>>>> and thus "sips:[email protected];transport=TCP" and
>>sending sips over TCP (though allowed) is totally pointless isn't it? >>--> YES. Thanks. I had a look at RFC 5630 This document specifies that SIPS means that the SIP resource designated by the target SIPS URI is to be contacted securely, using TLS on each hop between the UAC and the remote UAS (as opposed to only to the proxy responsible for the target domain of the Request- URI). So if a User-Agent got a Contact with sips (and no transport parameter) then the User-Agent should (by default) use TLS to send requests back. Regards Attila ________________________________ From: Bossiel thioriguel [mailto:[email protected]] Sent: 18 March 2010 12:27 To: [email protected]; Attila Sipos Subject: RE: Re : [Sip-implementors] does sips imply TLS (and TLS alone)? --- En date de : Jeu 18.3.10, Attila Sipos <[email protected]> a écrit : De: Attila Sipos <[email protected]> Objet: RE: Re : [Sip-implementors] does sips imply TLS (and TLS alone)? À: "Bossiel thioriguel" <[email protected]>, [email protected] Date: Jeudi 18 mars 2010, 11h54 thanks for your response >>Neither "transport=tls" nor "sips:" are mandatory when using SIP over TLS connection. I know that neither are mandatory. My question is asking something else. I'm asking does "sips" mean that the requests must use TLS? (when I say "TLS", I am not talking about ";transport=tls", I am talking about the transport layer security protocol) I think the answer is yes - "sips" means TLS must be used. Is this correct? -->NO. >> and thus "sips:[email protected];transport=TCP" and sending sips over TCP (though allowed) is totally pointless isn't it? --> YES. ________________________________ From: Bossiel thioriguel [mailto:[email protected]] Sent: 18 March 2010 10:34 To: [email protected]; Attila Sipos Subject: Re : [Sip-implementors] does sips imply TLS (and TLS alone)? Neither "transport=tls" nor "sips:" are mandatory when using SIP over TLS connection. As per RFC 5630 subclause 3.1.3: Because a SIPS URI implies that requests sent to the resource identified by it be sent over each SIP hop over TLS, SIPS URIs are not suitable for "best-effort TLS": they are only suitable for "TLS- only" requests. This is recognized in Section 26.2.2 of [RFC3261]. Users that distribute a SIPS URI as an address-of-record may elect to operate devices that refuse requests over insecure transports. If one wants to use "best-effort TLS" for SIP, one just needs to use a SIP URI, and send the request over TLS. Using SIP over TLS is very simple. A UA opens a TLS connection and uses SIP URIs instead of SIPS URIs for all the header fields in a SIP message (From, To, Request-URI, Contact header field, Route, etc.). When TLS is used, the Via header field indicates TLS. As per RFC 5630 subclause 3.1.4: [RFC3261], Section 26.2.2 <http://tools.ietf.org/html//rfc3261#section-26.2.2> deprecated the "transport=tls" URI transport parameter in SIPS or SIP URIs: Note that in the SIPS URI scheme, transport is independent of TLS, and thus "sips:[email protected];transport=TCP" and "sips:[email protected];transport=sctp" are both valid (although note that UDP is not a valid transport for SIPS). The use of "transport=tls" has consequently been deprecated, partly because it was specific to a single hop of the request. This is a change since RFC 2543 <http://tools.ietf.org/html//rfc2543> . The "tls" parameter has not been eliminated from the ABNF in [RFC3261], Section 25 <http://tools.ietf.org/html//rfc3261#section-25> , since the parameter needs to remain in the ABNF for backward compatibility in order for parsers to be able to process the parameter correctly. The transport=tls parameter has never been defined in an RFC, but only in some of the Internet drafts between [RFC2543 <http://tools.ietf.org/html//rfc2543> ] and [RFC3261 <http://tools.ietf.org/html//rfc3261> ]. This specification does not make use of the transport=tls parameter. The reinstatement of the transport=tls parameter, or an alternative mechanism for indicating the use of the TLS on a single hop in a URI, is outside the scope of this specification. For Via header fields, the following transport protocols are defined in [RFC3261 <http://tools.ietf.org/html//rfc3261> ]: "UDP", "TCP", "TLS", "SCTP", and in [RFC4168 <http://tools.ietf.org/html//rfc4168> ]: "TLS- SCTP". --- En date de : Jeu 18.3.10, Attila Sipos <[email protected]> a écrit : De: Attila Sipos <[email protected]> Objet: [Sip-implementors] does sips imply TLS (and TLS alone)? À: [email protected] Date: Jeudi 18 mars 2010, 10h44 If a SIP Contact header has a sips URI, does that mean that one must send requests using TLS? Or is there some other secure protocol that one could use? (my problem: our equipment sends a sips contact and some other vendor said they'd like to see ";transport=tls" in the Contact but my belief is that ";transport=tls" isn't required) regards Attila . _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors . _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
