Comment at the end... > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Iñaki Baz Castillo > Sent: Donnerstag, 15. September 2011 15:39 > To: Olle E. Johansson > Cc: [email protected] > Subject: Re: [Sip] Using TLS in the first hop - Bug in RFC 5630 > > 2011/9/15 Olle E. Johansson <[email protected]>: > >> As a personal comment, I would like to say that nobody > understands the > >> usage of "sips" schema, just nobody. And the specs do not help. > >> > > With the deprecation of "transport=tls" it becomes even > more strange. > > AFAIK "transport=tls" has never been deprecated. Instead, it has never > been an standard. Note for example that RFC 3261 says: > > Note that in the SIPS URI scheme, transport is > independent of TLS, > and thus "sips:[email protected];transport=tcp" and > "sips:[email protected];transport=sctp" are both valid (although > note that UDP is not a valid transport for SIPS). The use of > "transport=tls" has consequently been deprecated, partly because > it was specific to a single hop of the request. This > is a change > since RFC 2543. > > "A change since RFC 2543"?? transport=tls has never been defined in > RFC 2543. Check yourself: > > http://tools.ietf.org/html/rfc2543 > > > > We should really spend some time on a "hitch hikers guide > to SIP with TLS" and write an RFC to reinstate > transtport=tls, which is what we all use. > > Or spend some time in a new draft that *correctly* explains how to use > TLS in the first hop (without requiring security in the whole path). > This is *very* easy: > > As I've explained in my first mail: > > INVITE sip:[email protected] SIP/2.0 > Via: SIP/2.0/TLS 1.2.3.4 > From: sip:[email protected] > Contact: sips:[email protected];transport=tcp > > That's all. Just: > - Set TLS in Via transport. > - Use "sip" schema in every URI. > - But use "sips" schema in Contact URI. > > And it works. > It may work for the 1st request. But in a subsequent mid-dialog request in the reverse direction the contact URI becomes the Request-URI, which is now SIPS, and therefore the Contact in this request must also become SIPS, and you end up in an all-SIPS case.
Ernst Horvath > > > -- > Iñaki Baz Castillo > <[email protected]> > _______________________________________________ > Sip mailing list https://www.ietf.org/mailman/listinfo/sip > This list is essentially closed and only used for finishing > old business. > Use [email protected] for questions on how to > develop a SIP implementation. > Use [email protected] for new developments on the application of sip. > Use [email protected] for issues related to maintenance of the > core SIP specifications. _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is essentially closed and only used for finishing old business. Use [email protected] for questions on how to develop a SIP implementation. Use [email protected] for new developments on the application of sip. Use [email protected] for issues related to maintenance of the core SIP specifications.
