2009/1/4 Juha Heinanen <jh(a)tutpro.com>om>:
Iñaki Baz Castillo writes:
- Forcing RTP through a media proxy which
involves SDP rewritting by
the SIP proxy (so SDP cannot be encrypted).
forcing sip through proxies means that headers cannot be encrypted. i
fail to see a big difference.
Well, it shouldn't be required that a SIP proxy inspects the message
*body* in order communication to work.
Also, just a few headers needs to be readable by proxies. If I
remember well, SIP tunnelling with S/MIME usage allows encrypting some
headers and the entire body while the proxy still can read the
required headers (anyway, I hate concepts as "S/MIME" in SIP even if
it appears in lots of RFC's and drafts since it's obvious it doesn't
success).
However, what I mean is that rewritting the SDP is something "dirty",
don't you agree?
Unfortunatelly all of us are used to SIP scenarios in which the
proxies rewrite the "Contact" header and the SDP. I consider it as a
needed hack, but nothing ellegant. If ICE and Turn can offer here an
ellegant and clean solution then they are really welcome.
- The only
case in which the media proxy can be avoided is that in
which both the caller and callee use STUN (no symmetric NAT) or are
behind same public IP.
the above is not true.
Ok, I simplified too much. Other cases:
- One of the endpoints has public IP and supports Comedia mode.
- One of the endpoints has public IP and the other is behind non
symmetric NAT using STUN.
AFAIK there are no more cases in which the caller and/or callee are
behind NAT but a media proxy is not required, are there?
Regards.
--
Iñaki Baz Castillo
<ibc(a)aliax.net>