2011/9/15 Olle E. Johansson <o...@edvina.net>: > This means thet the request URI of the ACK will be using SIPS, and then > section 8.1.1.8 comes into play > and requires the other side to also use a SIPS uri in their contact. > > In this case, both UAs need a TLS certificate.
No, that's incorrect. I show two call flows in which TLS is just used by one of the enpoints. CASE 1) - Alice uses TLS. - Bob uses UDP. - Proxy/registrar does loose-routing. - Alice calls Bob, Bob answers and later Bob hangs up. F1 INVITE Alice -> SIP Proxy (transport TLS) INVITE sip:b...@atlanta.com SIP/2.0 Via: SIP/2.0/TLS 93.12.40.105:20565;branch=z9hG4bK56sdasks From: sip:al...@atlanta.com;tag=asdyka899 To: sip:b...@atlanta.com Call-ID: asidkj3ss CSeq: 1 INVITE Max-Forwards: 70 Contact: <sips:alice@93.12.40.105:20565;transport=tcp> Content-Type: application/sdp F2 100 Trying SIP Proxy -> Alice (transport TLS) SIP/2.0 100 Trying Via: SIP/2.0/TLS 93.12.40.105:20565;branch=z9hG4bK56sdasks From: sip:al...@atlanta.com;tag=asdyka899 To: sip:b...@atlanta.com Call-ID: asidkj3ss CSeq: 1 INVITE F3 INVITE SIP Proxy -> Carol (transport UDP) INVITE sip:bob@77.123.45.23:5060 SIP/2.0 Via: SIP/2.0/UDP 100.100.100.100;branch=z9hG4bKhjhjqw32c Via: SIP/2.0/TLS 93.12.40.105:20565;branch=z9hG4bK56sdasks Record-Route: <sip:100.100.100.100;transport=udp>, <sips:100.100.100.100;transport=tcp> From: sip:al...@atlanta.com;tag=asdyka899 To: sip:b...@atlanta.com Call-ID: asidkj3ss CSeq: 1 INVITE Max-Forwards: 69 Contact: <sips:alice@93.12.40.105:20565;transport=tcp> Content-Type: application/sdp F4 200 OK Carol -> SIP Proxy (transport UDP) SIP/2.0 200 OK Via: SIP/2.0/UDP 100.100.100.100;branch=z9hG4bKhjhjqw32c Via: SIP/2.0/TLS 93.12.40.105:20565;branch=z9hG4bK56sdasks Record-Route: <sip:100.100.100.100;transport=udp>, <sips:100.100.100.100;transport=tcp> From: sip:al...@atlanta.com;tag=asdyka899 To: sip:b...@atlanta.com;tag=bmqkjhsd Call-ID: asidkj3ss CSeq: 1 INVITE Max-Forwards: 69 Contact: <sip:bob@77.123.45.23:5060;transport=udp> Content-Type: application/sdp F5 200 OK SIP Proxy -> Alice (transport TLS) SIP/2.0 200 OK Via: SIP/2.0/TLS 93.12.40.105:20565;branch=z9hG4bK56sdasks Record-Route: <sip:100.100.100.100;transport=udp>, <sips:100.100.100.100;transport=tcp> From: sip:al...@atlanta.com;tag=asdyka899 To: sip:b...@atlanta.com;tag=bmqkjhsd Call-ID: asidkj3ss CSeq: 1 INVITE Max-Forwards: 69 Contact: <sip:bob@77.123.45.23:5060;transport=udp> Content-Type: application/sdp F6 ACK Alice -> SIP Proxy (transport TLS) ACK sip:bob@77.123.45.23:5060;transport=udp SIP/2.0 Via: SIP/2.0/TLS 93.12.40.105:20565;branch=z9hG4bKhgqqp090 Route: <sips:100.100.100.100;transport=tcp>, <sip:100.100.100.100;transport=udp> From: sip:al...@atlanta.com;tag=asdyka899 To: sip:b...@atlanta.com;tag=bmqkjhsd Call-ID: asidkj3ss CSeq: 1 ACK Max-Forwards: 70 F7 ACK SIP Proxy -> Carol (transport UDP) ACK sip:bob@77.123.45.23:5060;transport=udp SIP/2.0 Via: SIP/2.0/UDP 100.100.100.100;branch=z9hG4bKhwpoc80zzx Via: SIP/2.0/TLS 93.12.40.105:20565;branch=z9hG4bKhgqqp090 From: sip:al...