Greetings fellow SIP’ers! After a few very busy months following the last OpenSIPIt’01 in April, we are very excited to announce dates for dates for our next SIP Interoperability event to be set for 15-17th November, 2021. The program and list of participating teams is going to be announced in the coming few days.
In other news: my presentation titled “OpenSIPIt – Bringing InterOp Testing to the heart of the Community” will be happening at ClueCon on 11:30am on Wednesday, October 27th. It should be available live and on YouTube some time later.
After a great start with RFC8760, attention turned to STIR/SHAKEN with Liviu Chircu, from the OpenSIPS project, taking the lead and making a short presentation during the planning session…
Being the amazing guy he is, Liviu even managed to type up some brief notes from Day 1 and Day 2 activities, which I am pleased to reproduce here:
Day 1: RFC 8760 testing
* RFC 8760 bolsters the security of SIP by extending the protocol with support for
stronger digest algorithms. The newly added digests are SHA-256 and SHA-512/256,
both on 256 bits, complementing the old and rotting MD5 signature, which is 128 bits only.
* Teams which provided UAS (server) implementation: Sippy, OpenSIPS, FS
* Teams which had a UAC (client) implementation: Sippy, OpenSIPS, FS, Sipvicious
* Teams which helped with testing: Asterisk + above
* Issues discovered:
- sipp is still unable to correctly process more than 1 WWW-Authenticate headers (RFC 8760)
- FreeSWITCH was still choosing MD5, instead of stronger hashing (fixed live)
- sipp with MD5-sess algorithm does not work (classic RFC 3261 support, outside 8760)
- OpenSIPS had a minor issue in the digest implementation which was fixed live
Day 2: STIR/SHAKEN testing
* Using STIR/SHAKEN, service providers can add a digital signature to each call using
public/private key cryptography, thus guaranteeing that they own the source number (calling
identity). This signature comes in the form of the newly added Identity header.
* The objective was to interop across teams and see whether the Identity header generated by
one team would get accepted (validated) by the other teams.
* The teams used a fictive STI-CA (Certification Authority) which everyone added to their trust
chain. Next, the CA signed STIR/SHAKEN certificates for each team.
* Teams which provided VS (verification service) capabilities: FS, Kamailio, OSIPS, Sippy
* Teams which provided AS (authentication service) capabilities: Kam, sipfront, OSIPS, Sippy, Sipvicious
* Teams which helped with testing: Asterisk + sipp (sipfront) + above
* Issues discovered:
- special care when extracting the caller identity (display name vs. From username)
- special care when extracting the callee identity (display name vs. To username vs. Request-URI username)
- crashes due to malformed Identity header payloads (fixed live)
- lots of issues/quirks around the Date header field (now mandatory):
* bad formatting (missing comma, GMT (good) vs. UTC (bad))
* localization issues (Mi (bad) vs. Wed (good))
* some teams forgot to build it at all
As you can see, there has been a lot going on! Stay tuned for further updates and remember to check out the Sippy Labs YouTube channel for #OpenSIPIT livestreams and recordings.
Key SIP people from your favourite Open Source projects gathered online today for the beginning of OpenSIPIt#01 – a Community-driven interoperability event. Following an initial welcome and orientation session led by @sobomax the teams got down to business with a continuation of the work that had started during the pilot event (OpenSIPIt#00 in September 2020) on RFC8760.
This included the use of a brand new OpenSIPS UAS/UAC implementation which was validated, with few minor configurational issues.
The FreeSWITCH UAS was found mostly functional too, with the UAC coming soon.
The Asterisk UAC was verified to be forward compatible with RFC8760 implementations, and was proven to be able to fallback to md5 when it’s offered.
No changes in SIPP since last time, but an additional issue with MD5-sess support has been identified, and will be reported back to the project in due course.
MD5-sess fix (part of a @sobomax patch) in OpenSIPS has been verified against SIPVicious.
Overall, the new Interop process has been tested and refined based on feedback and good input from all involved, and should go even smoother for the rest of this event, and those of the future. The possibility of creating a persistent RFC8760 test rig is being investigated, for teams to re-test and improve in the following few days – based on configuration that Liviu crafted.
BTW, Massive thanks to the OpenSIPS project, and to Liviu for all his hard work so far, and for taking the lead on the STIR/SHAKEN activities happening next!
Perhaps the most pleasing aspect of this first day of OpenSIPIt#01 was the levels of engagement seen from the teams – they were all active, responsive and involved – as could be seen by the relevant Slack channels buzzing with activity as testing was taking place. SO A BIG THANK YOU TO ALL INVOLVED.
OpenSIPit is, of course, a work in progress – so expect optimisation and revision as we continue with this very important work…
With the successful pilot run of OpenSIPIt#00 in September last year, @sobomax has started something truly worthwhile in bringing SIP interop testing even closer to the Community.
I have joined the fun to help get the word out there, and I am please to announce that we now have OpenSIPIt#01 scheduled for April 12-14 as an online event.
Signed up for participation so far are the following teams: Enable Security FreeSwitch OpenSIPS Sippy Go B2BUA Sippy Python B2BUA SIPP (fans) Drachtio
We would love others to join too, including teams from the Asterisk and Kamailio projects. It was great to have Olle and Fred participate last time around 🙂
We are also investigating the possibility of holding a live, in-person OpenSIPIt event in Miami, during the ITExpo/Open Source World gathering in June.
