--- En date de : Jeu 18.3.10, Attila Sipos <[email protected]> a écrit :
De: Attila Sipos <[email protected]> Objet: RE: Re : [Sip-implementors] does sips imply TLS (and TLS alone)? À: "Bossiel thioriguel" <[email protected]>, [email protected] Date: Jeudi 18 mars 2010, 11h54 thanks for your response >>Neither "transport=tls" nor "sips:" are mandatory when using SIP over TLS connection. I know that neither are mandatory. My question is asking something else. I'm asking does "sips" mean that the requests must use TLS? (when I say "TLS", I am not talking about ";transport=tls", I am talking about the transport layer security protocol) I think the answer is yes - "sips" means TLS must be used. Is this correct? -->NO. >> and thus "sips:[email protected];transport=TCP" and sending sips over TCP (though allowed) is totally pointless isn't it? --> YES. From: Bossiel thioriguel [mailto:[email protected]] Sent: 18 March 2010 10:34 To: [email protected]; Attila Sipos Subject: Re : [Sip-implementors] does sips imply TLS (and TLS alone)? Neither "transport=tls" nor "sips:" are mandatory when using SIP over TLS connection. As per RFC 5630 subclause 3.1.3: Because a SIPS URI implies that requests sent to the resource identified by it be sent over each SIP hop over TLS, SIPS URIs are not suitable for "best-effort TLS": they are only suitable for "TLS- only" requests. This is recognized in Section 26.2.2 of [RFC3261]. Users that distribute a SIPS URI as an address-of-record may elect to operate devices that refuse requests over insecure transports. If one wants to use "best-effort TLS" for SIP, one just needs to use a SIP URI, and send the request over TLS. Using SIP over TLS is very simple. A UA opens a TLS connection and uses SIP URIs instead of SIPS URIs for all the header fields in a SIP message (From, To, Request-URI, Contact header field, Route, etc.). When TLS is used, the Via header field indicates TLS. As per RFC 5630 subclause 3.1.4: [RFC3261], Section 26.2.2 deprecated the "transport=tls" URI transport parameter in SIPS or SIP URIs: Note that in the SIPS URI scheme, transport is independent of TLS, and thus "sips:[email protected];transport=TCP" and "sips:[email protected];transport=sctp" are both valid (although note that UDP is not a valid transport for SIPS). The use of "transport=tls" has consequently been deprecated, partly because it was specific to a single hop of the request. This is a change since RFC 2543 . The "tls" parameter has not been eliminated from the ABNF in [RFC3261], Section 25 , since the parameter needs to remain in the ABNF for backward compatibility in order for parsers to be able to process the parameter correctly. The transport=tls parameter has never been defined in an RFC, but only in some of the Internet drafts between [RFC2543 ] and [RFC3261 ]. This specification does not make use of the transport=tls parameter. The reinstatement of the transport=tls parameter, or an alternative mechanism for indicating the use of the TLS on a single hop in a URI, is outside the scope of this specification. For Via header fields, the following transport protocols are defined in [RFC3261 ]: "UDP", "TCP", "TLS", "SCTP", and in [RFC4168 ]: "TLS- SCTP". --- En date de : Jeu 18.3.10, Attila Sipos <[email protected]> a écrit : De: Attila Sipos <[email protected]> Objet: [Sip-implementors] does sips imply TLS (and TLS alone)? À: [email protected] Date: Jeudi 18 mars 2010, 10h44 If a SIP Contact header has a sips URI, does that mean that one must send requests using TLS? Or is there some other secure protocol that one could use? (my problem: our equipment sends a sips contact and some other vendor said they'd like to see ";transport=tls" in the Contact but my belief is that ";transport=tls" isn't required) regards Attila . _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors . _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
