit : Hi, (repost in plaintext)
I haven't found anything that follows up on that expired draft, except in the sips: rfc5630 section 3.1.4 that appears to explicitly preclude UDP.
My issue is that a draft of BS8521part2 mandates TLS over UDP, and the closest I can see is sip-dtls over UDP but I'm struggling to find a clear declaration from within the sip community.
If I encounter an phone/app supporting it, I shall post it here.
Regards - Martin (phone)
Kamailio (SER) - Users Mailing List mailto:sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Antisip - http://www.antisip.com