[sr-dev] RFC 5626 (Outbound) planned?
Juha Heinanen
jh at tutpro.com
Mon Oct 10 14:39:53 CEST 2011
Olle E. Johansson writes:
> For platforms where you want some sort of integrity check in the
> message, like with S/MIME or SIP Identity, rewriting the message will
> break security. If we want to build secure platforms in SIP, we need
> to find solutions that doesn't require SDP and SIP rewrites in the
> proxys.
based on my observations from many users and also based what kind of new
modules people have written for sr lately, there is more and more
tendency towards adding b2bua kind of stuff to sip proxy. if you want
a secure solution, better not to use proxy at all, but some kind of p2p
protocol.
> One thing I realized the other night during a SIP discussion was that
> Ice doesn't allow
> a network provider to implement a policy. I don't think a proxy can't
> say "442 Always use media relay"
> and force the client to drop local addresses, like if there's a
> requirement for lawful
> intercept in the network. That will be something that needs to be
> added to ICE.
making it yet more complex. forget proxy if you want end-to-end
security.
-- juha
More information about the sr-dev
mailing list