7 jul 2011 kl. 17.56 skrev Iñaki Baz Castillo: > 2011/7/7 Olle E. Johansson <o...@edvina.net>: >> Well, the question is what to put in the Via header. You need something that >> points back if you have transaction state in one of your proxys... The >> received parameter helps with that. >> You don't want to have IP addresses or host names in certs either. So >> -without checking any RFCs - I think the via should contain a domain that's >> valid in a cert and the received header points back to the proxy that >> actually sent the message. > > WOW, I missed that in case of sending responses via TCP/TLS (and the > initial connection is lost): > > If that > connection is no longer open, the server SHOULD open a > connection to the IP address in the "received" parameter, if > present, using the port in the "sent-by" value > > So it must use the received param which will always be an IP (if the > Via sent-by of the request was a domain, then the server MUST add > ;received=SOURCE_IP). Then it becomes easier :)
Right so the question is if we can add a valid domain in the Via - one that matches the cert. We should totally deprecate the use of IP addresses in Via and Route headers. Not only do they give issues in TLS, but also in IPv4/ipv6 transition. /O _______________________________________________ Sip-implementors mailing list Sip-implementors@lists.cs.columbia.edu https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
