> On 13 Jul 2021, at 10:52, Christer Holmberg <[email protected]> > wrote: > > Hi, > >>> When you say “does not support Outbound”, are you referring to the whole >>> mechanism, or to the specific >>> reuse-of-registration-connection-for-incoming-calls part? >> >> We have had a lot of discussions about this in the past, where I focused on >> the latter. In the current set of standards a server is not allowed to reuse >> the incoming TLS connection for outbound requests. Only SIP outbound allows >> this. > > Correct. > > However, many still do it, because in addition to the TLS issues it is also > needed for NAT traversal. Exactly. Kamailio does that, because it’s the only way even if we break the RFCs. > >> That’s why I started a discussion about a “half-outbound” - much like the >> use of Outbound in SIP over WebSockets today. > > That specific part could be defined in a separate specification, similar to > what we did for SIP keep-alive: people wanted to have a mechanism for > negotiating keep-alives, without having to implement everything else in > Outbound.
Yes, that was my idea. But at the time it seemed like people either did not understand or did not see the need. Maybe we have a different situation now. It is needed, as we need RFC-compliant security in SIP. /O > > Regards, > > Christer > > > > ________________________________________ > From: stir <mailto:[email protected]> on behalf of Olle E. Johansson > <mailto:[email protected]> > Sent: Tuesday, July 13, 2021 9:32:56 AM > To: Roman Shpount <mailto:[email protected]> > Cc: mailto:[email protected] <mailto:[email protected]>; Mary Barnes > <mailto:[email protected]>; Salz, Rich > <mailto:[email protected]>; mailto:[email protected] > <mailto:[email protected]> > Subject: Re: [stir] [Acme] http://NYTimes.com: How Do You Stop Robocalls? > > > > > 13 juli 2021 kl. 06:58 skrev Roman Shpount <mailto:[email protected]>: > > At the same time, SIP over TLS has many performance and reliability issues > that would need to be addressed before it is ready for industry-wide > deployment. > > There’s also a lack of applicable standards for TLS usage, as I’ve pointed > out a few times, but the working group seems to have no energy to fix. SIP > over TLS from the SIP phone side requires implementation of SIP outbound, > which we never successfully tested at any SIPit. I know of a few > implementations now, but haven’t tested them together. > > Made this presentation five years ago > https://www.slideshare.net/oej/sip-tls-security-in-a-peer-to-peer-world > > /O > _______________________________________________ > stir mailing list > mailto:[email protected] > https://www.ietf.org/mailman/listinfo/stir > _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
