Re: [Sip] query on sip-outbound and sip-connect-reuse
"Malleswara Rao Ankem" <malleshavn@gmail.com> Mon, 14 May 2007 06:03 UTC
Return-path: <sip-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HnTeC-0007E9-8f; Mon, 14 May 2007 02:03:04 -0400
Received: from sip by megatron.ietf.org with local (Exim 4.43) id 1HnTeA-0007E1-N3 for sip-confirm+ok@megatron.ietf.org; Mon, 14 May 2007 02:03:02 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HnTeA-0007Dt-8z for sip@ietf.org; Mon, 14 May 2007 02:03:02 -0400
Received: from an-out-0708.google.com ([209.85.132.245]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HnTe7-0006p9-Tq for sip@ietf.org; Mon, 14 May 2007 02:03:02 -0400
Received: by an-out-0708.google.com with SMTP id c34so461592anc for <sip@ietf.org>; Sun, 13 May 2007 23:02:59 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=SIJwFAQLLzhV1aGa1mAQu039Z9khmN7ai9i8qFD/seENy2nMuzIJsy8yYNZRdK2jP6jicodb9uwlbqSD38E7Hfz4qPo3TtoJY5mcI51nZnOH8RGy4bn6p2z4IzFcHpWC6zv5fjxtlbwJDXv2+ulLA/5LpCAanpmIc6S/H1wCCfo=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=ZYdF+kkG0lY4sv398bfBHEYzF+LqsU3ZbxmTqBlHHu/xWCP4LXxbRZPmdS0EX34QK6p7HGuQkAgHkmLuXac1ZxnWTpV+W+0nbbmFsLj+Ap5bZGHQyvknk4ukuL1XE0HY4SemxOUsZeeAMzprxwxAsi2v9ZxB5bxEukF8fCwOXOE=
Received: by 10.100.32.1 with SMTP id f1mr4205335anf.1179122579589; Sun, 13 May 2007 23:02:59 -0700 (PDT)
Received: by 10.100.154.2 with HTTP; Sun, 13 May 2007 23:02:59 -0700 (PDT)
Message-ID: <3fe6b8640705132302y256357deg6e4d5d55a91bf309@mail.gmail.com>
Date: Mon, 14 May 2007 11:32:59 +0530
From: Malleswara Rao Ankem <malleshavn@gmail.com>
To: Aki Niemi <aki.niemi@nokia.com>
Subject: Re: [Sip] query on sip-outbound and sip-connect-reuse
In-Reply-To: <45FFAE54.1040904@nokia.com>
MIME-Version: 1.0
References: <3fe6b8640703200003i5d796f8es78a6e043062e9ede@mail.gmail.com> <45FFAE54.1040904@nokia.com>
X-Spam-Score: 0.5 (/)
X-Scan-Signature: 6cca30437e2d04f45110f2ff8dc1b1d5
Cc: sip@ietf.org
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1768980684=="
Errors-To: sip-bounces@ietf.org
The outbound draft does not talk of what happens when there is a UDP to TCP switchover due to MTU overshoot. Since the edge proxy cannot initiate a TCP connection towards the UA, its the UA which should take care of maintaining the TCP connection with the network and the flows are created only through registration. So if I have a UA which primarily performs SIP signaling on UDP but would like to support TCP only for huge messages (that cross MTU), then as per the current outbound draft it will have to create a flow for TCP based transport during the registration itself and create another flow for UDP based transport by registering from the 5060 port. On 3/20/07, Aki Niemi <aki.niemi@nokia.com> wrote: > > > ext Malleswara Rao Ankem wrote: > > Hello, > > I've a query on sip-outbound draft (-08) which indicates that a TCP > > connection (flow) established by the client be re-used by the edge > proxy. > > While the sip-connect-reuse draft (-07) indicates that only a TCP > > connection > > established for TLS (by the client) should be re-used by the edge proxy > as > > there is a security threat incase the TCP connection is re-used. > > Was this not considered or it was mentioned in outbound draft somewhere > but > > I overlooked it. > > The reason is that for the server-to-server case, for which > connect-reuse is meant, you can't trust a connection unless both parties > are authenticated, and currently the only way to do this in SIP is to do > mutual auth in TLS. > > This is not the case with outbound, where Digest authentication > effectively does mutual auth. Of course a better option is to do one way > authenticated TLS and then on top of that have Digest authenticate the > client. > > > Also, in sip-outbound if the client needs to be reachable on UDP and on > TCP > > does the client need to establish, register and maintain (keepalive) two > > different "flows" to the registrar? which would basically means two > > different REGISTER cycles with same instance id but different reg-id? > > I guess. I have no idea why you would want to do that though. > > Cheers, > Aki >
_______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- [Sip] query on sip-outbound and sip-connect-reuse Malleswara Rao Ankem
- Re: [Sip] query on sip-outbound and sip-connect-r… Aki Niemi
- Re: [Sip] query on sip-outbound and sip-connect-r… Malleswara Rao Ankem
- RE: [Sip] query on sip-outbound and sip-connect-r… Avasarala Ranjit-A20990
- Re: [Sip] query on sip-outbound and sip-connect-r… Paul Kyzivat