6 jul 2011 kl. 13.50 skrev IƱaki Baz Castillo:
2011/7/6 Olle E. Johansson <oej(a)edvina.net>et>:
I agree
that SIPS is a pain. But that's is the standard.
The question: for what? :-)
I agree that SIPS is useful,
I don't agree, it's clearly a pain :)
but when and for whom?
- is this something we only use in infrastructure?
- or is this something a client can use to set up a "secure call" ?
The only secure-secure-secure stuff would be encrypting the message
itself, using some stupid and unfeasible stuff like S/MIME. If a
message goes across intermediary nodes, you can never expect not to
find a node breaking security.
You can clearly mandate yourself that anything
using SIP: should run over TLS.
You can implement SIPS in outbound proxys and stuff.
Do we have good documentation on how Kamailio
handles SIPS uri's in
- request uri's
- contacts for registration
- route headers
- via headers
etc etc...
Which error codes are used if I have a via header with SIPS and kamailio can't set up
a secure connection to the upstream SIP server?
In the kamailio team, we should at least have one policy for how to support it and how to
handle TLS certificate verification.
Yes, time to time :)
This thread could be a good start point :)
I will go deeper into this stuff in the next days/weeks/months. Maybe
we should start a section in the wiki documenting current sips/TLS
status in Kamailio. Let me some time and I will start it.
Right. And I will have to update some stuff in my SIP TLS presentation...
Mail out when you start a wiki page and we'll try to dig through the source code and
file bug reports if needed. I think Kamailio has to shine in this area.
/O