[SR-Users] NAPTR for TLS only

Olle E. Johansson oej at edvina.net
Mon Jan 14 22:19:35 CET 2013


14 jan 2013 kl. 18:23 skrev Daniel Pocock <daniel at pocock.com.au>:

> On 14/01/13 15:59, Klaus Darilion wrote:
>> The caller should use the NATPR and thus should use TLS. The SIPS+D2T
>> does not requires the URI to be a SIPS URI.
>> 
> 
> That was my understanding too - do you feel it is always working this
> way in practice though with the major SIP proxies/PBXes?  Or are any
> extra efforts (such as NAPTR for rewriting sip: to sips:) needed to help
> non-conforming implementations?
UPgrading from SIP: to SIPS has too many implications so you should
propably never do that unless you really know what you want.

Transporting any SIP message over TLS doesn't require any changes
to the actual messages and work just fine. If I add that one single
NAPTR record I just state that if you want to SIP with my domain,
you always have to reach me over TLS. Period. So your proxy will
open a TLS session and that's fine and will not affect your first hop.

/O

> 
>> See also the thread
>> "NAPTR, SRV and sips vs. transport=tls" from 1.Dec.2012
>> 
> 
> Yes, I did see that previously but the focus of my question was slightly
> different, hence a new thread
> 
> 
> 
>> regards
>> Klaus
>> 
>> On 11.01.2013 18:45, Daniel Pocock wrote:
>>> 
>>> 
>>> 
>>> I'm just wondering if anyone can comment on expected and actual behavior
>>> if there is only a NAPTR record for TLS, e.g. I have:
>>> 
>>> sip5060.net.         IN    NAPTR    10 0 "s" "SIPS+D2T" ""
>>> _sips._tcp.sip5060.net.
>>> 
>>> 
>>> 
>>> and I don't have any entry for "SIP+D2U" or "SIP+D2T"
>>> 
>>> If some third party Kamailio instance (e.g. sip-server.example.org)
>>> receives a request from a user trying to call sip:user at sip5060.net, with
>>> a sip: rather than sips: URI, should it (and will it) use the "SIPS+D2T"
>>> result, if no other result is available?
>>> 
>>> Or would it ignore the NAPTR record and try to find the default SRV
>>> record such as _sip._udp.sip5060.net ?
>>> 
>>> Should there be another NAPTR record to translate sip: to sips: using a
>>> regex perhaps, or would such a NAPTR be a bad thing?
>>> 
>>> _______________________________________________
>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>> sr-users at lists.sip-router.org
>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>> 
> 
> 
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users




More information about the sr-users mailing list