18 Nov
2010
18 Nov
'10
11:22 p.m.
Hi, "sip:alice@domain.org" is registered in Kamailio. If the proxy
receives a request for "sips:alice@domain.org" and invokes
"lookup(location)" the function doesn't retrieve the registration of
alice. But it should:
RFC 5630 section 3.3:
When used as the Request-URI of a request, the SIPS scheme
signifies that each hop over which the request is forwarded, until
the request reaches the SIP entity responsible for the domain
portion of the Request-URI, must be secured with TLS; once it
reaches the domain in question it is handled in accordance with
local security and routing policy, quite possibly using TLS for
any last hop to a UAS. When used by the originator of a request
(as would be the case if they employed a SIPS URI as the address-
of-record of the target), SIPS dictates that the entire request
path to the target domain be so secured.
Note the last phrase:
When used by the originator of a request
(as would be the case if they employed a SIPS URI as the address-
of-record of the target), SIPS dictates that the entire request
path to the target domain be so secured.
This is, the entire path *until* the proxy responsible for the domain
in the RURI must be secure (TLS) but it's not required (local policy)
that the destination proxy dellivers the request to the destination
user using TLS.
So IMHO lockup(location) should not inspect the registration schema. Am I wrong?
--
Iñaki Baz Castillo
<ibc(a)aliax.net>
26 Nov
26 Nov
2:04 p.m.
2010/11/18 Iñaki Baz Castillo <ibc(a)aliax.net>et>:
This is, the entire path *until* the proxy responsible
for the domain
in the RURI must be secure (TLS) but it's not required (local policy)
that the destination proxy dellivers the request to the destination
user using TLS.
So IMHO lockup(location) should not inspect the registration schema. Am I wrong?
Hi, any comment about it? :)
--
Iñaki Baz Castillo
<ibc(a)aliax.net>
2:05 p.m.
Iñaki Baz Castillo writes:
> This is, the entire path *until* the proxy
responsible for the domain
> in the RURI must be secure (TLS) but it's not required (local policy)
> that the destination proxy dellivers the request to the destination
> user using TLS.
if i remember correctly, ietf has revised the above to actually require
use o tls end to end, but who cares anyway, because that organization
has not saying in real life anymore.
-- juha
7:25 p.m.
On 26.11.2010 13:04, Iñaki Baz Castillo wrote:
2010/11/18 Iñaki Baz Castillo<ibc(a)aliax.net>et>:
IMO flags would be nice to change the behavior of lookup() to allow
retrieving sip: contacts too.
regards
Klaus
This is, the entire path *until* the proxy
responsible for the domain
in the RURI must be secure (TLS) but it's not required (local policy)
that the destination proxy dellivers the request to the destination
user using TLS.
So IMHO lockup(location) should not inspect the registration schema. Am I wrong?
Hi, any comment about it? :)
6 May
6 May
6:18 p.m.
2010/11/26 Klaus Darilion <klaus.mailinglists(a)pernau.at>at>:
Hi, why should be needed a flag to behave as the standard states? :)
--
Iñaki Baz Castillo
<ibc(a)aliax.net>
2010/11/18
Iñaki Baz Castillo<ibc(a)aliax.net>et>:
IMO flags would be nice to change the behavior of lookup() to allow
retrieving sip: contacts t
This is, the entire path *until* the proxy responsible for the domain
in the RURI must be secure (TLS) but it's not required (local policy)
that the destination proxy dellivers the request to the destination
user using TLS.
So IMHO lockup(location) should not inspect the registration schema. Am I
wrong?
Hi, any comment about it? :)
9 May
9 May
3:47 p.m.
Am 06.05.2011 17:18, schrieb Iñaki Baz Castillo:
2010/11/26 Klaus Darilion
<klaus.mailinglists(a)pernau.at>at>:
Hi, why should be needed a flag to behave as the standard states? :)
Local policies need not be standard conform. :-)
2010/11/18 Iñaki Baz Castillo<ibc(a)aliax.net>et>:
IMO flags would be nice to change the behavior of lookup() to allow
retrieving sip: contacts t
This is, the entire path *until* the proxy responsible for the domain
in the RURI must be secure (TLS) but it's not required (local policy)
that the destination proxy dellivers the request to the destination
user using TLS.
