On Wed, 7 Jan 2009, Jiri Kuthan wrote:
> I respectfully disagree -- the field has clearly shown that working NAT > traversal today is more valuable than message integrity and ICE > architecture both together. (Whcih happens to be my personal preference > too: getting over NATs today is more important to me than any sort of > securing free phone calls.) Generally I tend to prefer priorities as > articulated by live deployments. I think we both agree on where we want to go. The difference is probably that current way SIP is used might be enough for you, but as a 10 years SIP endpoint stack builder, I'm just bored about using SIP over non transparent network. Not your fault... > I'm sorry to be so differently opinionated on this, particularly because > I like ICE esthetically as the "e2e" solution. However, somehow in the > Internet the things that are deployable today always matter. (even if > considered evil, such as NATs) Don't be sorry. My intention for this thread was just to ask ser/kamailio/whatever to make sure the future will not be the same as the 10 past years. My intention was not to say "you are all wrong". Aymeric > -jiri > > Aymeric Moizard wrote: >> >> On Sun, 4 Jan 2009, Juha Heinanen wrote: >> >>> Aymeric Moizard writes: >>> >>>> If you have a 100% working trick, I'll be interested to learn it! Very >>>> interested! >>> no, i don't have 100% working trick, but normal means cover 90+% of the >>> cases. trying to avoid needless use of rtp proxy for the remainder is >>> not worth of the extreme complexity that comes with ice. >> >> So the 10% calls are the one that use relay when they should not? right? >> I'm pretty convinced this is not a true value. Anyway, I don't think >> this is a problem of number here. >> >> Let's describe a case: >> >> I send an INVITE and encrypt the SDP. I'm behind a symmetric NAT. I'm >> calling somebody (a UA of course) who is able to decrypt it. >> >> Whatever trick you provide, I will not have always voice (except >> if ICE is supported or if the NAT are kind with me) >> >> Conclusion: I'm forced to provide UA and ask my customer to NOT encrypt >> their signalling. NEVER encrypt their signalling. >> >>> i don't understand what you try to say in above. sip works fine over >>> the internet today. >> >> SIP works today **if**: >> * no security >> * no SIP message integrity is used >> * sip server are well configured (...) >> * sip server is not compliant (modifying contact and SDP...) >> >> My conclusion is that it's not acceptable. I want my applications >> to do security and I don't want to be dependant on badly configured >> servers. >> >> I don't want "SIP works today **if**", I want "SIP works today." >> >> I just need a SIP compliant internet infrastructure. >> >> tks, >> Aymeric MOIZARD / ANTISIP >> amsip - http://www.antisip.com >> osip2 - http://www.osip.org >> eXosip2 - http://savannah.nongnu.org/projects/exosip/ >> >> >>> -- juha >>> >> >> _______________________________________________ >> Users mailing list >> Users@lists.kamailio.org >> http://lists.kamailio.org/cgi-bin/mailman/listinfo/users >> > _______________________________________________ Users mailing list Users@lists.kamailio.org http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
