[Kamailio-Users] stun/outbound draft...
Aymeric Moizard
jack at atosc.org
Sun Jan 4 15:22:33 CET 2009
On Sun, 4 Jan 2009, Juha Heinanen wrote:
> Aymeric Moizard writes:
>
> > If you have a 100% working trick, I'll be interested to learn it! Very
> > interested!
>
> no, i don't have 100% working trick, but normal means cover 90+% of the
> cases. trying to avoid needless use of rtp proxy for the remainder is
> not worth of the extreme complexity that comes with ice.
So the 10% calls are the one that use relay when they should not? right?
I'm pretty convinced this is not a true value. Anyway, I don't think
this is a problem of number here.
Let's describe a case:
I send an INVITE and encrypt the SDP. I'm behind a symmetric NAT. I'm
calling somebody (a UA of course) who is able to decrypt it.
Whatever trick you provide, I will not have always voice (except
if ICE is supported or if the NAT are kind with me)
Conclusion: I'm forced to provide UA and ask my customer to NOT encrypt
their signalling. NEVER encrypt their signalling.
> i don't understand what you try to say in above. sip works fine over
> the internet today.
SIP works today **if**:
* no security
* no SIP message integrity is used
* sip server are well configured (...)
* sip server is not compliant (modifying contact and SDP...)
My conclusion is that it's not acceptable. I want my applications
to do security and I don't want to be dependant on badly configured
servers.
I don't want "SIP works today **if**", I want "SIP works today."
I just need a SIP compliant internet infrastructure.
tks,
Aymeric MOIZARD / ANTISIP
amsip - http://www.antisip.com
osip2 - http://www.osip.org
eXosip2 - http://savannah.nongnu.org/projects/exosip/
> -- juha
>
More information about the Users
mailing list