So IMHO lockup(location) should not inspect the registration schema. Am I
wrong?
Hi, any comment about it? :)
3:57 p.m.
2011/5/9 Klaus Darilion <klaus.mailinglists(a)pernau.at>at>:
Hi, why should be needed a flag to behave as the standard states? :)
Local policies need not be standard conform. :-)
Ok, but we agree that, at least, there should be optional, right? :)
--
Iñaki Baz Castillo
<ibc(a)aliax.net>
> This is,
the entire path *until* the proxy responsible for the domain
> in the RURI must be secure (TLS) but it's not required (local policy)
> that the destination proxy dellivers the request to the destination
> user using TLS.
>
> So IMHO lockup(location) should not inspect the registration schema. Am I
> wrong?
Hi, any comment about it? :)
IMO flags would be nice to change the behavior of lookup() to allow
retrieving sip: contacts t 
6:04 p.m.
Are you sure lookup("location") does not retrieve SIP contacts in the
case you describe? Because it should. The function uses only username
and domain parts of the Request-URI when doing lookups in the user
location database.
Function modules_k/registrar/lookup.c:lookup calls
modules_k/registrar/common.c:extract_aor which ignores the scheme of
the URI.
-Jan
On Mon, May 9, 2011 at 08:57, Iñaki Baz Castillo <ibc(a)aliax.net> wrote:
2011/5/9 Klaus Darilion
<klaus.mailinglists(a)pernau.at>at>:
Local policies need not be standard conform. :-)
Ok, but we agree that, at least, there should be optional, right? :)
--
Iñaki Baz Castillo
<ibc(a)aliax.net>
_______________________________________________
sr-dev mailing list
sr-dev(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
>> This is, the entire path *until* the proxy
responsible for the domain
>> in the RURI must be secure (TLS) but it's not required (local policy)
>> that the destination proxy dellivers the request to the destination
>> user using TLS.
>>
>> So IMHO lockup(location) should not inspect the registration schema. Am I
>> wrong?
>
> Hi, any comment about it? :)
IMO flags would be nice to change the behavior of lookup() to allow
retrieving sip: contacts t
Hi, why should be needed a flag to behave as the standard states? :)
6:07 p.m.
2011/5/9 Jan Janak <jan(a)ryngle.com>om>:
Are you sure lookup("location") does not
retrieve SIP contacts in the
case you describe? Because it should. The function uses only username
and domain parts of the Request-URI when doing lookups in the user
location database.
Function modules_k/registrar/lookup.c:lookup calls
modules_k/registrar/common.c:extract_aor which ignores the scheme of
the URI.
Hi Jan, that is what I expected as I've never seen any kaamilio/sr
module taking into account the URI schema. Let me check it again under
the latest version and will come back.
Thanks.
--
Iñaki Baz Castillo
<ibc(a)aliax.net>
31 May
31 May
3:17 p.m.
2011/5/9 Jan Janak <jan(a)ryngle.com>om>:
Are you sure lookup("location") does not
retrieve SIP contacts in the
case you describe? Because it should. The function uses only username
and domain parts of the Request-URI when doing lookups in the user
location database.
Function modules_k/registrar/lookup.c:lookup calls
modules_k/registrar/common.c:extract_aor which ignores the scheme of
the URI.
Ok, not sure which kind of tests I did some time ago but indeed
lockup() retrieves locations regardless the SIP scheme of the AoR.
So it was my error. Sorry.
--
Iñaki Baz Castillo
<ibc(a)aliax.net>
4923
days inactive
5117
days old
9 comments
4 participants
participants (4)
-
Iñaki Baz Castillo -
Jan Janak -
Juha Heinanen -
Klaus Darilion