[sr-dev] TLS: Sip-Routers adds a Record-Route with "sip" scheme rather than "sips"

Martin Hoffmann martin.hoffmann at telio.ch
Tue Jul 5 20:01:05 CEST 2011


Juha Heinanen wrote:
> Martin Hoffmann writes:
> 
> > I think the upshot of it all is that there is no more transport=tls. If
> > you want TLS, you have to do use the sips scheme with transport=tcp; if
> > you want DTLS, you do sips with transport=udp.
> 
> i don't agree with the above.

If I understand things correctly, the above is the intent of the
standardization body in charge of SIP.

> for example, no matter which transport a
> request arrives to a proxy, the next hop proxy may be only reachable
> over tls, in which case i would use ;transport=tls.

Well, you shouldn't. You should use transport=tcp, because that is the
transport protocol you are using. That you want this encrypted is
indicated by the sips scheme of your SIP URI. Also, if you next hop is
only reachable via TLS and, yet the transport parameter and schema
indicate unencrypted TCP, what stops you from using the TLS connection
you have?

Only the opposite is a problem because you would degenerate the
security status of your transmission and that is prohibited by the sips
scheme.

Regards,
Martin



More information about the sr-dev mailing list