Re: [Freeswitch-users] MPL and licensing
There are no legal uncertainties with respect to patents in GPL v3. You cannot assert them in code you license under it. There was ambiguities in GPL v2 in this respect which some companies liked. I prefer to deal with honest companies rather than those that are anti-social or might choose legal ambush later, so any that feel they cannot accept the greater legal certainty of GPL v3 in this respect are probably companies that I would not choose to have any kind of relationship with anyway ;). I recall there were other technical reasons why some have preferred the MPL, especially over the language of the Lesser GNU General Public License prior to v3. I remember having a lovely discussion about this with Craig Southern a few years back who conceeded that if the language (of the older LGPL) had been corrected for C++ use cases and object oriented practices (inlines, templates, derived classes, etc, all were problems...), he would likely have used it at the time instead of the MPL for OpenH323. Steve Underwood wrote: paul.degt wrote: Yes, that's one of the reasons. Another point is that GPL v.3 is defined more clearly from legal perspective, at least from our legal adviser point of view. While the legal status of MPL is widely considered to be vague, is GPL 3 any better? GPL 2 is pretty sound, and has stood the test of time. However a number of large companies have banned their employees from working on anything involving GPL 3 code, because of legal uncertainties, especially with regard to patents. Steve ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org begin:vcard fn:David Sugar n:Sugar;David org:GNU Telephony email;internet:dy...@gnutelephony.org tel;work:+1 609 465 5336 url:http://www.gnutelephony.org version:2.1 end:vcard ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] FS + encryption
SIP TLS will protect the SIP session information with static keys via a certificate, assuming of course the call is direct between two peers. It will do nothing for the actual voice channel. There is SRTP, which can be used to create a cryptographic context over RTP. However, the key question is how to exchange the keys. If they are exchanged in the SIP session, even TLS SIP, then there are certificates around, and it is possible to acquire a past rtp session that has been intercepted. ZRTP offers a solution for setting up SRTP cryptographic contexts using distributed and self generated keys (much like gnupg or ssh) that are exchanged between the peers over RTP itself, and validated through a fingerprint hash at both ends. It is of course essential to initially validate the keys in a secure network first, but once that is done, a man-in-the-middle in the key exchange process will then stick out like a sore thumb. Furthermore, since each call uses different per-session generated keys, there is no forward knowledge; breaking one call does not allow one to also decrypt all past calls. Paul wrote: Yes, I've seen this http://wiki.freeswitch.org/wiki/SIP_TLS. I was just curious if the only way to have true end to end secure communications with FS would have to be a SIP trunk from one FS system to another encrypted SIP system on the other with no POTS/PRI/BRI circuits used in transit. I'm assuming if there's any POTS/BRI/PRI/DSS circuits used in transit, anyone with a lineman's handset could still eavesdrop on any conversations. Is this not the case? Paul ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org begin:vcard fn:David Sugar n:Sugar;David org:GNU Telephony email;internet:dy...@gnutelephony.org tel;work:+1 609 465 5336 url:http://www.gnutelephony.org version:2.1 end:vcard ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] FS + encryption
If I can find funding for travel presently I would. Anthony Minessale wrote: Hey David! You should come by to this year's ClueCon! We still have some speaking slots left. On Thu, May 7, 2009 at 11:08 AM, David Sugar dy...@gnutelephony.org mailto:dy...@gnutelephony.org wrote: SIP TLS will protect the SIP session information with static keys via a certificate, assuming of course the call is direct between two peers. It will do nothing for the actual voice channel. There is SRTP, which can be used to create a cryptographic context over RTP. However, the key question is how to exchange the keys. If they are exchanged in the SIP session, even TLS SIP, then there are certificates around, and it is possible to acquire a past rtp session that has been intercepted. ZRTP offers a solution for setting up SRTP cryptographic contexts using distributed and self generated keys (much like gnupg or ssh) that are exchanged between the peers over RTP itself, and validated through a fingerprint hash at both ends. It is of course essential to initially validate the keys in a secure network first, but once that is done, a man-in-the-middle in the key exchange process will then stick out like a sore thumb. Furthermore, since each call uses different per-session generated keys, there is no forward knowledge; breaking one call does not allow one to also decrypt all past calls. Paul wrote: Yes, I've seen this http://wiki.freeswitch.org/wiki/SIP_TLS. I was just curious if the only way to have true end to end secure communications with FS would have to be a SIP trunk from one FS system to another encrypted SIP system on the other with no POTS/PRI/BRI circuits used in transit. I'm assuming if there's any POTS/BRI/PRI/DSS circuits used in transit, anyone with a lineman's handset could still eavesdrop on any conversations. Is this not the case? Paul ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org mailto:Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org mailto:Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org -- Anthony Minessale II FreeSWITCH http://www.freeswitch.org/ ClueCon http://www.cluecon.com/ AIM: anthm MSN:anthony_miness...