IETF Logo Mail Archive

Re: [Sip] draft-jennings-sip-dtls

Cullen Jennings <fluffy@cisco.com> Wed, 16 February 2005 04:20 UTC

Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA13962 for <sip-web-archive@ietf.org>; Tue, 15 Feb 2005 23:20:47 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1D1H1P-0005h9-CS for sip-web-archive@ietf.org; Tue, 15 Feb 2005 23:42:43 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D1Gdm-0003jU-Ps; Tue, 15 Feb 2005 23:18:18 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D1GUh-0008Tw-SY for sip@megatron.ietf.org; Tue, 15 Feb 2005 23:08:56 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA12671 for <sip@ietf.org>; Tue, 15 Feb 2005 23:08:52 -0500 (EST)
Received: from sj-iport-4.cisco.com ([171.68.10.86]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1D1Gpr-0005L6-OJ for sip@ietf.org; Tue, 15 Feb 2005 23:30:48 -0500
Received: from sj-core-3.cisco.com (171.68.223.137) by sj-iport-4.cisco.com with ESMTP; 15 Feb 2005 20:08:48 -0800
X-BrightmailFiltered: true
X-Brightmail-Tracker: AAAAAA==
Received: from vtg-um-e2k4.sj21ad.cisco.com (vtg-um-e2k4.cisco.com [171.70.93.57]) by sj-core-3.cisco.com (8.12.10/8.12.6) with ESMTP id j1G48LwN008125; Tue, 15 Feb 2005 20:08:21 -0800 (PST)
Received: from [127.0.0.1] ([171.68.225.134]) by vtg-um-e2k4.sj21ad.cisco.com with Microsoft SMTPSVC(6.0.3790.0); Tue, 15 Feb 2005 20:08:21 -0800
User-Agent: Microsoft-Entourage/11.1.0.040913
Date: Tue, 15 Feb 2005 20:08:20 -0800
Subject: Re: [Sip] draft-jennings-sip-dtls
From: Cullen Jennings <fluffy@cisco.com>
To: Jonathan Rosenberg <jdrosen@cisco.com>
Message-ID: <BE380734.28AB2%fluffy@cisco.com>
In-Reply-To: <4212BAD4.6020902@cisco.com>
Mime-version: 1.0
X-OriginalArrivalTime: 16 Feb 2005 04:08:21.0743 (UTC) FILETIME=[274487F0:01C513DD]
X-Spam-Score: 1.1 (+)
X-Scan-Signature: cd3fc8e909678b38737fc606dec187f0
Cc: "sip@ietf.org" <sip@ietf.org>
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1244454051=="
Sender: sip-bounces@ietf.org
Errors-To: sip-bounces@ietf.org
X-Spam-Score: 1.1 (+)
X-Scan-Signature: 4b7d60495f1a7f2e853e8cbae7e6dbfc

Oops - I meant to put that.... There is pretty much one key thing. No one
has build an single edge proxy that can terminate 100k to 1M connections to
UAs using TLS. In theory it is possible, but in practice it seems hard. The
argument is that this will be easier with DTLS. The issue is not the time it
takes to do the crypto - session resumption deals with that nicely - it just
the issues of dealing with half a million TCP connections to one box. Of
course no one has done it with DTLS either :-)

I believe the argument we made for SCTP was that adding an extensions for
SCTP won't increase the complexity of things that don't support SCTP.

I agree the UDP/TCP complexity made SIP more complicated and I agree that
sip and sips made things more complicated. I'm not sure I buy that both TLS
and TCP made things more complicated.


On 2/15/05 7:15 PM, "Jonathan Rosenberg" <jdrosen@cisco.com> wrote:

> Cullen, 
> 
> What seems missing to me from this is requirements and problem
> statements. What is DTLS doing for us that we don't get from TLS?
> 
> Though SIP can run over many different transport protocols, I think
> experience over time has shown that more choices here is not necessarily
> a good thing, as SIP has a fair bit of complexity as a result of dealing
> with the differences between UDP and TCP. As such, I don't think its a
> good idea to just add more transport protocols to SIP's list of
> supported ones unless there is a compelling problem that it is solving.
> 
> Thanks, 
> Jonathan R. 
> 
> Cullen Jennings wrote:
> 
>> > 
>> > Nagendra and I put together a draft on using DTLS with SIP. Until it
>> > shows up in the archives you can find it at
>> > 
>> > 
>> http://scm.sipfoundry.org/rep/ietf-drafts/fluffy/draft-jennings-sip-dtls-00.h
>> tml 
>> > 
>> > (there is a .txt version too)
>> > 
>> > 
>> > The abstract is:
>> > 
>> >    This draft specifies how to use Datagram Transport Layer Security
>> >    (DTLS) as a transport for SIP.  DTLS is a new protocol for providing
>> >    TLS security over a datagram protocol.
>> > 
>> > 
>> > ------------------------------------------------------------------------
>> > 
>> > _______________________________________________
>> > Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
>> > This list is for NEW development of the core SIP Protocol
>> > Use sip-implementors@cs.columbia.edu for questions on current sip
>> > Use sipping@ietf.org for new developments on the application of sip



_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip

v2.23.0 | Report a Bug | By Email