6 Jul
2011
6 Jul
'11
1:50 p.m.
2011/7/6 Olle E. Johansson <oej(a)edvina.net>et>:
I agree that
SIPS is a pain. But that's is the standard.
The question: for what? :-) I agree that SIPS is useful,
I don't agree, it's clearly a pain :)
but when and for whom?
- is this something we only use in infrastructure?
- or is this something a client can use to set up a "secure call" ?
The only secure-secure-secure stuff would be encrypting the message
itself, using some stupid and unfeasible stuff like S/MIME. If a
message goes across intermediary nodes, you can never expect not to
find a node breaking security.
You can clearly mandate yourself that anything using
SIP: should run over TLS.
You can implement SIPS in outbound proxys and stuff.
Do we have good documentation on how Kamailio handles
SIPS uri's in
- request uri's
- contacts for registration
- route headers
- via headers
etc etc...
Which error codes are used if I have a via header with SIPS and kamailio can't set up
a secure connection to the upstream SIP server?
In the kamailio team, we should at least have one policy for how to support it and how to
handle TLS certificate verification.
Yes, time to time :)
This thread could be a good start point :)
I will go deeper into this stuff in the next days/weeks/months. Maybe
we should start a section in the wiki documenting current sips/TLS
status in Kamailio. Let me some time and I will start it.
Cheers.
--
Iñaki Baz Castillo
<ibc(a)aliax.net>