[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [SIP] Session timer considered harmful (was RE: draft-ietf-sip-session- timer: refresh rate)

To: "'Christer Holmberg'" <christer.holmberg@lmf.ericsson.se>, "Sean Olson (EUS)" <sean.olson@ericsson.com>
Subject: RE: [SIP] Session timer considered harmful (was RE: draft-ietf-sip-session- timer: refresh rate)
From: Jonathan Rosenberg <jdrosen@dynamicsoft.com>
Date: Fri, 15 Jun 2001 13:16:56 -0400
Cc: Steve Donovan <sdonovan@dynamicsoft.com>, "'sip@ietf.org'" <sip@ietf.org>
List-Id: Session Initiation Protocol <sip.ietf.org>
Sender: sip-admin@ietf.org



 

> -----Original Message-----
> From: Christer Holmberg [mailto:christer.holmberg@lmf.ericsson.se]
> Sent: Wednesday, May 09, 2001 1:58 AM
> To: Sean Olson (EUS)
> Cc: 'Steve Donovan'; sip@lists.bell-labs.com
> Subject: Re: [SIP] Session timer considered harmful (was RE:
> draft-ietf-sip-session- timer: refresh rate)
> 
> 

> >>3) We add stronger wording in the security section of the
> >>draft describing the smurf attack that Jonathan is worried 
> about.  As part of
> >>the wording, we add the statement that entities supporting 
> session timer
> >>SHOULD support a minimum time of n minutes.  I propose we 
> take Jonathan's
> >>suggestion and make n = 30.  The obvious difference here is 
> that Jonathan's
> >>suggestion becomes a SHOULD instead of a MUST.
> >
> >A recommended value of 30 minutes is fine. Making it a SHOULD seems
> >slightly too strong. Having the 488 response allows a UA to adapt
> >to the networks desire for longer session timers.
> 
> I agree. I would even argue that a recommended specific timer value
> (e.g. 30 minutes) is too "strong", because what data do we 
> have to "back
> up" that value? The proper value is depending on so many 
> things (network
> architecture, transport protocol, number of nodes, network 
> reliability,
> node reliability, network size, distance between nodes etc etc etc etc
> etc), so I would rather describe how the session-timer shall be used,
> and why a relatively high value shall be used ( 30 minutes 
> can be given
> as an EXAMPLE instead of a RECOMMENDATION). This is just a smaill
> detail, though, so we should not spend too much time arguing about it.

OK, I added text discussing this. It now reads:

Small session timer values can be destructive to the network. They
cause excessive messaging traffic that affects both user agents and
proxy servers. Since its primary purpose is to provide a means to time
out state in SIP elements, very small values won't generally be
needed. However, the 30 minute minimum is listed as a {\SHOULD}, and
not a {\MUST}, since the exact value for this number is dependent on
many network factors, including network bandwidths and latencies,
computing power, memory availability, and network topology. At the
time of publication of this document, 30 minutes seems
appropriate. Advances in technologies may result in the number being
excessively large five years hence.

-Jonathan R.

---
Jonathan D. Rosenberg, Ph.D.                72 Eagle Rock Ave.
Chief Scientist                             First Floor
dynamicsoft                                 East Hanover, NJ 07936
jdrosen@dynamicsoft.com                     FAX:   (973) 952-5050
http://www.jdrosen.net                      PHONE: (973) 952-5000
http://www.dynamicsoft.com

_______________________________________________
Sip mailing list
Sip@ietf.org
http://www.ietf.org/mailman/listinfo/sip

Prev by Date: Session timer response code (was RE: [SIP] Session timer considered harmful (was RE: draft-ietf-sip-session- timer: refresh rate))
Next by Date: RE: [SIP] Session timer considered harmful (was RE: draft-ietf-sip-session- timer: refresh rate)
Previous by thread: Session timer response code (was RE: [SIP] Session timer considered harmful (was RE: draft-ietf-sip-session- timer: refresh rate))
Next by thread: RE: [SIP] Session timer considered harmful (was RE: draft-ietf-sip-session- timer: refresh rate)
Index(es):
- Date
- Thread