On 10/10/11 3:58 PM, IƱaki Baz Castillo wrote:
2011/10/10 Juha Heinanen<jh(a)tutpro.com>om>:
For
platforms where you want some sort of integrity check in the
message, like with S/MIME or SIP Identity, rewriting the message will
break security. If we want to build secure platforms in SIP, we need
to find solutions that doesn't require SDP and SIP rewrites in the
proxys.
based on my observations from many users and also based what kind of new
modules people have written for sr lately, there is more and more
tendency towards adding b2bua kind of stuff to sip proxy.
Indeed. And honestly I
don't like that at all.
who is working on such extensions for our project? I am
not aware of
anyone trying to push b2bua in kamailio/ser and very happy with that.
My personal opinion is not against a b2bua in the proxy, but against any
b2bua in SIP. This concept brought the PSTN architecture back to life in
SIP, killing the flexibility and service extensibility of client side.
They are promoting a bunch of benefits, but actually inducing a false
impression of offering extra security and other b**ls**t-bingo
capabilities -- a short analyze proves all of them useless. If I have to
name the top enemies of SIP, the order is ALG (since affects
irremediably at some point SIP signaling) then SBCs/B2BUAs (not breaking
a call in two legs, but in a set of troubles, stopping evolution,
bringing devolution).
To clarify my statement, this is not like I will be against a b2bua
contribution in the form of a module (which has no or insignificant
impact on the core and commonly used modules) -- this is a project open
to contributions, just that I don't expect at all to get my attention
for testing or maintenance.
Cheers,
Daniel
--
Daniel-Constantin Mierla --
http://www.asipto.com
Kamailio Advanced Training, Dec 5-8, Berlin:
http://asipto.com/u/kat
http://linkedin.com/in/miconda --
http://twitter.com/miconda