[SIPForum-discussion] Regarding TLS using SIP

Fri Feb 5 08:01:19 UTC 2010

The difference is not only in opening the socket for TCP or UDP. The
behavior of the protocol also changes as per the UDP or TCP.

In case of TCP there will not be any retransmission of the request and no
need for reliable provisional response like PRACK,since the reliability is
given in the transport layer by the TCP.

Regards,
Prasad

On Thu, Feb 4, 2010 at 9:47 PM, lakhan patel <lakhan.p at gmail.com> wrote:

> Hi to All,
>
> As per my knowledge SIP works for TCP and UDP for both and only difference
> is while opening the socket.
> Is the TLS also work in similar fashion and only difference is while
> opening socket or what?
> Please if any one know it in detail, it is my humble request to him please
> explain it in detail or provide any reference document
>
>
>
> On Wed, Feb 3, 2010 at 8:01 PM, <ashok.pitambar at wipro.com> wrote:
>
>> Hi Ranga ,
>>
>>        Nice to know this info , Can you please share doc or website
>> link where we can find more info about TLS
>> Support for SIP?
>>
>>
>> Regards,
>> Ashok
>>
>> -----Original Message-----
>> From: discussion-bounces at sipforum.org
>> [mailto:discussion-bounces at sipforum.org] On Behalf Of M. Ranganathan
>> Sent: Thursday, January 28, 2010 11:40 PM
>> To: baslingappa bhujang
>> Cc: SIP Forum
>> Subject: Re: [SIPForum-discussion] Regarding TLS using SIP
>>
>> On Thu, Jan 28, 2010 at 12:01 AM, baslingappa bhujang
>> <basling99 at gmail.com> wrote:
>> > Hi All,
>> > Could some one tell me how TLS works with sip protocol.
>>
>> Its just like SIP over TCP except that the underlying protocol is TLS.
>>
>> TLS is a secure transport layer built on top of TCP. It requires a
>> public/private key pair. The server encrypts traffic in the private key
>> and distributes its public key to clients so that clients may decrypt it
>> and verify that the server signed it. This guards against spoofing. The
>> public key may either be installed manually or, if you have a public key
>> that has been signed by a trusted Certifcate Authority, then the server
>> may just hand out the public key that has been signed by the CA and
>> expect that the client will contact the trusted CA for verification.
>> (i.e. authentication). So to do authentication in the TLS framework, you
>> need to have access to the public key that was exchanged so you may
>> verify that it was indeed issued by the server. In general you can have
>> a chain of CA's.
>> All of this is basic SSL / TLS .
>>
>>
>> The point is that SIP over TLS is completely oblivious to all of this.
>> The SIP protocol itself never sees it. The only thing is that as it is
>> running as an application layer protocol, TLS requires a new port (
>> different from TCP ). Usually that port is 5061 but it does not have to
>> be. Further, the stack needs to have mechanism to hand over the public
>> key to the "application" for verification.
>>
>> There is also sips URL vs. sip over TLS. sips URLs are expected to have
>> end to end encryption whereas sip over tls ( with transport=tls) have
>> only hop by hop encryption requirements.
>>
>> Regards,
>>
>> Ranga
>> >
>> > --
>> > Thanks,
>> > Basling.
>> > _______________________________________________
>> > This is the SIP Forum discussion mailing list TO UNSUBSCRIBE, or edit
>> > your delivery options, please visit
>> > http://sipforum.org/mailman/listinfo/discussion
>> > Post to the list at discussion at sipforum.org
>> >
>> >
>>
>>
>>
>> --
>> M. Ranganathan
>> _______________________________________________
>> This is the SIP Forum discussion mailing list TO UNSUBSCRIBE, or edit
>> your delivery options, please visit
>> http://sipforum.org/mailman/listinfo/discussion
>> Post to the list at discussion at sipforum.org
>>
>> _______________________________________________
>> This is the SIP Forum discussion mailing list
>> TO UNSUBSCRIBE, or edit your delivery options, please visit
>> http://sipforum.org/mailman/listinfo/discussion
>> Post to the list at discussion at sipforum.org
>>
>
>
>
> --
> Thanks & Regards
> Shivlakhan Patel
> Email: lakhan.p at gmail.com, lakhan.p at hotmail.com
> IBM India Private Ltd. Bangalore
> Contact: +91-9902791177
>
> _______________________________________________
> This is the SIP Forum discussion mailing list
> TO UNSUBSCRIBE, or edit your delivery options, please visit
> http://sipforum.org/mailman/listinfo/discussion
> Post to the list at discussion at sipforum.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://sipforum.org/pipermail/discussion/attachments/20100205/713dc640/attachment-0001.html 