> On 13 Jul 2021, at 09:06, Roman Shpount <[email protected]> wrote: > > On Tue, Jul 13, 2021 at 2:33 AM Olle E. Johansson <[email protected] > <mailto:[email protected]>> wrote: >> 13 juli 2021 kl. 06:58 skrev Roman Shpount <[email protected] >> <mailto:[email protected]>>: >> >> At the same time, SIP over TLS has many performance and reliability issues >> that would need to be addressed before it is ready for industry-wide >> deployment. > > There’s also a lack of applicable standards for TLS usage, as I’ve pointed > out a few times, but the working group seems to have no energy to fix. SIP > over TLS from the SIP phone side requires implementation of SIP outbound, > which we never successfully tested at any SIPit. I know of a few > implementations now, but haven’t tested them together. > > We have built a SIP Outbound implementation with TLS. It kind of works but > helped us identify plenty of problems both from reliability and scalability > points of view. > > In the meantime, I am more concerned with more and more PII being sent in SIP > INVITE, especially with RCD. It might be legally required to encrypt it when > sending such data over the public internet, which would require TLS or VPN > connections for all service providers. Together with increased SIP INVITE > size, TLS essentially becomes the requirement. At this point, I am more > concerned with making service provider to service provider use cases working.
I would love to have a discussion on that - either on the sipcore list or somewhere else. I gave a lot of input to the SIPconnect update but there’s still a lot of work to do on the server2server case. /O
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
