[sr-dev] RFC 5626 (Outbound) planned?
Daniel-Constantin Mierla
miconda at gmail.com
Mon Oct 10 23:57:28 CEST 2011
On 10/10/11 3:58 PM, Iñaki Baz Castillo wrote:
> 2011/10/10 Juha Heinanen<jh at tutpro.com>:
>>> For platforms where you want some sort of integrity check in the
>>> message, like with S/MIME or SIP Identity, rewriting the message will
>>> break security. If we want to build secure platforms in SIP, we need
>>> to find solutions that doesn't require SDP and SIP rewrites in the
>>> proxys.
>> based on my observations from many users and also based what kind of new
>> modules people have written for sr lately, there is more and more
>> tendency towards adding b2bua kind of stuff to sip proxy.
> Indeed. And honestly I don't like that at all.
who is working on such extensions for our project? I am not aware of
anyone trying to push b2bua in kamailio/ser and very happy with that.
My personal opinion is not against a b2bua in the proxy, but against any
b2bua in SIP. This concept brought the PSTN architecture back to life in
SIP, killing the flexibility and service extensibility of client side.
They are promoting a bunch of benefits, but actually inducing a false
impression of offering extra security and other b**ls**t-bingo
capabilities -- a short analyze proves all of them useless. If I have to
name the top enemies of SIP, the order is ALG (since affects
irremediably at some point SIP signaling) then SBCs/B2BUAs (not breaking
a call in two legs, but in a set of troubles, stopping evolution,
bringing devolution).
To clarify my statement, this is not like I will be against a b2bua
contribution in the form of a module (which has no or insignificant
impact on the core and commonly used modules) -- this is a project open
to contributions, just that I don't expect at all to get my attention
for testing or maintenance.
Cheers,
Daniel
--
Daniel-Constantin Mierla -- http://www.asipto.com
Kamailio Advanced Training, Dec 5-8, Berlin: http://asipto.com/u/kat
http://linkedin.com/in/miconda -- http://twitter.com/miconda
More information about the sr-dev
mailing list