[SR-Users] NAPTR, SRV and sips vs. transport=tls
Iñaki Baz Castillo
ibc at aliax.net
Wed Dec 12 01:53:47 CET 2012
2012/12/11 Olle E. Johansson <oej at edvina.net>:
> In addition there is a lot of missing pieces to get SIPS: to work. LIke how a proxy
> can signal back to the originating UA that it could not set up a TLS connection because
> the certificate of the next hop was bad/expired/not signed by approved CA or something else.
And there are more issues (I hate to remember them) that make SIPS unfeasible.
> After ten years, I think SIPS as a uri scheme is a lost cause. This does NOT mean that
> TLS is a lost cause, but I think we can't leave the decision about security to the end point
> user - and they can't decide whether or not they want to place a request for "secure signalling" in their
> call setup. The WebRTC way is better, just make every call more secure.
Well, WebRTC just defines the media plane (which MUST be SRTP-DTLS)
but the signaling plane is up to the application/web provider, which
can be as secure (or insecure) as any SIP or HTTP deployment.
Cheers.
--
Iñaki Baz Castillo
<ibc at aliax.net>
More information about the sr-users
mailing list