Greetings fellow SIP’ers! After a few very busy months following the last OpenSIPIt’01 in April, we are very excited to announce dates for dates for our next SIP Interoperability event to be set for 15-17th November, 2021. The program and list of participating teams is going to be announced in the coming few days.
In other news: my presentation titled “OpenSIPIt – Bringing InterOp Testing to the heart of the Community” will be happening at ClueCon on 11:30am on Wednesday, October 27th. It should be available live and on YouTube some time later.
OpenSIPIt#01 drew to a close on around midday US Pacific Time on Wednesday, April 14 – and was a great success!
Does that mean that every single Interop test worked perfectly, or that all the projects represented all worked together perfectly? Of course not! But what it does mean is that lots of successful SIP and STIR/SHAKEN Interop trials took place and as/when Interop did not fully occur, the reasons for it were examined an understood – and the relevant group members were able to identify what refinements and optimisations were needed in their code.
Moreover, building on the success of the pilot event in September 2020 in terms of increased numbers of participating projects and people has given rise to better communications and friendship between the various Open Source projects that took part.
There were a number of ‘Big Wins’ from OpenSIPIt#01, not only did the event attract the key ‘SIP people’ from various projects, companies and geographic locations, but there was a very high level of participation and the Slack channels created by @sobomax were almost on fire with the numbers of messages going backwards and forwards during the testing activities.
As mentioned in previous posts, the areas under test this time around were RFC8760 and STIR/SHAKEN and – as you can imagine, the kind of tests that were carried out go well beyond whether two ends can actually work together, and include looking at each possible scenario for both working and non-working cases, in addition to checking into how various failure modes are dealt with.
As has been pointed out before in the world of RFCs… They need to be tight enough to enable proper Interoperability but flexible enough to permit correct operation in a range of different situations.
We’ll finish this short report with a role-call of participants this time around, to whom huge thanks and respect are due…
Asterisk – Ben Ford and George Joseph Enable Security – Sandro Gauci (special thanks), Alfred Farrugia FreeSWITCH – Mike Jerris, Chris Rienzo, Dragos Oancea, Andrey Volk Kamailio/SIPfront (and SIPP) – Andreas Granig (special thanks) OpenSIPS – Liviu Chircu (special thanks for leading various exercises) and Bogdan Andrei Iancu SIPPY Software – Maksym Sobolyev @sobomax (MAX special thanks for driving this series of events), Pavel Bussel, Andriy Pylypenko OpenTelecom.IT – Giovanni Maruzzelli
After a great start with RFC8760, attention turned to STIR/SHAKEN with Liviu Chircu, from the OpenSIPS project, taking the lead and making a short presentation during the planning session…
Being the amazing guy he is, Liviu even managed to type up some brief notes from Day 1 and Day 2 activities, which I am pleased to reproduce here:
Day 1: RFC 8760 testing
* RFC 8760 bolsters the security of SIP by extending the protocol with support for
stronger digest algorithms. The newly added digests are SHA-256 and SHA-512/256,
both on 256 bits, complementing the old and rotting MD5 signature, which is 128 bits only.
* Teams which provided UAS (server) implementation: Sippy, OpenSIPS, FS
* Teams which had a UAC (client) implementation: Sippy, OpenSIPS, FS, Sipvicious
* Teams which helped with testing: Asterisk + above
* Issues discovered:
- sipp is still unable to correctly process more than 1 WWW-Authenticate headers (RFC 8760)
- FreeSWITCH was still choosing MD5, instead of stronger hashing (fixed live)
- sipp with MD5-sess algorithm does not work (classic RFC 3261 support, outside 8760)
- OpenSIPS had a minor issue in the digest implementation which was fixed live
Day 2: STIR/SHAKEN testing
* Using STIR/SHAKEN, service providers can add a digital signature to each call using
public/private key cryptography, thus guaranteeing that they own the source number (calling
identity). This signature comes in the form of the newly added Identity header.
* The objective was to interop across teams and see whether the Identity header generated by
one team would get accepted (validated) by the other teams.
* The teams used a fictive STI-CA (Certification Authority) which everyone added to their trust
chain. Next, the CA signed STIR/SHAKEN certificates for each team.
