[OpenSIPS-Users] UpenSIPS and sips

Bogdan-Andrei Iancu bogdan at voice-system.ro
Wed Oct 15 18:16:35 CEST 2008

Hi Klaus,

I quote from the email I sent you:

During some testings today, I had a chat with Robert Sparks about sips 
scheme - what he is saying is that the "liberty" you mentioned in 
RFC3261 is bogus and there is a new RFC (queued) that fixes this and 
that makes mandatory the usage of a secured protocol through all the 
segments (with sips scheme).

So, if the registrar gets a sips call and callee device is registered 
with UDP, the call must be rejected.


Klaus Darilion wrote:
> Hi Bogdan!
> Bogdan-Andrei Iancu schrieb:
>> Hi Iñaki,
>> This behaviour  will be no longer valid - SIPS will force secure 
>> transport on all segments (see the email to Klaus on the topic).
> Why is this no longer valid?
> In my previous mail I said that it is valid.
> regards
> klaus
>> Regards,
>> Bogdan
>> Iñaki Baz Castillo wrote:
>>> El Lunes, 6 de Octubre de 2008, Olle Frimanson escribió:
>>>> It works fine which is expected, but when I use
>>>> sips:a at domain.com;transport=tls
>>>> It also works, but my understanding was that this call should fail.
>>>> What are we doing wrong in this case?
>>> It's correct per RFC 3261.
>>> When B sends the INVITE to sips:a at domain.com;transport=tls it means:
>>> - B uses TLS **until** the proxy responsible of the destination 
>>> domain (domain.com).
>>> - The proxy responsible for domain.com receives the request for the 
>>> AoR a at domain.com and finds it in the location service, getting the 
>>> Contact location where a at domain.com is registered.
>>> - This Contact can be sip, sips or whatever.
>>> Of course, the proxy could have a *local* policy to disallow routing 
>>> calls insecurely (sip) to local users if the original request asked 
>>> for a SIPS RURI.
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

More information about the Users mailing list