RE: [Sip] Ready for WGLC on SIPS draft? Any last thoughts on transport=tls?

["Francois Audet" <audet at nortel.com>]

> 1) Some still have to operate in an environment that has no 
> DNS, even in the core.
>       Their customers are demanding transport=tls to control 
> the use of tls over one hop in this situation.

Which hop???

UAC -----> Proxy 1  ------> Proxy 2 ------> UAS

If you put Request-URI of sip:uas at example.com;transport=tls, to me, it
means the link between Proxy 2 and UAS would use TLS. I.e., the
parameter would apply to the
resource identified in the URI.   (I'm assuming Record-Routing is used
here).

The first hop (between UAC and Proxy 1) is basically what you would
select before sending the message (or if a Route header was used, it
would be in the Route
header). To me, it's self-evident in the actual transport anyways.

Everytime I run into this issue, it seems to me that basically what
people
are asking for is just a way to select TLS for the first hop. We don't
need
protocol on the wire for this: just a config option in the UAC.


> 2) Some have indicated they operate in large enterprise-like 
> networks, where the endpoint has an ephemeral address,
>       one for which there's no way to populate NAPTR/SRVs to 
> indicate a use of TLS when reaching that endpoint.
>       Additionally, the endpoint has a cert (!).  They are 
> required to register a contact that causes them to be reached
>       with TLS, and are using transport=tls to do so.

Surely they need to register with TLS for this to be secure. 
The transport could be self-evident again, from the one used
while performing the registration.


_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip