[sr-dev] lockup("location") doesn't find a "sip" registration if RURI scheme is "sips"

Iñaki Baz Castillo ibc at aliax.net
Thu Nov 18 22:22:41 CET 2010


Hi, "sip:alice at domain.org" is registered in Kamailio. If the proxy
receives a request for "sips:alice at domain.org" and invokes
"lookup(location)" the function doesn't retrieve the registration of
alice. But it should:

RFC 5630 section 3.3:

     When used as the Request-URI of a request, the SIPS scheme
     signifies that each hop over which the request is forwarded, until
     the request reaches the SIP entity responsible for the domain
     portion of the Request-URI, must be secured with TLS; once it
     reaches the domain in question it is handled in accordance with
     local security and routing policy, quite possibly using TLS for
     any last hop to a UAS.  When used by the originator of a request
     (as would be the case if they employed a SIPS URI as the address-
     of-record of the target), SIPS dictates that the entire request
     path to the target domain be so secured.

Note the last phrase:

     When used by the originator of a request
     (as would be the case if they employed a SIPS URI as the address-
     of-record of the target), SIPS dictates that the entire request
     path to the target domain be so secured.

This is, the entire path *until* the proxy responsible for the domain
in the RURI must be secure (TLS) but it's not required (local policy)
that the destination proxy dellivers the request to the destination
user using TLS.

So IMHO lockup(location) should not inspect the registration schema. Am I wrong?



-- 
Iñaki Baz Castillo
<ibc at aliax.net>



More information about the sr-dev mailing list