[sr-dev] TLS: Sip-Routers adds a Record-Route with "sip" scheme rather than "sips"

[Olle E. Johansson]

6 jul 2011 kl. 13.50 skrev Iñaki Baz Castillo:

> 2011/7/6 Olle E. Johansson <oej at edvina.net>:
>>> I agree that SIPS is a pain. But that's is the standard.
>> 
>> The question: for what? :-)
> 
>> I agree that SIPS is useful,
> 
> I don't agree, it's clearly a pain :)
> 
> 
>> but when and for whom?
>>  - is this something we only use in infrastructure?
>>  - or  is this something a client can use to set up a "secure call" ?
> 
> The only secure-secure-secure stuff would be encrypting the message
> itself, using some stupid and unfeasible stuff like S/MIME. If a
> message goes across intermediary nodes, you can never expect not to
> find a node breaking security.
> 
> 
> 
>> You can clearly mandate yourself that anything using SIP: should run over TLS.
>> You can implement SIPS in outbound proxys and stuff.
>> 
> 
>> Do we have good documentation on how Kamailio handles SIPS uri's in
>>  - request uri's
>>  - contacts for registration
>>  - route headers
>>  - via headers
>> 
>> etc etc...
>> 
>> Which error codes are used if I have a via header with SIPS and kamailio can't set up a secure connection to the upstream SIP server?
>> 
>> In the kamailio team, we should at least have one policy for how to support it and how to handle TLS certificate verification.
> 
> Yes, time to time :)
> This thread could be a good start point :)
> 
> I will go deeper into this stuff in the next days/weeks/months. Maybe
> we should start a section in the wiki documenting current sips/TLS
> status in Kamailio. Let me some time and I will start it.
> 
Right. And I will have to update some stuff in my SIP TLS presentation... 

Mail out when you start a wiki page and we'll try to dig through the source code and file bug reports if needed. I think Kamailio has to shine in this area.

/O