Debian SIP service status

[Daniel Pocock]

DSA have done a lot of work on this project recently, it is not complete
yet, but in the discussions I had with them we have agreed most of the
details that users will need to configure to access the service:

a) we have a new host, vogler.debian.org (I'm not sure if
cilea.debian.org will be involved any more)

b) Users can administer their SIP passwords in a dedicated sipPassword
field in the Debian LDAP.  The passwords are stored as HA1 values, where
the "user" part is the full uid (e.g. pocock at debian.org rather than just
pocock) and the realm is sip.debian.org - e.g.

  echo -n pocock at debian.org:sip.debian.org:foobar | md5sum
     =>  1ee8f60115a520297f737071f9a13a44

c) we have a RADIUS server, FreeRADIUS, with the rlm_digest module
enabled, using the HA1 values from LDAP.  It can authenticate users in
the realm "sip.debian.org".  This should support any service developed
with reSIProcate/repro or Kamailio/SER family.

d) TURN server will be online soon, advertised in SRV records

    _stun._udp.debian.org  is currently vogler.debian.org port 3478

and it authenticates users in "sip.debian.org" using the sipPassword
too.  The TURN server can be used by both SIP or XMPP users of course.

e) SIP proxy will also be online soon, TLS and WSS ports only for now.
Users authenticate using the following configuration:

   From: <pocock at debian.org>
   Auth user: pocock at debian.org
   Realm: sip.debian.org

Notice that the auth user is always the full SIP address, not just the
user part.

I will provide a sample JSCommunicator config.js shortly for people to
cut and paste.

Just to clarify, I do not currently imagine the DSA running anything
more than this (e.g. they will not run Asterisk), those types of things
should be run privately by DDs who want those features.  Once the SIP
proxy is running, I will then chat to DSA about a basic XMPP service,
but that will also be fairly basic.