IETF Logo Mail Archive

RE: [Sip] draft-jennings-sip-dtls

"Christian Stredicke" <Christian.Stredicke@snom.de> Thu, 17 February 2005 22:08 UTC

Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA14242 for <sip-web-archive@ietf.org>; Thu, 17 Feb 2005 17:08:23 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1D1uAO-0001yi-DU for sip-web-archive@ietf.org; Thu, 17 Feb 2005 17:30:41 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D1tdz-0001uP-S9; Thu, 17 Feb 2005 16:57:07 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D1rpa-0007ro-Sh for sip@megatron.ietf.org; Thu, 17 Feb 2005 15:01:00 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA27528 for <sip@ietf.org>; Thu, 17 Feb 2005 15:00:57 -0500 (EST)
Received: from natpreptil.rzone.de ([81.169.145.163]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1D1sB4-0005lc-To for sip@ietf.org; Thu, 17 Feb 2005 15:23:12 -0500
Received: from snom.de (p54BFFDBB.dip.t-dialin.net [84.191.253.187]) by post.webmailer.de (8.13.1/8.13.1) with ESMTP id j1HK0msV013995; Thu, 17 Feb 2005 21:00:49 +0100 (MET)
Content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: RE: [Sip] draft-jennings-sip-dtls
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Date: Thu, 17 Feb 2005 21:00:31 +0100
Message-ID: <B52FDDEC7CBE9D40B36FE900C9AD78B422A65F@merenge.intern.snom.de>
Thread-Topic: [Sip] draft-jennings-sip-dtls
thread-index: AcUVJSg8t+1iZi2SQpa7ci/COhnG/wABdeWQ
From: Christian Stredicke <Christian.Stredicke@snom.de>
To: Tolga Asveren <asveren@ulticom.com>, Francois Audet <audet@nortel.com>, Cullen Jennings <fluffy@cisco.com>, Jonathan Rosenberg <jdrosen@cisco.com>
X-Spam-Score: 1.0 (+)
X-Scan-Signature: 4f585e1bcd209294c6b9386034cecfc6
Cc: sip@ietf.org
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0967825894=="
Sender: sip-bounces@ietf.org
Errors-To: sip-bounces@ietf.org
X-Spam-Score: 0.7 (/)
X-Scan-Signature: 3643ee1fccf5d6cf2af25f27d28abb29

16 bit set an upper limit of 64 K connections. My feeling is that TCP
was not designed for this purpose.
 
Sorry for being so pragmatic. Maybe someone can show me an
implementation that can handle 100 K connections on one IP address.
 
CS


________________________________

	From: Tolga Asveren [mailto:asveren@ulticom.com] 
	Sent: Thursday, February 17, 2005 8:16 PM
	To: Christian Stredicke; Francois Audet; Cullen Jennings;
Jonathan Rosenberg
	Cc: sip@ietf.org
	Subject: RE: [Sip] draft-jennings-sip-dtls
	
	
	Isn't "running out of sockets" an implementation issue rather
than a protocol one? 
	 
	And I believe using multiple processes would solve that problem.
	 
	  Tolga

		-----Original Message-----
		From: sip-bounces@ietf.org
[mailto:sip-bounces@ietf.org]On Behalf Of Christian Stredicke
		Sent: Wednesday, February 16, 2005 5:02 PM
		To: Francois Audet; Cullen Jennings; Jonathan Rosenberg
		Cc: sip@ietf.org
		Subject: RE: [Sip] draft-jennings-sip-dtls
		
		
		Today I would recommend SIP operators to avoid TCP (and
that includes TLS) because the processes are simply running out of
sockets (think about an ITSP with one million customers). The UDP/DTLS
idea would make it reasonable simple to have much more connections and
on top have security. And as far as I understood the dtls it finally
does solve the fragmentation pain problem.
		 
		That sounds like a great thing to me. I would vote for
dtls!
		 
		CS


________________________________

			From: sip-bounces@ietf.org
[mailto:sip-bounces@ietf.org] On Behalf Of Francois Audet
			Sent: Wednesday, February 16, 2005 9:47 PM
			To: 'Cullen Jennings'; 'Jonathan Rosenberg'
			Cc: sip@ietf.org
			Subject: RE: [Sip] draft-jennings-sip-dtls
			
			
			I would agree with Jonathan.
			 
			Yes, some implementations of SIP/TCP have
performance issues compared to SIP/UDP, but not necessarily all of them.

			 
			Also, if we need to address the other problems
of UDP transport (like fragmentation, and others), then it is not clear
to me that we are saving much in the first place by using UDP/DTLS
instead of TCP/TLS.
			 
			I'd like to see real data before we add yet
another thing we'll have to implement...

				-----Original Message-----
				From: sip-bounces@ietf.org
[mailto:sip-bounces@ietf.org] On Behalf Of Cullen Jennings
				Sent: Tuesday, February 15, 2005 20:08
				To: Jonathan Rosenberg
				Cc: sip@ietf.org
				Subject: Re: [Sip]
draft-jennings-sip-dtls
				
				
				
				Oops - I meant to put that.... There is
pretty much one key thing. No one has build an single edge proxy that
can terminate 100k to 1M connections to UAs using TLS. In theory it is
possible, but in practice it seems hard. The argument is that this will
be easier with DTLS. The issue is not the time it takes to do the crypto
- session resumption deals with that nicely - it just the issues of
dealing with half a million TCP connections to one box. Of course no one
has done it with DTLS either :-)
				
				I believe the argument we made for SCTP
was that adding an extensions for SCTP won't increase the complexity of
things that don't support SCTP. 
				
				I agree the UDP/TCP complexity made SIP
more complicated and I agree that sip and sips made things more
complicated. I'm not sure I buy that both TLS and TCP made things more
complicated. 
				
				
				On 2/15/05 7:15 PM, "Jonathan Rosenberg"
<jdrosen@cisco.com> wrote:
				
				

				Cullen, 
				
				What seems missing to me from this is
requirements and problem 
				statements. What is DTLS doing for us
that we don't get from TLS? 
				
				Though SIP can run over many different
transport protocols, I think 
				experience over time has shown that more
choices here is not necessarily 
				a good thing, as SIP has a fair bit of
complexity as a result of dealing 
				with the differences between UDP and
TCP. As such, I don't think its a 
				good idea to just add more transport
protocols to SIP's list of 
				supported ones unless there is a
compelling problem that it is solving. 
				
				Thanks, 
				Jonathan R. 
				
				Cullen Jennings wrote: 
				
				> 
				> Nagendra and I put together a draft on
using DTLS with SIP. Until it 
				> shows up in the archives you can find
it at 
				> 
				>
http://scm.sipfoundry.org/rep/ietf-drafts/fluffy/draft-jennings-sip-dtls
-00.html 
				> 
				> (there is a .txt version too) 
				> 
				> 
				> The abstract is: 
				> 
				>    This draft specifies how to use
Datagram Transport Layer Security 
				>    (DTLS) as a transport for SIP.
DTLS is a new protocol for providing 
				>    TLS security over a datagram
protocol. 
				> 
				> 
				>
------------------------------------------------------------------------

				> 
				>
_______________________________________________ 
				> Sip mailing list
https://www1.ietf.org/mailman/listinfo/sip 
				> This list is for NEW development of
the core SIP Protocol 
				> Use sip-implementors@cs.columbia.edu
for questions on current sip 
				> Use sipping@ietf.org for new
developments on the application of sip 
				

				
				


_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip

v2.23.0 | Report a Bug | By Email