11 Oct
2011
11 Oct
'11
3:30 p.m.
2011/10/10 Daniel-Constantin Mierla <miconda(a)gmail.com>om>:
who is working on such extensions for our project? I am not aware of anyone
trying to push b2bua in kamailio/ser and very happy with that.
My personal opinion is not against a b2bua in the proxy, but against any
b2bua in SIP.
Good ;)
based on my observations from many users and also
based what kind of new
modules people have written for sr lately, there is more and more
tendency towards adding b2bua kind of stuff to sip proxy.
Indeed. And honestly I don't like that at all. This concept brought the PSTN architecture back to
life in
SIP, killing the flexibility and service extensibility of client side. They
are promoting a bunch of benefits, but actually inducing a false impression
of offering extra security and other b**ls**t-bingo capabilities -- a short
analyze proves all of them useless. If I have to name the top enemies of
SIP, the order is ALG (since affects irremediably at some point SIP
signaling) then SBCs/B2BUAs (not breaking a call in two legs, but in a set
of troubles, stopping evolution, bringing devolution).
To clarify my statement, this is not like I will be against a b2bua
contribution in the form of a module (which has no or insignificant impact
on the core and commonly used modules) -- this is a project open to
contributions, just that I don't expect at all to get my attention for
testing or maintenance.
SBCs exist because they offer "some services" like for example... hum?
and due the fact that no vendor implements SIP security at all.
We need cool features in clients and proxies:
- ICE (RFC 5245): The best solution for NAT, validation of the peer
(who is sending RTP to me?) and IPv4/IPv6 transition.
- Outbound (RFC 5626): The ellegant solution for TCP/TLS clients
behind NAT. No hacks.
- GRUU (RFC 5627): Required for setting in your "Contact" something
really reachable by others (rather than your private IP). Problems
sending a REFER? GRUU is the solution.
- SRTP (RFC 3711): Why are we so happy with unencrypted audio/video media??
- SIP over TLS: But it needs to be reworked as the current spec sucks!
Let's open SIP to Internet, but for that it must work and it must be *safe*.
Cheers.
--
Iñaki Baz Castillo
<ibc(a)aliax.net>