Archives April 2021

OpenSIPIt#01 a great success!

OpenSIPIt#01 drew to a close on around midday US Pacific Time on Wednesday, April 14 – and was a great success!

Does that mean that every single Interop test worked perfectly, or that all the projects represented all worked together perfectly?
Of course not!
But what it does mean is that lots of successful SIP and STIR/SHAKEN Interop trials took place and as/when Interop did not fully occur, the reasons for it were examined an understood – and the relevant group members were able to identify what refinements and optimisations were needed in their code.

Moreover, building on the success of the pilot event in September 2020 in terms of increased numbers of participating projects and people has given rise to better communications and friendship between the various Open Source projects that took part.

There were a number of ‘Big Wins’ from OpenSIPIt#01, not only did the event attract the key ‘SIP people’ from various projects, companies and geographic locations, but there was a very high level of participation and the Slack channels created by @sobomax were almost on fire with the numbers of messages going backwards and forwards during the testing activities.

As mentioned in previous posts, the areas under test this time around were RFC8760 and STIR/SHAKEN and – as you can imagine, the kind of tests that were carried out go well beyond whether two ends can actually work together, and include looking at each possible scenario for both working and non-working cases, in addition to checking into how various failure modes are dealt with.

As has been pointed out before in the world of RFCs… They need to be tight enough to enable proper Interoperability but flexible enough to permit correct operation in a range of different situations.

We’ll finish this short report with a role-call of participants this time around, to whom huge thanks and respect are due…

Asterisk – Ben Ford and George Joseph
Enable Security – Sandro Gauci (special thanks), Alfred Farrugia
FreeSWITCH – Mike Jerris, Chris Rienzo, Dragos Oancea, Andrey Volk
Kamailio/SIPfront (and SIPP) – Andreas Granig (special thanks)
OpenSIPS – Liviu Chircu (special thanks for leading various exercises) and Bogdan Andrei Iancu
SIPPY Software – Maksym Sobolyev @sobomax (MAX special thanks for driving this series of events), Pavel Bussel, Andriy Pylypenko
OpenTelecom.IT – Giovanni Maruzzelli

You can check out videos of the livestreams for OpenSIPIt#01 on the SIPPY Labs YouTube Channel.



OpenSIPIt#01 Day 2 Update

After a great start with RFC8760, attention turned to STIR/SHAKEN with Liviu Chircu, from the OpenSIPS project, taking the lead and making a short presentation during the planning session…

Being the amazing guy he is, Liviu even managed to type up some brief notes from Day 1 and Day 2 activities, which I am pleased to reproduce here:

Day 1: RFC 8760 testing
  * RFC 8760 bolsters the security of SIP by extending the protocol with support for
     stronger digest algorithms.  The newly added digests are SHA-256 and SHA-512/256,
     both on 256 bits, complementing the old and rotting MD5 signature, which is 128 bits only.
  * Teams which provided UAS (server) implementation: Sippy, OpenSIPS, FS
  * Teams which had a UAC (client) implementation: Sippy, OpenSIPS, FS, Sipvicious
  * Teams which helped with testing: Asterisk + above
  * Issues discovered:
    - sipp is still unable to correctly process more than 1 WWW-Authenticate headers (RFC 8760)
    - FreeSWITCH was still choosing MD5, instead of stronger hashing (fixed live)
    - sipp with MD5-sess algorithm does not work (classic RFC 3261 support, outside 8760)
    - OpenSIPS had a minor issue in the digest implementation which was fixed live

Day 2: STIR/SHAKEN testing
  * Using STIR/SHAKEN, service providers can add a digital signature to each call using
     public/private key cryptography, thus guaranteeing that they own the source number (calling
     identity).  This signature comes in the form of the newly added Identity header.
  * The objective was to interop across teams and see whether the Identity header generated by
    one team would get accepted (validated) by the other teams.
  * The teams used a fictive STI-CA (Certification Authority) which everyone added to their trust
    chain.  Next, the CA signed STIR/SHAKEN certificates for each team.
  * Teams which provided VS (verification service) capabilities: FS, Kamailio, OSIPS, Sippy
  * Teams which provided AS (authentication service) capabilities: Kam, sipfront, OSIPS, Sippy, Sipvicious
  * Teams which helped with testing: Asterisk + sipp (sipfront) + above
  * Issues discovered:
    - special care when extracting the caller identity (display name vs. From username)
    - special care when extracting the callee identity (display name vs. To username vs. Request-URI username)
    - crashes due to malformed Identity header payloads (fixed live)
    - lots of issues/quirks around the Date header field (now mandatory):
        * bad formatting (missing comma, GMT (good) vs. UTC (bad))
        * localization issues (Mi (bad) vs. Wed (good))
        * some teams forgot to build it at all

As you can see, there has been a lot going on!
Stay tuned for further updates and remember to check out the Sippy Labs YouTube channel for #OpenSIPIT livestreams and recordings.

OpenSIPIt#01 Kicks Off in STYLE

Key SIP people from your favourite Open Source projects gathered online today for the beginning of OpenSIPIt#01 – a Community-driven interoperability event.
Following an initial welcome and orientation session led by @sobomax the teams got down to business with a continuation of the work that had started during the pilot event (OpenSIPIt#00 in September 2020) on RFC8760.

This included the use of a brand new OpenSIPS UAS/UAC implementation which was validated, with few minor configurational issues.

The FreeSWITCH UAS was found mostly functional too, with the UAC coming soon.

The Asterisk UAC was verified to be forward compatible with RFC8760 implementations, and was proven to be able to fallback to md5 when it’s offered.

No changes in SIPP since last time, but an additional issue with MD5-sess support has been identified, and will be reported back to the project in due course.

MD5-sess fix (part of a @sobomax patch) in OpenSIPS has been verified against SIPVicious.

Overall, the new Interop process has been tested and refined based on feedback and good input from all involved, and should go even smoother for the rest of this event, and those of the future.
The possibility of creating a persistent RFC8760 test rig is being investigated, for teams to re-test and improve in the following few days – based on configuration that Liviu crafted.

BTW, Massive thanks to the OpenSIPS project, and to Liviu for all his hard work so far, and for taking the lead on the STIR/SHAKEN activities happening next!

Perhaps the most pleasing aspect of this first day of OpenSIPIt#01 was the levels of engagement seen from the teams – they were all active, responsive and involved – as could be seen by the relevant Slack channels buzzing with activity as testing was taking place. SO A BIG THANK YOU TO ALL INVOLVED.

OpenSIPit is, of course, a work in progress – so expect optimisation and revision as we continue with this very important work…

Watch the livestream recording here: https://youtu.be/ru-YP2s3x1s