15 sep 2011 kl. 15:01 skrev Iñaki Baz Castillo: > Hi, there is a general confusion about the usage of TLS transport and > SIPS schema. Even more when the RFC 5630 (which tries to clarify it) > contains an important bug: > > > RFC 5630 states: > > ------------------------------------------------------------------- > 3.1.3. Using TLS with SIP Instead of SIPS > > [...] > > If one wants to use "best-effort TLS" for SIP, one just needs to use > a SIP URI, and send the request over TLS. > > Using SIP over TLS is very simple. A UA opens a TLS connection and > uses SIP URIs instead of SIPS URIs for all the header fields in a SIP > message (From, To, Request-URI, Contact header field, Route, etc.). > When TLS is used, the Via header field indicates TLS. > ------------------------------------------------------------------- > > > So an example of INVITE sent via TLS just for the first hop would be: > > > INVITE sip:[email protected] SIP/2.0 > Via: SIP/2.0/TLS 1.2.3.4 > From: sip:[email protected] > Contact: sip:[email protected];transport=tcp > > > Note that I've set "sip" schema in the Contact URI (as the spec says) > so incoming in-dialog request would be received by the caller (alice) > via TCP rather than TLS !!! > > This is wrong, it should be: > > > INVITE sip:[email protected] SIP/2.0 > Via: SIP/2.0/TLS 1.2.3.4 > From: sip:[email protected] > Contact: sips:[email protected];transport=tcp > > > Now Contact URI has "sips" schema so the proxy (assuming it does > loose-routing) would route any in-dialog request via TLS-over-TCP to > reach alice. > > The fact that the Contact URI has "sips" schema is not a problem for > the called (regardless it speaks TLS or not) as in-dialog request to > be sent from Bob to Alice would contain Route headers, and those Route > headers could have "sip" schema (in case the latest proxy contacted > Bob using UDP or TCP). So a BYE from Bob would be sent via UDP/TCP > based on the top most Route. > > > As a personal comment, I would like to say that nobody understands the > usage of "sips" schema, just nobody. And the specs do not help. > With the deprecation of "transport=tls" it becomes even more strange. We should really spend some time on a "hitch hikers guide to SIP with TLS" and write an RFC to reinstate transtport=tls, which is what we all use.
/O _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is essentially closed and only used for finishing old business. Use [email protected] for questions on how to develop a SIP implementation. Use [email protected] for new developments on the application of sip. Use [email protected] for issues related to maintenance of the core SIP specifications.