@hotmail.com mailto:msn%3aanthony_miness...@hotmail.com GTALK/JABBER/PAYPAL:anthony.miness...@gmail.com mailto:paypal%3aanthony.miness...@gmail.com IRC: irc.freenode.net http://irc.freenode.net #freeswitch FreeSWITCH Developer Conference sip:8...@conference.freeswitch.org mailto:sip%3a...@conference.freeswitch.org iax:gu...@conference.freeswitch.org/888 http://iax:gu...@conference.freeswitch.org/888 googletalk:conf+...@conference.freeswitch.org mailto:googletalk%3aconf%2b...@conference.freeswitch.org pstn:213-799-1400 ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org begin:vcard fn:David Sugar n:Sugar;David org:GNU Telephony email;internet:dy...@gnutelephony.org tel;work:+1 609 465 5336 url:http://www.gnutelephony.org version:2.1 end:vcard ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] Sip for Skype - g.729 requirement
They require one use g.729, which is patent encumbered as well as rather computationally intensive. Dan wrote: You probably already saw this but http://www.skypeforsip.com/ Skype is supporting sip for business users. ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org begin:vcard fn:David Sugar n:Sugar;David org:GNU Telephony email;internet:dy...@gnutelephony.org tel;work:+1 609 465 5336 url:http://www.gnutelephony.org version:2.1 end:vcard ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] SIP server? PBX vs. softswitch?
Where this is distinguished, it is not directly at the level that user's experience the end result. In the case of what is called a softswitch, one answer is found in organizations like the ISC (International Softswitch Consortium) and vendors who built products around their architecture recommendations. These systems tend to be very complex and componetized, where basic functionality operates in self-contained components that then interact with the whole through defined open standards and network protocols, such as SIP. The primary reason for ISC-style architectures is a result of proprietary development, where code and internal operations cannot be shared or modified. Hence, by breaking up functionality into subcomponents, it is possible to replace a component subsystem as a whole while retaining the interfaces. A perfect example is call forwarding. In a traditional proprietary (ISC-model) softswitch, call forwarding would be an entirely separate self-contained proprietary feature server interacting over SIP. If someone wants to create a different call forwarding behavior, one slips in an alternate server. By contrast, it is far easier in an open source/free software PBX to simply modify the feature code that implements call forwarding directly to create new and specialized versions of that feature. Hence, you do not find or have need for micro-services for tiny features in pbx software that originated as open source and free software or that did not follow the path of proprietary architectures, such as Bayonne, Asterisk, or FreeSwitch. A perfect example of a traditional softswitch architecture is SipX, which originated as a proprietary VoIP pbx codebase. However, even at this point, such distinctions I think are still somewhat artificial, as Brian suggests. What does distinguish architectures that may be relevant to end users is whether a IP-PBX solution operates as a B2BUA (back-to-back user agent) or not. A pure B2BUA solution is one where all media as well as signalling goes directly through the central PBX switch. A perfect example of this is how Asterisk traditionally works. This makes it very easy to adapt and connect multi-protocol endpoints, to convert media formats for endpoints who do not have common codecs, etc, since all media endpoints talk to the switch rather than each other. However, since all media goes through a central point, the scalability of such systems can often become compute-bound, and extra latency is induced. A pure network solution by contrast has all media connect directly peer to peer by the user agent endpoints, and the pbx really only handles and coordinate independently operating endpoints through signalling. This often requires separate servers for gateways to the PSTN or other protocols. But it does offer better latency and scalability, and the ability to provide end-to-end media security, such as when using ZRTP. This difference, between B2BUA and non-B2BUA, is I think far more relevant today than traditional classifications such as IP-PBX, softswitch, SIP Server, etc. Brian West wrote: It depends on how you look at it... most will say there is no difference... but last I checked you usually don't run heavy apps on a softswitch. FreeSWITCH can be everything from softphone to softswitch and everything in between including PBX. The default config comes configured as a PBX. /b On Feb 28, 2009, at 9:47 AM, Fred wrote: Hello Even though I successfully set up an Asterisk voice server, I'm no telecom expert, and would like some clarification about the following things: - What is an SIP server as opposed to a IP PBX? - What is the different between a PBX like Asterisk and a softswitch? Thank you. ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org begin:vcard fn:David Sugar n:Sugar;David org:GNU Telephony email;internet:dy...@gnutelephony.org tel;work:+1 609 465 5336 url:http://www.gnutelephony.org version:2.1 end:vcard ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] Freeswitch optimization as a registrar
