The document discusses updates needed for SIP to work effectively in modern environments. It recommends: 1) requiring support for SIP Outbound and TLS/DTLS key exchange to address challenges of NAT and encryption; 2) requiring full support for Opus codec and RTCP feedback to optimize media; and 3) supporting IETF work on standards like STIR, SIPCORE, and stronger authentication. The document also outlines upcoming SIP features from the IETF and SIP Forum around improved identities, dual-stack support, and TLS in SIPConnect 2.0.
6. HOSTED PBX CHALLENGES
NAT
Firewalls and application level gateways
Coming up: Dual stack networks
SIP clients on mobile networks - ouch
UDP tough through firewalls
Optimal media routing
Hosted
PBX services
over Internet
7. SIP + WEBRTC
RTP/SAVPF - What’s that?
Very large SDP’s break UDP (fragmentation pain)
The connection is the “login” status
Was this really a good idea from the start?
SIP + WebRTC
8. SIP OVER MOBILE NETWORKS
The network wants to limit sessions (IP flows)
How do we receive incoming calls?
Carrier Grade NATs are as evil as common NAT
The connection (TCP/TLS) is the “login”
SIP + 4G data
10. OUTBOUND …ISSUES
Customer’s doesn’t see the need (OEJ: yet…)
They have implemented non-RFC-compliant connection reuse
Kamailio have had it for a very long time
We need to standardize half-simple-outbound in the IETF
12. ICE:WAITING FORTHE BEST
Setting up a media flow takes time
Developer’s doesn’t use the tricks with early media setup
Trickle ICE is a good way forward - but how to do that in SIP is
still a bit unclear
Use fast ICE setup with early media, restart full ICE at 200 OK
and rerun during the call. Don’t be afraid to move media.
14. OPUS: NOT ALL IS GOLDTHAT
GLIMMERS
ISDN-style media layers doesn’t handle Opus
Locking Opus to ONE mode with no dynamic changes
Not using RTCP feedback at all, not sending RTCP
This is not a good solution
16. TLS ::VERY FEW DO IT RIGHT
TLS from a phone to a SIP server requires connection reuse
ONLY Defined in SIP OUTBOUND
Which developers doesn’t like
So how do we solve this?
(bring the wine, and let’s discuss)
#MoreCrypto
17. SRTP :: EXCHANGING KEYS
Legacy devices send keys in the SIP message. In clear text.
When was that a good idea?
WebRTC started the move to DTLS key exchange in the media
plane
May be problematic for old devices
Long calls, reinvites - some interoperability issues
#MoreCrypto
18. KAMAILIO IN A
CONNECTED SIP WORLD
Kamailio has improved a lot!
Connections are in focus now
Connection ID per non-UDP connection
Events when connections close
Unregister when connections close
Websockets,TLS,TCP - ready to rock in a Kamailio in your network now!
19. SUMMARY:
Require support for SIP Outbound
Require support for TLS and SRTP/DTLS key exchange
Require support for Opus - with full feedback and dynamic
properties
Support our work in the IETF
Where are the desktop
phones?
21. STIR: IMPROVED IDENTITIES
Another try at securing the identity
Started by pressure from FCC
Hopefully can bootstrap secure Caller IDs in PSTN situations
Hopefully can bootstrap secure SIP IDs
22. SIPCORE: FINDING EACH OTHER
IN DUAL STACKS
First step of Happy Eyeballs for SIP
Draft in WGLC
Change the “OR “ to an “AND”
Advice on DNS SRV support for dual stack usage
23. SIPCORE: HAPPY EARDRUMS
Setting up sessions in dual stack environments
TCP,WSS, SCTP - No worries, use Happy Eyeballs
UDP: It’s complicated
Still under discussion
Implementations underway, it’s real now.
24. STRONGER AUTHENTICATION
First idea: Replace MD5 with SHAxxx
Dead end, abandoned
Second idea: Use OAUTH
Right now: Confusion - where do we boldly go now?
Defining the PROBLEM
25. SIPCONNECT 2.0
Soon in WGLC
Adds TLS
Adds IPv6
Kamailio still lacks GIN support
Client connection reuse
26. KAMAILIOTODO:
Improve TLS validation of connections
Add support for GIN - bulk registrations for phone numbers to
be SIP Connect 1.0 and 2.0 compatible (both as a UA and a
server)
Start working on dual stack issues - connection setup with happy
eyeballs
IPv6 source address selection is incomplete
28. SIPIT 31: SEPT 12-16
IOL Labs, Durham, New Hampshire, USA - www.sipit.net
Five days of great
SIP testing. Learning more.
Solving problems.
IETF 96 BERLIN
Berlin, Germany, July 17-22 2016
Five days of standard
discussions, brainstorming and
bar-BOFs
Twitter @oej
See you there!