* Teams which provided VS (verification service) capabilities: FS, Kamailio, OSIPS, Sippy
* Teams which provided AS (authentication service) capabilities: Kam, sipfront, OSIPS, Sippy, Sipvicious
* Teams which helped with testing: Asterisk + sipp (sipfront) + above
* Issues discovered:
- special care when extracting the caller identity (display name vs. From username)
- special care when extracting the callee identity (display name vs. To username vs. Request-URI username)
- crashes due to malformed Identity header payloads (fixed live)
- lots of issues/quirks around the Date header field (now mandatory):
* bad formatting (missing comma, GMT (good) vs. UTC (bad))
* localization issues (Mi (bad) vs. Wed (good))
* some teams forgot to build it at all
As you can see, there has been a lot going on! Stay tuned for further updates and remember to check out the Sippy Labs YouTube channel for #OpenSIPIT livestreams and recordings.
Key SIP people from your favourite Open Source projects gathered online today for the beginning of OpenSIPIt#01 – a Community-driven interoperability event. Following an initial welcome and orientation session led by @sobomax the teams got down to business with a continuation of the work that had started during the pilot event (OpenSIPIt#00 in September 2020) on RFC8760.
This included the use of a brand new OpenSIPS UAS/UAC implementation which was validated, with few minor configurational issues.
The FreeSWITCH UAS was found mostly functional too, with the UAC coming soon.
The Asterisk UAC was verified to be forward compatible with RFC8760 implementations, and was proven to be able to fallback to md5 when it’s offered.
No changes in SIPP since last time, but an additional issue with MD5-sess support has been identified, and will be reported back to the project in due course.
MD5-sess fix (part of a @sobomax patch) in OpenSIPS has been verified against SIPVicious.
Overall, the new Interop process has been tested and refined based on feedback and good input from all involved, and should go even smoother for the rest of this event, and those of the future. The possibility of creating a persistent RFC8760 test rig is being investigated, for teams to re-test and improve in the following few days – based on configuration that Liviu crafted.
BTW, Massive thanks to the OpenSIPS project, and to Liviu for all his hard work so far, and for taking the lead on the STIR/SHAKEN activities happening next!
Perhaps the most pleasing aspect of this first day of OpenSIPIt#01 was the levels of engagement seen from the teams – they were all active, responsive and involved – as could be seen by the relevant Slack channels buzzing with activity as testing was taking place. SO A BIG THANK YOU TO ALL INVOLVED.
OpenSIPit is, of course, a work in progress – so expect optimisation and revision as we continue with this very important work…
With the successful pilot run of OpenSIPIt#00 in September last year, @sobomax has started something truly worthwhile in bringing SIP interop testing even closer to the Community.
I have joined the fun to help get the word out there, and I am please to announce that we now have OpenSIPIt#01 scheduled for April 12-14 as an online event.
Signed up for participation so far are the following teams: Enable Security FreeSwitch OpenSIPS Sippy Go B2BUA Sippy Python B2BUA SIPP (fans) Drachtio
We would love others to join too, including teams from the Asterisk and Kamailio projects. It was great to have Olle and Fred participate last time around 🙂
We are also investigating the possibility of holding a live, in-person OpenSIPIt event in Miami, during the ITExpo/Open Source World gathering in June.
We did not have time to build it to scale or to paint it well yet. 🙂
Our first interoperability testing event went great! Videos are available on YouTube for anyone to explore and more details about results will be posted in the event pages soon.
We thank all individuals and projects involved and we look forward to seeing all of you, as well as many others, at our future events! We also thank to all viewers and followers on YouTube and social medias. Share, like and subscribe and we will see you soon!
I am pleased to announce that we reached an agreement with our great friends at OpenSIPS Project to co-host our first OpenSIPIt event during last two of seven days of OpenSIPS Summit Distributed.
The dates are 14-15 September, 2020 from 15:00 till 18:00 UTC. The main focus would be to get our hands dirty and establish a format, however we also hope to pick some low-hanging fruits by having few initial implementations of STIR/SHAKEN and SHA-digest authentication tested against each other. The event will be broadcasted in real-time via YouTube, links will be posted shortly.
At this point of time we have few teams that are confirmed their participation. Those are: – OpenSIPS Team led by Bogdan Iancu; – Drachtio / Jambonz Team led by Dave Horton; – FreeSwitch/FusionPBX “Fan” Team led by Giovanni Maruzzelli; – Python Sippy B2BUA Team lead by yours truly; – Go Sippy B2BUA Team lead by Andriy Pylypenko; – SIPP “Fan” Team lead by Pavel Bussel.
We are also awaiting response from several other projects, including Kamailio. Stay tuned!
Welcome to OpenSIPIt.org. This is our new web site, just as the event itself it is work in progress, so please check periodically for updates and announcements.
