2011/7/6 Olle E. Johansson <[email protected]>: >> I agree that SIPS is a pain. But that's is the standard. > > The question: for what? :-)
> I agree that SIPS is useful, I don't agree, it's clearly a pain :) > but when and for whom? > - is this something we only use in infrastructure? > - or is this something a client can use to set up a "secure call" ? The only secure-secure-secure stuff would be encrypting the message itself, using some stupid and unfeasible stuff like S/MIME. If a message goes across intermediary nodes, you can never expect not to find a node breaking security. > You can clearly mandate yourself that anything using SIP: should run over TLS. > You can implement SIPS in outbound proxys and stuff. > > Do we have good documentation on how Kamailio handles SIPS uri's in > - request uri's > - contacts for registration > - route headers > - via headers > > etc etc... > > Which error codes are used if I have a via header with SIPS and kamailio > can't set up a secure connection to the upstream SIP server? > > In the kamailio team, we should at least have one policy for how to support > it and how to handle TLS certificate verification. Yes, time to time :) This thread could be a good start point :) I will go deeper into this stuff in the next days/weeks/months. Maybe we should start a section in the wiki documenting current sips/TLS status in Kamailio. Let me some time and I will start it. Cheers. -- Iñaki Baz Castillo <[email protected]> _______________________________________________ sr-dev mailing list [email protected] http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
