[sr-dev] TLS: Sip-Routers adds a Record-Route with "sip" scheme rather than "sips"

Olle E. Johansson oej at edvina.net
Wed Jul 6 13:33:48 CEST 2011


6 jul 2011 kl. 13.12 skrev Iñaki Baz Castillo:

> 2011/7/6 Olle E. Johansson <oej at edvina.net>:
>> Yes. SIPS: doesn't really help anyone and showing a padlock on the phone is a broken model here.
> 
> I agree that SIPS is a pain. But that's is the standard.

The question: for what? :-) 
I agree that SIPS is useful, but when and for whom?
 - is this something we only use in infrastructure?
 - or  is this something a client can use to set up a "secure call" ?

You can clearly mandate yourself that anything using SIP: should run over TLS.
You can implement SIPS in outbound proxys and stuff.

Do we have good documentation on how Kamailio handles SIPS uri's in
 - request uri's
 - contacts for registration
 - route headers
 - via headers

etc etc...

Which error codes are used if I have a via header with SIPS and kamailio can't set up a secure connection to the upstream SIP server?

In the kamailio team, we should at least have one policy for how to support it and how to handle TLS certificate verification.

/O


More information about the sr-dev mailing list