<div dir="ltr"><br><div class="gmail_extra"><div class="gmail_quote">On 31 October 2013 13:12, Peter Dunkley <span dir="ltr"><<a href="mailto:peter.dunkley@crocodilertc.net" target="_blank">peter.dunkley@crocodilertc.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>In my opinion being able to choose to use DMQ over TCP, TLS, or UDP through setting the ";transport=" URI parameter in the modparams, and being able to validate the TLS certificate in the configuration file (in the same way as you do for all other traffic) is a good solution. Flexibility is good and TLS isn't always necessary and doesn't have to be used. It should be easy to use TLS when you want and easy to not use it when you want, and no-one (however well intentioned) should ever be able to force me to build my network by their rules. Also, this will mean that any future TLS enhancements (for example, validation of certificate on outgoing messages and DANE) will automatically be picked up too.<br>
</div><div><br></div></div></blockquote><div><br></div><div>This has been added already (locally, not yet pushed).</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div></div><div>DMQ is a very advanced module and I don't think there should be too much concern over students who can't edit config files. If they can't work that out they are never going to be able to use Kamailio properly anyway. The fact that Kamailio is "hard" is a necessary function of its flexibility - it is because Kamailio doesn't do anything clever by default that makes it so powerful (because you can have full control over all the behaviour).</div>
<div><br></div><div>And none of this stops a teacher providing their students with good example configuration files for things like DMQ that do all of these things properly. Or even providing configuration file libraries (using "import_file" and check_route_exists()/route_if_exists()) that do all of the right stuff for them.</div>
</div>
<br></blockquote><div><br></div><div><div>I guess there will always be two very distinct camps, and long may the discussion continue, but ultimately it is beyond the scope of DMQ alone. So here lies the remaining question - regarding DMQ module specifically, for now - is it acceptable to leave it up to the user now that they have a choice of transport and therefore the ability to validate TLS certificates if required?</div>
</div><div><br></div><div>Regards,</div><div><br></div><div>Charles<br></div><div><br></div></div>
</div></div>
<br>
<font face="Helvetica, Arial, sans-serif"><font size="2"><span style="font-size:10pt"><a href="http://www.sipcentric.com/" title="blocked::http://www.sipcentric.com/" target="_blank">www.sipcentric.com</a><br>
<br>
Follow us on twitter <a href="http://twitter.com/sipcentric" title="blocked::http://twitter.com/sipcentric" target="_blank">@sipcentric</a><br>
<br>
<font color="gray">Sipcentric Ltd.
Company registered in England & Wales no. 7365592.</font> <font color="gray">Registered
office: Unit 10 iBIC, Birmingham Science Park, Holt Court South, Birmingham B7 4EJ.</font></span></font></font>