[SIPForum-discussion] Regarding TLS using SIP

Fri Feb 5 12:09:19 UTC 2010

Refer to RFC 2246 or 5246 for more detail about TLS.

TLS is a protocol on top of some reliable protocol like TCP

in brief as per RFC

TLS Protocol is to provide privacy and data
integrity between two communicating applications. The TLS protocol is
composed of two layers: the *TLS Record Protocol* and the *TLS Handshake
Protocol*.

At the lowest level, layered on top of some reliable
transport protocol (e.g., TCP <#BibRef_TCP>), is the *TLS Record Protocol*.

The TLS Record Protocol is used for encapsulation of various higher
level protocols. One such encapsulated protocol, the *TLS Handshake
Protocol*, allows the server and client to authenticate each other and
to negotiate an encryption algorithm and cryptographic keys before
the application protocol transmits or receives its first byte of
data.

On Fri, Feb 5, 2010 at 5:05 PM, lakhan patel <lakhan.p at gmail.com> wrote:

> Hi Prasad,
>
> Thanks for your reply but I doubt not about UDP/TCP but its about TLS?
>
>
>
>
> On Fri, Feb 5, 2010 at 1:31 PM, Prasad G <prasad4mail at gmail.com> wrote:
>
>> The difference is not only in opening the socket for TCP or UDP. The
>> behavior of the protocol also changes as per the UDP or TCP.
>>
>> In case of TCP there will not be any retransmission of the request and no
>> need for reliable provisional response like PRACK,since the reliability is
>> given in the transport layer by the TCP.
>>
>> Regards,
>> Prasad
>>
>>
>> On Thu, Feb 4, 2010 at 9:47 PM, lakhan patel <lakhan.p at gmail.com> wrote:
>>
>>> Hi to All,
>>>
>>> As per my knowledge SIP works for TCP and UDP for both and only
>>> difference is while opening the socket.
>>> Is the TLS also work in similar fashion and only difference is while
>>> opening socket or what?
>>> Please if any one know it in detail, it is my humble request to him
>>> please explain it in detail or provide any reference document
>>>
>>>
>>>
>>> On Wed, Feb 3, 2010 at 8:01 PM, <ashok.pitambar at wipro.com> wrote:
>>>
>>>> Hi Ranga ,
>>>>
>>>>        Nice to know this info , Can you please share doc or website
>>>> link where we can find more info about TLS
>>>> Support for SIP?
>>>>
>>>>
>>>> Regards,
>>>> Ashok
>>>>
>>>> -----Original Message-----
>>>> From: discussion-bounces at sipforum.org
>>>> [mailto:discussion-bounces at sipforum.org] On Behalf Of M. Ranganathan
>>>> Sent: Thursday, January 28, 2010 11:40 PM
>>>> To: baslingappa bhujang
>>>> Cc: SIP Forum
>>>> Subject: Re: [SIPForum-discussion] Regarding TLS using SIP
>>>>
>>>> On Thu, Jan 28, 2010 at 12:01 AM, baslingappa bhujang
>>>> <basling99 at gmail.com> wrote:
>>>> > Hi All,
>>>> > Could some one tell me how TLS works with sip protocol.
>>>>
>>>> Its just like SIP over TCP except that the underlying protocol is TLS.
>>>>
>>>> TLS is a secure transport layer built on top of TCP. It requires a
>>>> public/private key pair. The server encrypts traffic in the private key
>>>> and distributes its public key to clients so that clients may decrypt it
>>>> and verify that the server signed it. This guards against spoofing. The
>>>> public key may either be installed manually or, if you have a public key
>>>> that has been signed by a trusted Certifcate Authority, then the server
>>>> may just hand out the public key that has been signed by the CA and
>>>> expect that the client will contact the trusted CA for verification.
>>>> (i.e. authentication). So to do authentication in the TLS framework, you
>>>> need to have access to the public key that was exchanged so you may
>>>> verify that it was indeed issued by the server. In general you can have
>>>> a chain of CA's.
>>>> All of this is basic SSL / TLS .
>>>>
>>>>
>>>> The point is that SIP over TLS is completely oblivious to all of this.
>>>> The SIP protocol itself never sees it. The only thing is that as it is
>>>> running as an application layer protocol, TLS requires a new port (
>>>> different from TCP ). Usually that port is 5061 but it does not have to
>>>> be. Further, the stack needs to have mechanism to hand over the public
>>>> key to the "application" for verification.
>>>>
>>>> There is also sips URL vs. sip over TLS. sips URLs are expected to have
>>>> end to end encryption whereas sip over tls ( with transport=tls) have
>>>> only hop by hop encryption requirements.
>>>>
>>>> Regards,
>>>>
>>>> Ranga
>>>> >
>>>> > --
>>>> > Thanks,
>>>> > Basling.
>>>> > _______________________________________________
>>>> > This is the SIP Forum discussion mailing list TO UNSUBSCRIBE, or edit
>>>> > your delivery options, please visit
>>>> > http://sipforum.org/mailman/listinfo/discussion
>>>> > Post to the list at discussion at sipforum.org
>>>> >
>>>> >
>>>>
>>>>
>>>>
>>>> --
>>>> M. Ranganathan
>>>> _______________________________________________
>>>> This is the SIP Forum discussion mailing list TO UNSUBSCRIBE, or edit
>>>> your delivery options, please visit
>>>> http://sipforum.org/mailman/listinfo/discussion
>>>> Post to the list at discussion at sipforum.org
>>>>
>>>> _______________________________________________
>>>> This is the SIP Forum discussion mailing list
>>>> TO UNSUBSCRIBE, or edit your delivery options, please visit
>>>> http://sipforum.org/mailman/listinfo/discussion
>>>> Post to the list at discussion at sipforum.org
>>>>
>>>
>>>
>>>
>>> --
>>> Thanks & Regards
>>> Shivlakhan Patel
>>> Email: lakhan.p at gmail.com, lakhan.p at hotmail.com
>>> IBM India Private Ltd. Bangalore
>>> Contact: +91-9902791177
>>>
>>> _______________________________________________
>>> This is the SIP Forum discussion mailing list
>>> TO UNSUBSCRIBE, or edit your delivery options, please visit
>>> http://sipforum.org/mailman/listinfo/discussion
>>> Post to the list at discussion at sipforum.org
>>>
>>>
>>
>
>
> --
> Thanks & Regards
> Shivlakhan Patel
> Email: lakhan.p at gmail.com, lakhan.p at hotmail.com
> IBM India Private Ltd. Bangalore
> Contact: +91-9902791177
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sipforum.org/pipermail/discussion/attachments/20100205/3c43f42f/attachment-0002.html>