12 Dec
2012
12 Dec
'12
2:53 a.m.
2012/12/11 Olle E. Johansson <oej(a)edvina.net>et>:
In addition there is a lot of missing pieces to get
SIPS: to work. LIke how a proxy
can signal back to the originating UA that it could not set up a TLS connection because
the certificate of the next hop was bad/expired/not signed by approved CA or something
else.
And there are more issues (I hate to remember them) that make SIPS unfeasible.
After ten years, I think SIPS as a uri scheme is a
lost cause. This does NOT mean that
TLS is a lost cause, but I think we can't leave the decision about security to the
end point
user - and they can't decide whether or not they want to place a request for
"secure signalling" in their
call setup. The WebRTC way is better, just make every call more secure.
Well, WebRTC just defines the media plane (which MUST be SRTP-DTLS)
but the signaling plane is up to the application/web provider, which
can be as secure (or insecure) as any SIP or HTTP deployment.
Cheers.
--
Iñaki Baz Castillo
<ibc(a)aliax.net>