Cullen Jennings wrote:
I do not believe this draft represents the consensus that we have
agree in the SIP WG .
Oh no, Cullen; don't say that! We went through a lot of list
discussion to get the consensus text you see in the draft now.
More inline.
This does not work for TCP. Reverse DNS lookup is not strong enough
to replace TLS. I'm not even interested in discussing the reason why
yet again but I would like to see the draft updated to reflect the WG
consensus. To do this it need to say MUST use TLS. Having it allow
straight SCTP and TCP when the reverse DNS or some other unspecified
thing happens is not what we agreed to. This can be fixed by
changing a few words and deleting a sentence or two in security
consideration. I'm glad to send edits if you want.
The issue is that connect-reuse ought to be done only over TLS.
That much everyone agrees to. However, during the -09 revision,
we had a long discussion on the list about allowing connection
reuse over TCP (and SCTP) assuming certain caveats related to
trust relationship between the peers doing the reuse are in place.
This discussion happened during Nov 20, 2007 - Nov 26, 2007.
On Dec 13, 2007, following a 1-slide status update during
the Vancouver IETF, I had presented on the list for ratification
a summary of the consensus reached during November 2007 (please see
http://www.ietf.org/mail-archive/web/sip/current/msg21723.html).
Following this, -09 was released on Feb. 8, 2008 (please
see http://www.ietf.org/mail-archive/web/sip/current/msg22022.html).
This draft is important for the SIP Connect work - lets make these
changes to what we agreed to and get this finished quickly.
Astonishingly enough, connection reuse over TCP is probably
most attractive to the SIPConnect work, where the PBX has a
trust relationship with the service provider and is willing
to trust the SP to send requests in the backwards direction.
I do not think TLS is widely deployed (yet) in SIPConnect.
In short, the draft as you see it now reflects the consensus
we had reached during the November 2007 timeframe. The bulk
of the substantive material has remained the same since then,
with the subsequent revisions attending to typos and such.
Thanks,
- vijay
--
Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent
1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60566 (USA)
Email: [EMAIL PROTECTED],bell-labs.com,acm.org}
Web: http://ect.bell-labs.com/who/vkg/
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
