Hi, there is a general confusion about the usage of TLS transport and SIPS schema. Even more when the RFC 5630 (which tries to clarify it) contains an important bug:
RFC 5630 states: ------------------------------------------------------------------- 3.1.3. Using TLS with SIP Instead of SIPS [...] If one wants to use "best-effort TLS" for SIP, one just needs to use a SIP URI, and send the request over TLS. Using SIP over TLS is very simple. A UA opens a TLS connection and uses SIP URIs instead of SIPS URIs for all the header fields in a SIP message (From, To, Request-URI, Contact header field, Route, etc.). When TLS is used, the Via header field indicates TLS. ------------------------------------------------------------------- So an example of INVITE sent via TLS just for the first hop would be: INVITE sip:[email protected] SIP/2.0 Via: SIP/2.0/TLS 1.2.3.4 From: sip:[email protected] Contact: sip:[email protected];transport=tcp Note that I've set "sip" schema in the Contact URI (as the spec says) so incoming in-dialog request would be received by the caller (alice) via TCP rather than TLS !!! This is wrong, it should be: INVITE sip:[email protected] SIP/2.0 Via: SIP/2.0/TLS 1.2.3.4 From: sip:[email protected] Contact: sips:[email protected];transport=tcp Now Contact URI has "sips" schema so the proxy (assuming it does loose-routing) would route any in-dialog request via TLS-over-TCP to reach alice. The fact that the Contact URI has "sips" schema is not a problem for the called (regardless it speaks TLS or not) as in-dialog request to be sent from Bob to Alice would contain Route headers, and those Route headers could have "sip" schema (in case the latest proxy contacted Bob using UDP or TCP). So a BYE from Bob would be sent via UDP/TCP based on the top most Route. As a personal comment, I would like to say that nobody understands the usage of "sips" schema, just nobody. And the specs do not help. Best regards. -- Iñaki Baz Castillo <[email protected]> _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is essentially closed and only used for finishing old business. Use [email protected] for questions on how to develop a SIP implementation. Use [email protected] for new developments on the application of sip. Use [email protected] for issues related to maintenance of the core SIP specifications.
