[Free-RTC] kamaillio script for federated communications

[Daniel Pocock]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 21/06/13 01:18, johnc wrote:
> Hi,
>
> I've been interested for some time in federated secure communications
> systems and in particular voice systems. I am a firm believer in the
> right to privacy. I am appalled but not entirely surprised by the
> latest revelations concerning PRISM.
>
> I recently updated Daniel-Constantin Mierla's:
>
> http://kb.asipto.com/kamailio:skype-like-service-in-less-than-one-hour
>
> for kamailio 4 + jitsi, see below:
>
> https://www.johncahill.net/wiki/index.php/Skype_like_conferencing_System
>
> This config allows for TLS+ZRTP encrypted calls to be made between
> jitsi clients connected to different kamailio servers.
>
> I would like some feedback on how to improve this config. I will flag
> up some failings straight away:
>
> * Inter-domain peer to peer presence sharing doesn't work. Only
> intra-domain presence sharing.
> * TLS is enforced crudely by an iptables based firewall only allowing
> communications on port TCP 5061 TLS

If the TCP and UDP ports are disabled in the Kamailio config, does that
have a similar effect, forcing everything over TLS?

Is there any technical issue in Kamailio preventing mutual TLS
validation from occurring?

One of the reasons I recommend Kamailio to people over the other SER
variants is the TLS support is intended to do these things.

> * The config uses DNS to establish the transport available on the
> remote proxy. It doesn't use DNSSEC to do this.

I'm not sure if DNSSEC matters if the TLS certificate is valid - some
people may prefer to trust the TLS cert and not place any trust in the
DNSSEC trust model

>
> I will add any improvements to to my wiki and please feel free to cut
> paste + share.
>
> I would like to share working recipes in a similar way to that done by
> Daniel Pocock and others on this list. Thanks, you work has inspired me.
>

Once it is more refined, I'd be happy to integrate it with the site
www.rtcquickstart.org

Have you tested calling between a Kamailio user and repro user?  Ideally
they should be fully interoperable and if there is any fault on the
repro side, please raise it on repro-users



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJRxE+UAAoJEOm1uwJp1aqD5mUP/jADhRyP0HO23rxGwq+b57V6
yJrqNwCnHyNoUrcgE+iTgmvtNre5HttvGTRHhAWaWB+n5mvMNYF3CaoiLz03K2NA
+NKbPiqsTA4I1dr/UKwx9KN71foU5tR6BPdDbobNmtseeWep+whRx2BA5OKTf0Fl
ADrnyimdT/Ph/n5m+yQ6I1J4SGE9URLXKJcr6xtK1+voPpzrr+kfHURdlG9UsgKK
CLmYFLHwmbVB0I/ap6IT+obn1/IZWso0cwqesJwxglpdfFCR9HJo6I1bIlBa4sph
IgfrdQhEkQqRgeXUsvM2Xq9x1sejH0z+byUytSIEkEACAR7EHqka8SQ4gUkvZFvN
v0oeeSeXTyqvciimb3nIIgx67RIM8TBsARPjkOIkNosMniLf3BKRkzokwE/0usS0
1KQjR1FlpVfvuElFSyRm+AeX4dlldwAA8TXPxp79yETD8xWNRj7Q7SZseCZuTdG+
RKGdO3jWs162GvQkbZF3Ig6lZ7ZAfjgy97mX1BLDP2bf03PCze/6diLFg0Yyjjkn
16WvWZhe4P8bgKcRrcb4HWpT0tNJaCOO4aZ+FQnIDxp6IpeN6iu+udG2D4a/hxQ7
OzVwqnL2K4kFveOkGGG0gkXp27m0Yw+8n7OqdBVMOl2uhgeQAgVFZUAuU5O4yhUE
oH/hCAWuGEFacqNuPGQc
=QPq9
-----END PGP SIGNATURE-----