[sr-dev] TLS: Sip-Routers adds a Record-Route with "sip" scheme rather than "sips"
Iñaki Baz Castillo
ibc at aliax.net
Wed Jul 6 13:50:22 CEST 2011
2011/7/6 Olle E. Johansson <oej at edvina.net>:
>> I agree that SIPS is a pain. But that's is the standard.
>
> The question: for what? :-)
> I agree that SIPS is useful,
I don't agree, it's clearly a pain :)
> but when and for whom?
> - is this something we only use in infrastructure?
> - or is this something a client can use to set up a "secure call" ?
The only secure-secure-secure stuff would be encrypting the message
itself, using some stupid and unfeasible stuff like S/MIME. If a
message goes across intermediary nodes, you can never expect not to
find a node breaking security.
> You can clearly mandate yourself that anything using SIP: should run over TLS.
> You can implement SIPS in outbound proxys and stuff.
>
> Do we have good documentation on how Kamailio handles SIPS uri's in
> - request uri's
> - contacts for registration
> - route headers
> - via headers
>
> etc etc...
>
> Which error codes are used if I have a via header with SIPS and kamailio can't set up a secure connection to the upstream SIP server?
>
> In the kamailio team, we should at least have one policy for how to support it and how to handle TLS certificate verification.
Yes, time to time :)
This thread could be a good start point :)
I will go deeper into this stuff in the next days/weeks/months. Maybe
we should start a section in the wiki documenting current sips/TLS
status in Kamailio. Let me some time and I will start it.
Cheers.
--
Iñaki Baz Castillo
<ibc at aliax.net>
More information about the sr-dev
mailing list