@atlanta.com;tag=asdyka899 To: sip:b...@atlanta.com;tag=bmqkjhsd Call-ID: asidkj3ss CSeq: 1 ACK Max-Forwards: 69 F8 BYE Carol -> SIP Proxy (transport UDP) BYE sips:alice@93.12.40.105:20565;transport=tcp SIP/2.0 Via: SIP/2.0/UDP 77.123.45.23;branch=z9hG4bKbiuiansd001 Route: <sip:100.100.100.100;transport=udp>, <sips:100.100.100.100;transport=tcp> From: sip:b...@atlanta.com;tag=bmqkjhsd To: sip:al...@atlanta.com;tag=asdyka899 Call-ID: asidkj3ss CSeq: 1201 BYE Max-Forwards: 70 F9 BYE SIP Proxy -> Alice (transport TLS) BYE sips:alice@93.12.40.105:20565;transport=tcp SIP/2.0 Via: SIP/2.0/TLS 100.100.100.100;branch=z9hG4bKmma01m3r5 Via: SIP/2.0/UDP 77.123.45.23;branch=z9hG4bKbiuiansd001 From: sip:b...@atlanta.com;tag=bmqkjhsd To: sip:al...@atlanta.com;tag=asdyka899 Call-ID: asidkj3ss CSeq: 1201 BYE Max-Forwards: 69 F10 200 OK Alice -> SIP Proxy (transport TLS) SIP/2.0 200 OK Via: SIP/2.0/TLS 100.100.100.100;branch=z9hG4bKmma01m3r5 Via: SIP/2.0/UDP 77.123.45.23;branch=z9hG4bKbiuiansd001 From: sip:b...@atlanta.com;tag=bmqkjhsd To: sip:al...@atlanta.com;tag=asdyka899 Call-ID: asidkj3ss CSeq: 1201 BYE F11 200 OK SIP Proxy -> Carol (transport UDP) SIP/2.0 200 OK Via: SIP/2.0/UDP 77.123.45.23;branch=z9hG4bKbiuiansd001 From: sip:b...@atlanta.com;tag=bmqkjhsd To: sip:al...@atlanta.com;tag=asdyka899 Call-ID: asidkj3ss CSeq: 1201 BYE CASE 2) - Alice uses TLS. - Bob uses UDP. - Proxy/registrar does loose-routing. - Bob calls Alice, Alice answers and later Alice hangs up. F1 INVITE Bob -> SIP Proxy (transport UDP) INVITE sip:al...@atlanta.com SIP/2.0 Via: SIP/2.0/UDP 77.123.45.23:5060;branch=z9hG4bK56sdasks From: sip:b...@atlanta.com;tag=asdyka899 To: sip:al...@atlanta.com Call-ID: asidkj3ss CSeq: 1 INVITE Max-Forwards: 70 Contact: <sip:bob@77.123.45.23:5060;transport=udp> Content-Type: application/sdp F2 100 Trying SIP Proxy -> Bob (transport TLS) SIP/2.0 100 Trying Via: SIP/2.0/UDP 77.123.45.23:5060;branch=z9hG4bK56sdasks From: sip:b...@atlanta.com;tag=asdyka899 To: sip:al...@atlanta.com Call-ID: asidkj3ss CSeq: 1 INVITE F3 INVITE SIP Proxy -> Alice (transport TLS) INVITE sips:alice@93.12.40.105:20565 SIP/2.0 Via: SIP/2.0/TLS 100.100.100.100;branch=z9hG4bKhjhjqw32c Via: SIP/2.0/UDP 77.123.45.23:5060;branch=z9hG4bK56sdasks Record-Route: <sips:100.100.100.100;transport=tcp>, <sip:100.100.100.100;transport=udp> From: sip:b...@atlanta.com;tag=asdyka899 To: sip:al...@atlanta.com Call-ID: asidkj3ss CSeq: 1 INVITE Max-Forwards: 69 Contact: <sip:bob@77.123.45.23:5060;transport=udp> Content-Type: application/sdp F4 200 OK Alice -> SIP Proxy (transport TLS) SIP/2.0 200 OK Via: SIP/2.0/TLS 100.100.100.100;branch=z9hG4bKhjhjqw32c Via: SIP/2.0/UDP 77.123.45.23:5060;branch=z9hG4bK56sdasks Record-Route: <sips:100.100.100.100;transport=tcp>, <sip:100.100.100.100;transport=udp> From: sip:b...@atlanta.com;tag=asdyka899 To: sip:al...