Hi, RFC 5630 tries to clarify the usage of TLS just for the next hop (client->proxy) without requiring security in all the path:
------------------------------ 3.1.3. Using TLS with SIP Instead of SIPS If one wants to use "best-effort TLS" for SIP, one just needs to use a SIP URI, and send the request over TLS. Using SIP over TLS is very simple. A UA opens a TLS connection and uses SIP URIs instead of SIPS URIs for all the header fields in a SIP message (From, To, Request-URI, Contact header field, Route, etc.). When TLS is used, the Via header field indicates TLS. ------------------------------ But, if the UA (caller) uses a SIP URI in the Contact URI of the INVITE, in-dialog requests from the callee would nor arrive to the caller via TLS. This is: INVITE sip:b...@domain.com Via: SIP/2.0/TLS 1.2.3.4 Contact: <sip:alice@1.2.3.4> This means that when Bob sends a BYE it would arrive to Alice's outbound proxy as follows: INVITE sip:alice@1.2.3.4 Route: xxxxxxx The proxy would remove Route header(s) and just the RURI remains, which has no SIPS scheme so it would send the request using UDP (or TCP if the Contact URI includes a ;transport=tcp). Is it correct? Wouldn't be better that the Contact in the INVITE contains a SIPS schema? -- Iñaki Baz Castillo <i...@aliax.net> _______________________________________________ Sip-implementors mailing list Sip-implementors@lists.cs.columbia.edu https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
