[Kamailio-Users] Secure VoIP

Johansson Olle E oej at edvina.net
Thu Feb 26 10:24:08 CET 2009


26 feb 2009 kl. 10.10 skrev Daniel-Constantin Mierla:

> Hello,
>
> On 02/26/2009 09:34 AM, Johansson Olle E wrote:
>> 25 feb 2009 kl. 11.05 skrev Henning Westerholt:
>>
>>
>>> SIPS is the secure variant of SIP, it uses TLS to encrypt its data.
>>>
>>
>> Actually both SIP: and SIPS: can be protected by TLS. The  
>> difference  is that a SIPS: url *request* TLS.
>>
> what I tried to figure out in one of my previous emails, is:
> - does sips requires TLS only, or can be any form of secure  
> communication channel, e.g., ipsec?

The original SIPS spec was very vague here. IPsec was among the  
"approved solutions". Also note
that the requirements did not require any protection on the last hop.  
Kamailio is allowed to use
UDP on a SIPS uri when calling a registered phone.

I haven't had time to go through the changes in the latest update, but  
it was supposed to fix a
lot of these issues.

The document I need to re-read and store in parsed format somewhere in  
my memory storage is:
http://www.ietf.org/internet-drafts/draft-ietf-sip-sips-09.txt

" This document provides clarifications and guidelines concerning the  
use of the SIPS URI scheme in the Session Initiation Protocol (SIP).  
It also makes normative changes to SIP."
"1. Introduction
The meaning and usage of the SIPS URI scheme and of TLS [RFC5246] is  
underspecified in SIP [RFC3261] and has been a source of confusion for  
implementers. This document provides clarifications and guidelines  
concerning the use of the SIPS URI scheme in the Session Initiation  
Protocol (SIP). It also makes normative changes to SIP (including both  
[RFC3261] and [RFC3608]."

/O



More information about the Users mailing list