[SIPForum-discussion] Regarding TLS using SIP

• Previous message: [SIPForum-discussion] IPv6 Support SIP phone
• Next message: [SIPForum-discussion] Regarding TLS using SIP
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Ranga , 

	Nice to know this info , Can you please share doc or website
link where we can find more info about TLS 
Support for SIP? 


Regards, 
Ashok

-----Original Message-----
From: discussion-bounces at sipforum.org
[mailto:discussion-bounces at sipforum.org] On Behalf Of M. Ranganathan
Sent: Thursday, January 28, 2010 11:40 PM
To: baslingappa bhujang
Cc: SIP Forum
Subject: Re: [SIPForum-discussion] Regarding TLS using SIP

On Thu, Jan 28, 2010 at 12:01 AM, baslingappa bhujang
<basling99 at gmail.com> wrote:
> Hi All,
> Could some one tell me how TLS works with sip protocol.

Its just like SIP over TCP except that the underlying protocol is TLS.

TLS is a secure transport layer built on top of TCP. It requires a
public/private key pair. The server encrypts traffic in the private key
and distributes its public key to clients so that clients may decrypt it
and verify that the server signed it. This guards against spoofing. The
public key may either be installed manually or, if you have a public key
that has been signed by a trusted Certifcate Authority, then the server
may just hand out the public key that has been signed by the CA and
expect that the client will contact the trusted CA for verification.
(i.e. authentication). So to do authentication in the TLS framework, you
need to have access to the public key that was exchanged so you may
verify that it was indeed issued by the server. In general you can have
a chain of CA's.
All of this is basic SSL / TLS .


The point is that SIP over TLS is completely oblivious to all of this.
The SIP protocol itself never sees it. The only thing is that as it is
running as an application layer protocol, TLS requires a new port (
different from TCP ). Usually that port is 5061 but it does not have to
be. Further, the stack needs to have mechanism to hand over the public
key to the "application" for verification.

There is also sips URL vs. sip over TLS. sips URLs are expected to have
end to end encryption whereas sip over tls ( with transport=tls) have
only hop by hop encryption requirements.

Regards,

Ranga
>
> --
> Thanks,
> Basling.
> _______________________________________________
> This is the SIP Forum discussion mailing list TO UNSUBSCRIBE, or edit 
> your delivery options, please visit 
> http://sipforum.org/mailman/listinfo/discussion
> Post to the list at discussion at sipforum.org
>
>



--
M. Ranganathan
_______________________________________________
This is the SIP Forum discussion mailing list TO UNSUBSCRIBE, or edit
your delivery options, please visit
http://sipforum.org/mailman/listinfo/discussion
Post to the list at discussion at sipforum.org

• Previous message: [SIPForum-discussion] IPv6 Support SIP phone
• Next message: [SIPForum-discussion] Regarding TLS using SIP
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]