@atlanta.com;tag=bmqkjhsd Call-ID: asidkj3ss CSeq: 1 INVITE Max-Forwards: 69 Contact: <sips:alice@93.12.40.105:20565;transport=tcp> Content-Type: application/sdp F5 200 OK SIP Proxy -> Bob (transport UDP) SIP/2.0 200 OK Via: SIP/2.0/UDP 77.123.45.23:5060;branch=z9hG4bK56sdasks Record-Route: <sips:100.100.100.100;transport=tcp>, <sip:100.100.100.100;transport=udp> From: sip:b...@atlanta.com;tag=asdyka899 To: sip:al...@atlanta.com;tag=bmqkjhsd Call-ID: asidkj3ss CSeq: 1 INVITE Max-Forwards: 69 Contact: <sips:alice@93.12.40.105:20565;transport=tcp> Content-Type: application/sdp F6 ACK Bob -> SIP Proxy (transport UDP) ACK sips:alice@93.12.40.105:20565;transport=tcp SIP/2.0 Via: SIP/2.0/TLS 77.123.45.23:5060;branch=z9hG4bKhgqqp090 Route: <sip:100.100.100.100;transport=udp>, <sips:100.100.100.100;transport=tcp> From: sip:b...@atlanta.com;tag=asdyka899 To: sip:al...@atlanta.com;tag=bmqkjhsd Call-ID: asidkj3ss CSeq: 1 ACK Max-Forwards: 70 F7 ACK SIP Proxy -> Alice (transport TLS) ACK sips:alice@93.12.40.105:20565;transport=tcp SIP/2.0 Via: SIP/2.0/TLS 100.100.100.100;branch=z9hG4bKhwpoc80zzx Via: SIP/2.0/UDP 77.123.45.23:5060;branch=z9hG4bKhgqqp090 From: sip:b...@atlanta.com;tag=asdyka899 To: sip:al...@atlanta.com;tag=bmqkjhsd Call-ID: asidkj3ss CSeq: 1 ACK Max-Forwards: 69 F8 BYE Alice -> SIP Proxy (transport TLS) BYE sip:bob@77.123.45.23:5060;transport=udp SIP/2.0 Via: SIP/2.0/TLS 77.123.45.23;branch=z9hG4bKbiuiansd001 Route: <sips:100.100.100.100;transport=tcp>, <sip:100.100.100.100;transport=udp> From: sip:al...@atlanta.com;tag=bmqkjhsd To: sip:b...@atlanta.com;tag=asdyka899 Call-ID: asidkj3ss CSeq: 1201 BYE Max-Forwards: 70 F9 BYE SIP Proxy -> Bob (transport UDP) BYE sip:bob@77.123.45.23:5060;transport=udp SIP/2.0 Via: SIP/2.0/UDP 100.100.100.100;branch=z9hG4bKmma01m3r5 Via: SIP/2.0/TLS 77.123.45.23;branch=z9hG4bKbiuiansd001 From: sip:al...@atlanta.com;tag=bmqkjhsd To: sip:b...@atlanta.com;tag=asdyka899 Call-ID: asidkj3ss CSeq: 1201 BYE Max-Forwards: 69 F10 200 OK Bob -> SIP Proxy (transport UDP) SIP/2.0 200 OK Via: SIP/2.0/UDP 100.100.100.100;branch=z9hG4bKmma01m3r5 Via: SIP/2.0/TLS 77.123.45.23;branch=z9hG4bKbiuiansd001 From: sip:al...@atlanta.com;tag=bmqkjhsd To: sip:b...@atlanta.com;tag=asdyka899 Call-ID: asidkj3ss CSeq: 1201 BYE F11 200 OK SIP Proxy -> Alice (transport TLS) SIP/2.0 200 OK Via: SIP/2.0/TLS 77.123.45.23;branch=z9hG4bKbiuiansd001 From: sip:al...@atlanta.com;tag=bmqkjhsd To: sip:b...@atlanta.com;tag=asdyka899 Call-ID: asidkj3ss CSeq: 1201 BYE These flows are inspired in real scenarios, so both are real and working flows. -- Iñaki Baz Castillo <i...@aliax.net> _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is essentially closed and only used for finishing old business. Use sip-implement...@cs.columbia.edu for questions on how to develop a SIP implementation. Use dispa...@ietf.org for new developments on the application of sip. Use sipc...@ietf.org for issues related to maintenance of the core SIP specifications.
