Greetings fellow SIP’ers! After a few very busy months following the last OpenSIPIt’01 in April, we are very excited to announce dates for dates for our next SIP Interoperability event to be set for 15-17th November, 2021. The program and list of participating teams is going to be announced in the coming few days.
In other news: my presentation titled “OpenSIPIt – Bringing InterOp Testing to the heart of the Community” will be happening at ClueCon on 11:30am on Wednesday, October 27th. It should be available live and on YouTube some time later.
After a great start with RFC8760, attention turned to STIR/SHAKEN with Liviu Chircu, from the OpenSIPS project, taking the lead and making a short presentation during the planning session…
Being the amazing guy he is, Liviu even managed to type up some brief notes from Day 1 and Day 2 activities, which I am pleased to reproduce here:
Day 1: RFC 8760 testing
* RFC 8760 bolsters the security of SIP by extending the protocol with support for
stronger digest algorithms. The newly added digests are SHA-256 and SHA-512/256,
both on 256 bits, complementing the old and rotting MD5 signature, which is 128 bits only.
* Teams which provided UAS (server) implementation: Sippy, OpenSIPS, FS
* Teams which had a UAC (client) implementation: Sippy, OpenSIPS, FS, Sipvicious
* Teams which helped with testing: Asterisk + above
* Issues discovered:
- sipp is still unable to correctly process more than 1 WWW-Authenticate headers (RFC 8760)
- FreeSWITCH was still choosing MD5, instead of stronger hashing (fixed live)
- sipp with MD5-sess algorithm does not work (classic RFC 3261 support, outside 8760)
- OpenSIPS had a minor issue in the digest implementation which was fixed live
Day 2: STIR/SHAKEN testing
* Using STIR/SHAKEN, service providers can add a digital signature to each call using
public/private key cryptography, thus guaranteeing that they own the source number (calling
identity). This signature comes in the form of the newly added Identity header.
* The objective was to interop across teams and see whether the Identity header generated by
one team would get accepted (validated) by the other teams.
* The teams used a fictive STI-CA (Certification Authority) which everyone added to their trust
chain. Next, the CA signed STIR/SHAKEN certificates for each team.
* Teams which provided VS (verification service) capabilities: FS, Kamailio, OSIPS, Sippy
* Teams which provided AS (authentication service) capabilities: Kam, sipfront, OSIPS, Sippy, Sipvicious
* Teams which helped with testing: Asterisk + sipp (sipfront) + above
* Issues discovered:
- special care when extracting the caller identity (display name vs. From username)
- special care when extracting the callee identity (display name vs. To username vs. Request-URI username)
- crashes due to malformed Identity header payloads (fixed live)
- lots of issues/quirks around the Date header field (now mandatory):
* bad formatting (missing comma, GMT (good) vs. UTC (bad))
* localization issues (Mi (bad) vs. Wed (good))
* some teams forgot to build it at all
As you can see, there has been a lot going on! Stay tuned for further updates and remember to check out the Sippy Labs YouTube channel for #OpenSIPIT livestreams and recordings.
With the successful pilot run of OpenSIPIt#00 in September last year, @sobomax has started something truly worthwhile in bringing SIP interop testing even closer to the Community.
I have joined the fun to help get the word out there, and I am please to announce that we now have OpenSIPIt#01 scheduled for April 12-14 as an online event.
Signed up for participation so far are the following teams: Enable Security FreeSwitch OpenSIPS Sippy Go B2BUA Sippy Python B2BUA SIPP (fans) Drachtio
We would love others to join too, including teams from the Asterisk and Kamailio projects. It was great to have Olle and Fred participate last time around 🙂
We are also investigating the possibility of holding a live, in-person OpenSIPIt event in Miami, during the ITExpo/Open Source World gathering in June.