6 Jan
2009
6 Jan
'09
8:20 p.m.
I respectfully disagree -- the field has clearly shown that working NAT
traversal today
is more valuable than message integrity and ICE architecture both
together. (Whcih happens
to be my personal preference too: getting over NATs today is more
important to me than
any sort of securing free phone calls.) Generally I tend to prefer
priorities as articulated
by live deployments.
I'm sorry to be so differently opinionated on this, particularly because
I like ICE
esthetically as the "e2e" solution. However, somehow in the Internet the
things that
are deployable today always matter. (even if considered evil, such as NATs)
-jiri
Aymeric Moizard wrote:
On Sun, 4 Jan 2009, Juha Heinanen wrote:
Aymeric Moizard writes:
So the 10% calls are the one that use relay when they should not? right?
I'm pretty convinced this is not a true value. Anyway, I don't think
this is a problem of number here.
Let's describe a case:
I send an INVITE and encrypt the SDP. I'm behind a symmetric NAT. I'm
calling somebody (a UA of course) who is able to decrypt it.
Whatever trick you provide, I will not have always voice (except
if ICE is supported or if the NAT are kind with me)
Conclusion: I'm forced to provide UA and ask my customer to NOT encrypt
their signalling. NEVER encrypt their signalling.
If you have a 100% working trick, I'll be
interested to learn it! Very
interested!
no, i don't have 100% working trick, but normal means cover 90+%
of the
cases. trying to avoid needless use of rtp proxy for the remainder is
not worth of the extreme complexity that comes with ice. i don't understand what you try to say in
above. sip works fine over
the internet today.
SIP works today **if**:
* no security
* no SIP message integrity is used
* sip server are well configured (...)
* sip server is not compliant (modifying contact and SDP...)
My conclusion is that it's not acceptable. I want my applications
to do security and I don't want to be dependant on badly configured
servers.
I don't want "SIP works today **if**", I want "SIP works today."
I just need a SIP compliant internet infrastructure.
tks,
Aymeric MOIZARD / ANTISIP
amsip - http://www.antisip.com
osip2 - http://www.osip.org
eXosip2 - http://savannah.nongnu.org/projects/exosip/
-- juha
_______________________________________________
Users mailing list
Users(a)lists.kamailio.org
http://lists.kamailio.org/cgi-bin/mailman/listinfo/users