2012/12/11 Olle E. Johansson oej@edvina.net:
In addition there is a lot of missing pieces to get SIPS: to work. LIke how a proxy can signal back to the originating UA that it could not set up a TLS connection because the certificate of the next hop was bad/expired/not signed by approved CA or something else.
And there are more issues (I hate to remember them) that make SIPS unfeasible.
After ten years, I think SIPS as a uri scheme is a lost cause. This does NOT mean that TLS is a lost cause, but I think we can't leave the decision about security to the end point user - and they can't decide whether or not they want to place a request for "secure signalling" in their call setup. The WebRTC way is better, just make every call more secure.
Well, WebRTC just defines the media plane (which MUST be SRTP-DTLS) but the signaling plane is up to the application/web provider, which can be as secure (or insecure) as any SIP or HTTP deployment.
Cheers.