[asterisk-dev] SRTP Status and Plans for Asterisk 1.6.x

[Johansson Olle E]

11 nov 2008 kl. 09.35 skrev Raj Jain:

> On Sun, Nov 9, 2008 at 4:18 PM, Johansson Olle E <oej at edvina.net>  
> wrote:
>>
>> 9 nov 2008 kl. 17.47 skrev John Todd:
>>
>>> Now that SIP/TLS is in place,
>>
>> http://www.asterisk.org/doxygen/trunk/sip_tcp_tls.html
>>
>> To say that SIP/TLS is in place is very much premature, John. Doesn't
>> mean that we should wait much more with SRTP, but there is a lot of
>> work do be done before anyone can say that either TCP or TLS is in
>> place. The code is thre, the functionality is missing.
>
> I don't think it is fair to say that Asterisk's SIP TCP/TLS
> implementattion is "very premature" (I've read the emails sent after
> the SIPit trip but I was waiting for a trip report before responding;
> so I'm responding after reading what I assume to be a trip report at
> http://www.asterisk.org/doxygen/trunk/sip_tcp_tls.html).
>
We did not test TLS at SIPit, because Kevin and I agreed that it was  
very
broken. And the tests of TCP was very light. Please read through
all the comments in the chan_sip source code
to get a better understanding of all the issues.

The big issue, which is where this stands, is whether we want
to support Asterisk as part of a SIP infrastructure or if the model
only is "connect local phones to Asterisk, use PSTN out".

To connect local phones to an Asterisk, the TCP/TLS implementation
propably works. In a SIP infrastructure, it will cause a lot of issues.

The goal of my work with Asterisk has been to take Asterisk from
a model where you connect a couple of SIP phones on a LAN
to a local Asterisk, to Asterisk being part of a larger SIP  
infrastructure.

The TCP/TLS code takes us back to the LAN model. If everyone
is happy with that, I guess people like me who works with
larger infrastructures has to find another solution. I am not
happy with that, obviously.

/O