[OpenSIPS-Users] UpenSIPS and sips
Iñaki Baz Castillo
ibc at aliax.net
Wed Oct 15 22:54:54 CEST 2008
El Miércoles, 15 de Octubre de 2008, Bogdan-Andrei Iancu escribió:
> Hi Klaus,
>
> I quote from the email I sent you:
>
> <quote>
> During some testings today, I had a chat with Robert Sparks about sips
> scheme - what he is saying is that the "liberty" you mentioned in
> RFC3261 is bogus and there is a new RFC (queued) that fixes this and
> that makes mandatory the usage of a secured protocol through all the
> segments (with sips scheme).
>
> So, if the registrar gets a sips call and callee device is registered
> with UDP, the call must be rejected.
> </quote>
Hi Bogdan, take a look to this draft:
http://tools.ietf.org/html/draft-ietf-sip-sips-08
Specially section "3.3. The Problems with the Meaning of SIPS in RFC 3261".
RFC 3261 section 19.1 says:
"A SIPS URI specifies that the resource be contacted securely.
This means, in particular, that TLS is to be used between the UAC
and the domain that owns the URI. From there, secure
communications are used to reach the user, where the specific
security mechanism depends on the policy of the domain."
The above draft says that, when using draft-outbound it's "more" possible to
have a full hop-by-hop TLS, but AFAIK nobody mandates it. The final decision
is done by the proxy responsible for the AoR.
Regards.
--
Iñaki Baz Castillo
More information about the Users
mailing list