Hadriel Kaplan wrote:
-----Original Message-----
From: Raphael Coeffic [mailto:[email protected]]
Sent: Tuesday, March 10, 2009 6:06 AM
Hadriel Kaplan wrote:
Forcing registrations is the path that IMS went for, I believe. But if
you want to take advantage of this, you may have to deploy a little more
IMS than you'd like to.
The concept and practice of "forcing" UA's, which have AoR's belonging to a domain, to REGISTER
their contact binding for those AoR's in order to make calls, has been around a lot longer than IMS has.
Invoking the "that sounds like IMS" defense is a cheap guilt-by-association argument, and not
relevant. One might as well argue that using INVITE's or RTP "is the path that IMS went for".
You keep making it sound like sending a SIP request which does not create a dialog is
somehow a difficult mechanism to implement, or "forces" people to do something
they don't want to. What is it forcing?
Well, it is not required as per RFC 3261 ;-)
You're looking for a means of authenticating a UA without being subject to a relay attack. Using a
different SIP Method name, which can only be initiated by the client with the credentials, and one
that UA's cannot be baited to provide by random third parties, is one solution to the problem. If
you don't like the string "REGISTER", then how about "OPTIONS"?
No, I think you missunderstood me. I still think that requiring a
registration and checking the source IP and port against the registered
contact is a fair measure to take. However, it introduces more traffic
in some scenarios, where it is not necessarily needed. REGISTERs could
become the "background load" in the servers. This also puts a lot of
state into some proxies that does not need it, etc...
My concern is just that it seems like there is no better solution.
Maybe just an example: let's say you have a home SIP server, doing the
usual least cost routing. Your least cost router might have something
like 50 different routes. Do you want this box, or maybe your phones to
have 50 running registrations, just for the purpose of having cheap
calls? Well, personaly, I would prefer to just install my certificate on
this box, and use TLS. But as very very few of those PSTN providers do
support TLS, I cannot. By the way, there are already commercial products
supporting this scenario.
So you have a mechanism that people don't seem to want to implement - and
meanwhile you have another mechanism, which is widely implemented. And the
problem is...?
See previous answer.
Cheers
Raphael.
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [email protected] for questions on current sip
Use [email protected] for new developments on the application of sip
