>From RFC3261, Section 4, A call made to a SIPS URI guarantees that secure, encrypted transport (namely TLS) is used to carry all SIP messages from the caller to the domain of the callee.
So, I think the answer is YES. "sips" means TLS is the transport according to RFC3261. -Arun On Thu, Mar 18, 2010 at 5:27 AM, Bossiel thioriguel <[email protected]> wrote: > > > --- En date de : Jeu 18.3.10, Attila Sipos <[email protected]> a > écrit : > > De: Attila Sipos <[email protected]> > Objet: RE: Re : [Sip-implementors] does sips imply TLS (and TLS alone)? > À: "Bossiel thioriguel" <[email protected]>, > [email protected] > Date: Jeudi 18 mars 2010, 11h54 > > > > > thanks for your response > >>>Neither "transport=tls" nor "sips:" are > mandatory when using SIP over TLS > connection. > > I know that neither are mandatory. My question is > asking something else. > I'm asking does "sips" mean that the requests must > use TLS? > (when I say "TLS", I am not talking about > ";transport=tls", I am talking about the transport > layer security protocol) > > I think the answer is yes - "sips" means TLS must be > used. Is this correct? > -->NO. > > > >>> and thus > "sips:[email protected];transport=TCP" and > > > sending sips over TCP (though allowed) is totally > pointless isn't it? > --> YES. > > > > > > > > > > > From: Bossiel thioriguel > [mailto:[email protected]] > Sent: 18 March 2010 10:34 > To: > [email protected]; Attila Sipos > Subject: Re : > [Sip-implementors] does sips imply TLS (and TLS alone)? > > > > > > > Neither "transport=tls" nor "sips:" are mandatory when > using SIP over TLS connection. > > > As per RFC 5630 subclause > 3.1.3: > > Because a SIPS URI implies that > requests sent to the resource > > identified by it be > sent over each SIP hop over TLS, SIPS URIs are > > not suitable for > "best-effort TLS": they are only suitable for "TLS- > > only" > requests. This is recognized in Section 26.2.2 of > [RFC3261]. > > > > > Users that distribute a SIPS URI > as an address-of-record may elect > > > > > > to operate devices that refuse > requests over insecure transports. > > > > If one wants to use > "best-effort TLS" for SIP, one just needs to use > > a SIP URI, and send > the request over TLS. > > > Using SIP over TLS > is very simple. A UA opens a TLS connection and > > uses SIP URIs > instead of SIPS URIs for all the header fields in a > SIP > > message (From, To, > Request-URI, Contact header field, Route, etc.). > > When TLS is used, > the Via header field indicates TLS. > > As per RFC > 5630 subclause 3.1.4: > [RFC3261], Section 26.2.2 deprecated the "transport=tls" URI > transport parameter in SIPS or SIP URIs: > > Note that in the SIPS URI scheme, transport is independent of TLS, > and thus "sips:[email protected];transport=TCP" and > "sips:[email protected];transport=sctp" are > both valid (although > note that UDP is not a valid transport for SIPS). The use of > "transport=tls" has consequently been deprecated, partly because > it was specific to a single hop of the request. This is a change > since RFC 2543 . > The "tls" parameter has not been > eliminated from the ABNF in > [RFC3261], Section 25 , since the parameter needs to remain in the > ABNF for backward compatibility in order for parsers to be able to > process the parameter correctly. The transport=tls parameter has > never been defined in an RFC, but only in some of the Internet drafts > between [RFC2543 ] and [RFC3261 ]. > > This specification does not make use of the transport=tls parameter. > > The reinstatement of the transport=tls parameter, or an alternative > mechanism for indicating the use of the TLS on a single hop in a URI, > is outside the scope of this specification. > > For Via header fields, the following transport protocols are defined > in [RFC3261 ]: "UDP", "TCP", "TLS", "SCTP", and in [RFC4168 ]: "TLS- > SCTP". > > > --- > En date de : Jeu 18.3.10, Attila Sipos > <[email protected]> a écrit : > > > De: > Attila Sipos <[email protected]> > Objet: > [Sip-implementors] does sips imply TLS (and TLS alone)? > À: > [email protected] > Date: Jeudi 18 mars 2010, > 10h44 > > > > If a SIP Contact header has a sips URI, does > that mean that one must > send requests using TLS? > > Or is there > some other secure protocol that one could use? > > (my problem: our > equipment sends a sips contact and some other vendor > said they'd like > to see ";transport=tls" in the Contact > but my belief is that > ";transport=tls" isn't > required) > > regards > > Attila > > > > > . > _______________________________________________ > Sip-implementors > mailing list > [email protected] > https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors > > > > > . > > > > > _______________________________________________ > Sip-implementors mailing list > [email protected] > https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors > _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
