Re: [sipcore] Websocket is a new transport or new URI?

[Iñaki Baz Castillo <ibc@aliax.net>]

Hi Partha,


2012/4/25 Ravindran, Parthasarathi <pravindran@sonusnet.com>:
> So IMO, it is more appropriate to define new URI
> scheme like SIPWS rather than defining websocket as a transport.


The SIP transport defined by this draft is WebSocket, instead of TCP.
WebSocket (RFC 6455) is defined to work on top of TCP but, even if a
future spec defines WebSocket to run over SCTP, the SIP transport
would still be "WebSocket" (or perhaps "WebSocket-SCTP" but that
something in which I won't waste time now given the fact that RFC 6455
*mandates* TCP layer-3 transport and does not leave the door open for
other layer-3 transports).

WebSocket is, indeed, a layer on top of a network transport (layer 3)
but it's designed to work as a *transport* layer since it defines a
framing mechanism to send application messages and control mesages in
both directions. Applications (i.e. JavaScript scripts, PHP/Java web
apps) use WebSocket as a transport layer.

You can find lot of cases in which a transport runs on top of other
transports. For example, in the recent IETF #83 the RTCWEB WG approved
(or discussed) SCTP-over-DTLS-over-ICE-over-UDP as the transport for
the WebRTC Data-Channel mechanism. A "transport" does not necessarily
mean "layer 3 network transport".



About SIPS, the last S in SIPS stands for "secure" regardless of the
undelying SIP transport used. AFAIK it does not necessarily mean
"TLS". Take for example draft-jennings-sip-dtls-05 [1] which defines
SIP over DTLS over UDP. The draf is expired, but anyhow, it defines a
secure SIP transport which does not use TLS but DTLS (which is similar
but NOT the same). The draft also allows SIPS messages through DTLS
over UDP.

[1] http://tools.ietf.org/html/draft-jennings-sip-dtls-05


When a SIPS message is carried on top of a secure WebSocket connection
(which means SIP over WebSocket over TLS over TCP) the security level
is basically the same as if it was SIP over TLS over TCP. Therefore I
consider that a secure WebSocket connection fits the requirements of
the SIPS mechanism, thus secure WebSocket should be considered as a
secure SIP transport.



About the SIPWS and SIPWSS schemas you propose, don't take me wrong
but I consider that the worst possible idea. First of all because I
don't agree with your rationale (I insist that, from the point of view
of a SIP stack, WebSocket is the ***SIP transport***, instead of TCP).
Secondly, because adding new URI schemas would just break the existing
SIP world (there are still some SIP entities that don't understand
SIPS schema and you are proposing two new ones?).


Thanks a lot for your comments.


-- 
Iñaki Baz Castillo
<ibc@aliax.net>