RE: [Sip] draft-jennings-sip-dtls
"Tolga Asveren" <asveren@ulticom.com> Thu, 17 February 2005 22:03 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA13313 for <sip-web-archive@ietf.org>; Thu, 17 Feb 2005 17:03:11 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1D1u5Q-0001iJ-HJ for sip-web-archive@ietf.org; Thu, 17 Feb 2005 17:25:29 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D1srn-0008DP-Ou; Thu, 17 Feb 2005 16:07:20 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D1r2I-0006iZ-4S for sip@megatron.ietf.org; Thu, 17 Feb 2005 14:10:02 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA22311 for <sip@ietf.org>; Thu, 17 Feb 2005 14:10:00 -0500 (EST)
Received: from 192-73-206-10.ulticom.com ([192.73.206.10] helo=colby.ulticom.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1D1rNn-00049c-1J for sip@ietf.org; Thu, 17 Feb 2005 14:32:15 -0500
Received: from pcasveren (pc-asveren.ulticom.com [172.25.33.55]) by colby.ulticom.com (8.12.10/8.12.10) with SMTP id j1HJ9EYe003318; Thu, 17 Feb 2005 14:09:20 -0500 (EST)
From: Tolga Asveren <asveren@ulticom.com>
To: Christian Stredicke <Christian.Stredicke@snom.de>, Francois Audet <audet@nortel.com>, Cullen Jennings <fluffy@cisco.com>, Jonathan Rosenberg <jdrosen@cisco.com>
Subject: RE: [Sip] draft-jennings-sip-dtls
Date: Thu, 17 Feb 2005 13:57:16 -0500
Message-ID: <GBEBKGPKHGPAOFCLBNAMMENECNAA.asveren@ulticom.com>
MIME-Version: 1.0
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <B52FDDEC7CBE9D40B36FE900C9AD78B422A58A@merenge.intern.snom.de>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Scanned-By: MIMEDefang 2.40
X-Spam-Score: 0.7 (/)
X-Scan-Signature: c119f9923e40f08a1d7f390ce651ea92
Cc: sip@ietf.org
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1868686227=="
Sender: sip-bounces@ietf.org
Errors-To: sip-bounces@ietf.org
X-Spam-Score: 0.7 (/)
X-Scan-Signature: f4e722e9456ead69ba4cdd21dd3d3600
MessageIsn't "running out of sockets" an implementation issue rather than a protocol one? And I believe using multiple processes would solve that problem. Tolga -----Original Message----- From: sip-bounces@ietf.org [mailto:sip-bounces@ietf.org]On Behalf Of Christian Stredicke Sent: Wednesday, February 16, 2005 5:02 PM To: Francois Audet; Cullen Jennings; Jonathan Rosenberg Cc: sip@ietf.org Subject: RE: [Sip] draft-jennings-sip-dtls Today I would recommend SIP operators to avoid TCP (and that includes TLS) because the processes are simply running out of sockets (think about an ITSP with one million customers). The UDP/DTLS idea would make it reasonable simple to have much more connections and on top have security. And as far as I understood the dtls it finally does solve the fragmentation pain problem. That sounds like a great thing to me. I would vote for dtls! CS ---------------------------------------------------------------------------- From: sip-bounces@ietf.org [mailto:sip-bounces@ietf.org] On Behalf Of Francois Audet Sent: Wednesday, February 16, 2005 9:47 PM To: 'Cullen Jennings'; 'Jonathan Rosenberg' Cc: sip@ietf.org Subject: RE: [Sip] draft-jennings-sip-dtls I would agree with Jonathan. Yes, some implementations of SIP/TCP have performance issues compared to SIP/UDP, but not necessarily all of them. Also, if we need to address the other problems of UDP transport (like fragmentation, and others), then it is not clear to me that we are saving much in the first place by using UDP/DTLS instead of TCP/TLS. I'd like to see real data before we add yet another thing we'll have to implement... -----Original Message----- From: sip-bounces@ietf.org [mailto:sip-bounces@ietf.org] On Behalf Of Cullen Jennings Sent: Tuesday, February 15, 2005 20:08 To: Jonathan Rosenberg Cc: sip@ietf.org Subject: Re: [Sip] draft-jennings-sip-dtls Oops - I meant to put that.... There is pretty much one key thing. No one has build an single edge proxy that can terminate 100k to 1M connections to UAs using TLS. In theory it is possible, but in practice it seems hard. The argument is that this will be easier with DTLS. The issue is not the time it takes to do the crypto - session resumption deals with that nicely - it just the issues of dealing with half a million TCP connections to one box. Of course no one has done it with DTLS either :-) I believe the argument we made for SCTP was that adding an extensions for SCTP won't increase the complexity of things that don't support SCTP. I agree the UDP/TCP complexity made SIP more complicated and I agree that sip and sips made things more complicated. I'm not sure I buy that both TLS and TCP made things more complicated. On 2/15/05 7:15 PM, "Jonathan Rosenberg" <jdrosen@cisco.com> wrote: Cullen, What seems missing to me from this is requirements and problem statements. What is DTLS doing for us that we don't get from TLS? Though SIP can run over many different transport protocols, I think experience over time has shown that more choices here is not necessarily a good thing, as SIP has a fair bit of complexity as a result of dealing with the differences between UDP and TCP. As such, I don't think its a good idea to just add more transport protocols to SIP's list of supported ones unless there is a compelling problem that it is solving. Thanks, Jonathan R. Cullen Jennings wrote: > > Nagendra and I put together a draft on using DTLS with SIP. Until it > shows up in the archives you can find it at > > http://scm.sipfoundry.org/rep/ietf-drafts/fluffy/draft-jennings-sip-dtls-00. html > > (there is a .txt version too) > > > The abstract is: > > This draft specifies how to use Datagram Transport Layer Security > (DTLS) as a transport for SIP. DTLS is a new protocol for providing > TLS security over a datagram protocol. > > > ------------------------------------------------------------------------ > > _______________________________________________ > Sip mailing list https://www1.ietf.org/mailman/listinfo/sip > This list is for NEW development of the core SIP Protocol > Use sip-implementors@cs.columbia.edu for questions on current sip > Use sipping@ietf.org for new developments on the application of sip
_______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- [Sip] draft-jennings-sip-dtls Cullen Jennings
- Re: [Sip] draft-jennings-sip-dtls Jonathan Rosenberg
- Re: [Sip] draft-jennings-sip-dtls Cullen Jennings
- RE: [Sip] draft-jennings-sip-dtls Francois Audet
- RE: [Sip] draft-jennings-sip-dtls Tolga Asveren
- RE: [Sip] draft-jennings-sip-dtls Tolga Asveren
- Re: [Sip] draft-jennings-sip-dtls Vijay K. Gurbani
- Re: [Sip] draft-jennings-sip-dtls Vijay K. Gurbani
- RE: [Sip] draft-jennings-sip-dtls Tolga Asveren
- Re: [Sip] draft-jennings-sip-dtls Dean Willis
- RE: [Sip] draft-jennings-sip-dtls Christian Stredicke
- RE: [Sip] draft-jennings-sip-dtls Christian Stredicke