[asterisk-dev] [svn-commits] mmichelson: branch 12 r399083 - in /branches/12: include/asterisk/ res/
Saúl Ibarra Corretgé
saghul at gmail.com
Mon Sep 16 04:40:08 CDT 2013
[snip]
> After reading your e-mail and the RFCs, I don't have a clear
> understanding either of all of the issues surrounding usage of a SIPS
> URI instead of a SIP URI with TLS as transport. The fact that SIPS does
> not equate to "best-effort" TLS obviously has implications if hops in
> the middle don't support TLS (you either think you're secure but aren't,
> or your calls fail, or... something else perhaps?). What I don't have a
> clear understanding of is why we should prefer SIP with TLS as the
> transport over SIPS. Couldn't a user make the argument that they really
> don't want "best-effort" - that is, if they asked for secure
> communication, they want secure communication along the entire path?
> What explicit pitfalls are we running into by using SIPS in the URI in
> the contact header?
FWIW, I'll just throw here what we do in Blink. I know it's not kosher
as per the standard, but oh well, world is not perfect: we ignore SIPS.
We basically treat it as it were "sip:". And we use transport=tls.
I know Olle will want to slap me in the wrist, but that's what has
worked so far out there in the wild. Sue me! ;-)
Cheers,
--
Saúl Ibarra Corretgé
http://about.me/saghul | http://saghul.net
More information about the asterisk-dev
mailing list