[sr-dev] TLS: Sip-Routers adds a Record-Route with "sip" scheme rather than "sips"
Olle E. Johansson
oej at edvina.net
Wed Jul 6 13:56:21 CEST 2011
6 jul 2011 kl. 13.50 skrev Iñaki Baz Castillo:
> 2011/7/6 Olle E. Johansson <oej at edvina.net>:
>>> I agree that SIPS is a pain. But that's is the standard.
>>
>> The question: for what? :-)
>
>> I agree that SIPS is useful,
>
> I don't agree, it's clearly a pain :)
>
>
>> but when and for whom?
>> - is this something we only use in infrastructure?
>> - or is this something a client can use to set up a "secure call" ?
>
> The only secure-secure-secure stuff would be encrypting the message
> itself, using some stupid and unfeasible stuff like S/MIME. If a
> message goes across intermediary nodes, you can never expect not to
> find a node breaking security.
>
>
>
>> You can clearly mandate yourself that anything using SIP: should run over TLS.
>> You can implement SIPS in outbound proxys and stuff.
>>
>
>> Do we have good documentation on how Kamailio handles SIPS uri's in
>> - request uri's
>> - contacts for registration
>> - route headers
>> - via headers
>>
>> etc etc...
>>
>> Which error codes are used if I have a via header with SIPS and kamailio can't set up a secure connection to the upstream SIP server?
>>
>> In the kamailio team, we should at least have one policy for how to support it and how to handle TLS certificate verification.
>
> Yes, time to time :)
> This thread could be a good start point :)
>
> I will go deeper into this stuff in the next days/weeks/months. Maybe
> we should start a section in the wiki documenting current sips/TLS
> status in Kamailio. Let me some time and I will start it.
>
Right. And I will have to update some stuff in my SIP TLS presentation...
Mail out when you start a wiki page and we'll try to dig through the source code and file bug reports if needed. I think Kamailio has to shine in this area.
/O
More information about the sr-dev
mailing list