Hi, "sip:alice@domain.org" is registered in Kamailio. If the proxy receives a request for "sips:alice@domain.org" and invokes "lookup(location)" the function doesn't retrieve the registration of alice. But it should:
RFC 5630 section 3.3:
When used as the Request-URI of a request, the SIPS scheme signifies that each hop over which the request is forwarded, until the request reaches the SIP entity responsible for the domain portion of the Request-URI, must be secured with TLS; once it reaches the domain in question it is handled in accordance with local security and routing policy, quite possibly using TLS for any last hop to a UAS. When used by the originator of a request (as would be the case if they employed a SIPS URI as the address- of-record of the target), SIPS dictates that the entire request path to the target domain be so secured.
Note the last phrase:
When used by the originator of a request (as would be the case if they employed a SIPS URI as the address- of-record of the target), SIPS dictates that the entire request path to the target domain be so secured.
This is, the entire path *until* the proxy responsible for the domain in the RURI must be secure (TLS) but it's not required (local policy) that the destination proxy dellivers the request to the destination user using TLS.
So IMHO lockup(location) should not inspect the registration schema. Am I wrong?
2010/11/18 Iñaki Baz Castillo ibc@aliax.net:
This is, the entire path *until* the proxy responsible for the domain in the RURI must be secure (TLS) but it's not required (local policy) that the destination proxy dellivers the request to the destination user using TLS.
So IMHO lockup(location) should not inspect the registration schema. Am I wrong?
Hi, any comment about it? :)
Iñaki Baz Castillo writes:
This is, the entire path *until* the proxy responsible for the domain in the RURI must be secure (TLS) but it's not required (local policy) that the destination proxy dellivers the request to the destination user using TLS.
if i remember correctly, ietf has revised the above to actually require use o tls end to end, but who cares anyway, because that organization has not saying in real life anymore.
-- juha
On 26.11.2010 13:04, Iñaki Baz Castillo wrote:
2010/11/18 Iñaki Baz Castilloibc@aliax.net:
This is, the entire path *until* the proxy responsible for the domain in the RURI must be secure (TLS) but it's not required (local policy) that the destination proxy dellivers the request to the destination user using TLS.
So IMHO lockup(location) should not inspect the registration schema. Am I wrong?
Hi, any comment about it? :)
IMO flags would be nice to change the behavior of lookup() to allow retrieving sip: contacts too.
regards Klaus
2010/11/26 Klaus Darilion klaus.mailinglists@pernau.at:
2010/11/18 Iñaki Baz Castilloibc@aliax.net:
This is, the entire path *until* the proxy responsible for the domain in the RURI must be secure (TLS) but it's not required (local policy) that the destination proxy dellivers the request to the destination user using TLS.
So IMHO lockup(location) should not inspect the registration schema. Am I wrong?
Hi, any comment about it? :)
IMO flags would be nice to change the behavior of lookup() to allow retrieving sip: contacts t
Hi, why should be needed a flag to behave as the standard states? :)
Am 06.05.2011 17:18, schrieb Iñaki Baz Castillo:
2010/11/26 Klaus Darilion klaus.mailinglists@pernau.at:
2010/11/18 Iñaki Baz Castilloibc@aliax.net:
This is, the entire path *until* the proxy responsible for the domain in the RURI must be secure (TLS) but it's not required (local policy) that the destination proxy dellivers the request to the destination user using TLS.
So IMHO lockup(location) should not inspect the registration schema. Am I wrong?
Hi, any comment about it? :)
IMO flags would be nice to change the behavior of lookup() to allow retrieving sip: contacts t
Hi, why should be needed a flag to behave as the standard states? :)
Local policies need not be standard conform. :-)
2011/5/9 Klaus Darilion klaus.mailinglists@pernau.at:
This is, the entire path *until* the proxy responsible for the domain in the RURI must be secure (TLS) but it's not required (local policy) that the destination proxy dellivers the request to the destination user using TLS.
So IMHO lockup(location) should not inspect the registration schema. Am I wrong?
Hi, any comment about it? :)
IMO flags would be nice to change the behavior of lookup() to allow retrieving sip: contacts t
Hi, why should be needed a flag to behave as the standard states? :)
Local policies need not be standard conform. :-)
Ok, but we agree that, at least, there should be optional, right? :)
Are you sure lookup("location") does not retrieve SIP contacts in the case you describe? Because it should. The function uses only username and domain parts of the Request-URI when doing lookups in the user location database.
Function modules_k/registrar/lookup.c:lookup calls modules_k/registrar/common.c:extract_aor which ignores the scheme of the URI.
-Jan
On Mon, May 9, 2011 at 08:57, Iñaki Baz Castillo ibc@aliax.net wrote:
2011/5/9 Klaus Darilion klaus.mailinglists@pernau.at:
This is, the entire path *until* the proxy responsible for the domain in the RURI must be secure (TLS) but it's not required (local policy) that the destination proxy dellivers the request to the destination user using TLS.
So IMHO lockup(location) should not inspect the registration schema. Am I wrong?
Hi, any comment about it? :)
IMO flags would be nice to change the behavior of lookup() to allow retrieving sip: contacts t
Hi, why should be needed a flag to behave as the standard states? :)
Local policies need not be standard conform. :-)
Ok, but we agree that, at least, there should be optional, right? :)
-- Iñaki Baz Castillo ibc@aliax.net
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
2011/5/9 Jan Janak jan@ryngle.com:
Are you sure lookup("location") does not retrieve SIP contacts in the case you describe? Because it should. The function uses only username and domain parts of the Request-URI when doing lookups in the user location database.
Function modules_k/registrar/lookup.c:lookup calls modules_k/registrar/common.c:extract_aor which ignores the scheme of the URI.
Hi Jan, that is what I expected as I've never seen any kaamilio/sr module taking into account the URI schema. Let me check it again under the latest version and will come back.
Thanks.
2011/5/9 Jan Janak jan@ryngle.com:
Are you sure lookup("location") does not retrieve SIP contacts in the case you describe? Because it should. The function uses only username and domain parts of the Request-URI when doing lookups in the user location database.
Function modules_k/registrar/lookup.c:lookup calls modules_k/registrar/common.c:extract_aor which ignores the scheme of the URI.
Ok, not sure which kind of tests I did some time ago but indeed lockup() retrieves locations regardless the SIP scheme of the AoR.
So it was my error. Sorry.
-
Iñaki Baz Castillo -
Jan Janak -
Juha Heinanen -
Klaus Darilion