You actually have potentially ~1320 effective SIP transactions per second to support 4 registered ua's with a 60s refresh. This is because the ua sends it's registration refresh unauthenticated. The registrar will then push back an authentication challenge request so the ua can prove its identity, at which point the ua then repeats the same transaction, but with authentication credentials attached. rod wrote: Hi all, I know that freeswitch has not been designed as a pure sip proxy/registrar, but I'm wondering how many subscribers could be handled by FS. I setup the following test environment: - Kamailio 1.4.2 as the registrar - all invite requests are flowing through FS, even for a call between 2 registered subscribers. Many reasons for this: the calls CDR are centralized in the same format, I can easily add a billing ID to a call, proceed to recording, set the caller as anonymous if requested... - FS is used also as a SBC There is still a lot of work to do, mainly on the call forwarding feature and this is why I'm wondering (simply out of curiosity) what could have been achieved using only FS (easier to setup when only one equipment is involved :) ). I'd like to register 40 000 subscribers (if each user registers every 60s, you have approx 670 registration per second, this setup is working on Kamailio). I did the following to increase FS performance regarding registration: - put the directory containing users in a RAMDISK - put the db directory in a RAMDISK with this I was able to reach 190 registration per second (50 without the ramdisk) but for one SIP account, not too useful :p (for your information I see a huge improvement when switching from 1.0.1 phoenix: 150cps to FS svn 105xx: 190) When trying with 25000 SIP accounts, I got no more than 30cps. Then I tried to use the odbc mysql for registration, using this I was able to achieve 50cps. The mysql DB is not in a RAMDISK. For all these tests, the presence support has been disabled. As the IO performance seems to be a bottleneck, I'd like to know if there is a way to store the registration in memory only without database persistency. This thread is there only to share tips, not to complain about FS poor performance as a SIP registrar when compared to Kamailio. If I compare FS to a commercial SBC I'm using in production, I have to say that FS is really a great piece of software (lacks only statistics module, snmp, and heartbeat redundancy for failover). regards, rod ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org begin:vcard fn:David Sugar n:Sugar;David org:GNU Telephony email;internet:dy...@gnutelephony.org tel;work:+1 609 465 5336 url:http://www.gnutelephony.org version:2.1 end:vcard ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] Freeswitch optimization as a registrar - a cute hack
I actually have found an alternate approach that we optionally use in sipwitch. Basically, sipwitch can be set to recognize a trusted subnet, and automatically accepts a refresh from any actively registered ua on the trusted subnet(s) without requesting an authentication challenge, so long as the ua refreshes from the same sip port and ip address it originally registered and authenticated from. It will also do the same for invites and other otherwise authentication challenge sip requests that can originate from ua's on the trusted subnet(s). Using this option of course kills any ability to proxy register multiple ua's through another sip server, although this can be solved by recognizing certain id's as explicitly not trustable. However, for most common configurations and use cases, it works very well and does effectively halve sip network traffic :). Michael Giagnocavo wrote: This is because the ua sends it's registration refresh unauthenticated. The registrar will then push back an authentication challenge request so the ua can prove its identity, at which point the ua then repeats the same transaction, but with authentication credentials attached. Why does it do that? Every time I do a debug, I see the first request denied as unauthorized and then it always comes right back and gets Welcome to HTTP Digest authentication. The request has to get challenged to get a new nonce from the server (so as to mitigate replay attacks). You could TLS and auth off of the client cert, except few devices support that, and you'd have the overhead of TCP (which is like bad or something). -Michael ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org begin:vcard fn:David Sugar n:Sugar;David org:GNU Telephony email;internet:dy...@gnutelephony.org tel;work:+1 609 465 5336 url:http://www.gnutelephony.org version:2.1 end:vcard ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
