[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] Ready for WGLC on SIPS draft? Any last thoughts on transport=tls?

To: Francois Audet <audet at nortel.com>
Subject: Re: [Sip] Ready for WGLC on SIPS draft? Any last thoughts on transport=tls?
From: Dean Willis <dean.willis at softarmor.com>
Date: Wed, 6 Jun 2007 23:25:41 -0500
Cc: SIP IETF <sip at ietf.org>, Juha Heinanen <jh at tutpro.com>
In-reply-to: <1ECE0EB50388174790F9694F77522CCF10C659AC@zrc2hxm0.corp.nortel.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <9EB2A6FF-1BF3-4CA2-9728-CE2B4F52FA3A@softarmor.com> <860C1B4D-2EFA-4ACF-946A-92781A4E9FA0@nostrum.com> <1ECE0EB50388174790F9694F77522CCF10BBD3A3@zrc2hxm0.corp.nortel.com> <2C36413C-A703-4821-A5A5-A9A48330EE30@nostrum.com> <1ECE0EB50388174790F9694F77522CCF10BBD5FA@zrc2hxm0.corp.nortel.com> <18020.27378.227115.453498@tutpro.com> <46665999.6090900@softarmor.com> <1ECE0EB50388174790F9694F77522CCF10C656EB@zrc2hxm0.corp.nortel.com> <1ECE0EB50388174790F9694F77522CCF10C659AC@zrc2hxm0.corp.nortel.com>

Francois said:

Actually, now that I think of it, it may not be as bad as I tought.

If UAs are using sip-outbound with their proxies, it would handle the
vast majority of the links.

Between proxies, you would use DNS or static configuration normally.

Furthermore, between proxies, re-using of existing TCP/TLS may also be
done.

So maybe you are right

Dean Said:

It always tries TLS first, and if that doesn't work it either
1) falls back to something else or 2) gives up. The choice

between 1

and 2 is made based on local policy.

I think many of the assumptions we've been making seem to indicate that if you just don't know, the only reasonable thing to do is try TLS first. If there's nobody listening on the TLS port (but somebody at the IP address), you should get an ICMP response pretty quickly anyhow, then be able to decide on fallback.

If we hold the opposite true, and we try plain SIP/UDP first and only move to TLS when plain SIP fails, we're going to be in for a world of delay-hurt (waiting for that plain SIP/UDP transaction to time out) and never opportunistically using TLS anyhow.

Of course, it's better if you "know" up front, which is part of what the argument in favor of transport=tls is asking for. But given that we have ways for knowing in many of the other cases, this may not be critical.

Of course, if we'd started with a plain connection, discovered TLS capability in a greeting message (aka EHELO) and then done an upgrade to that connection using something like STARTTLS, we wouldn't be having this discussion. It would have just worked. Boy do I feel dumb.

--
Dean

_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

References:
- [Sip] Ready for WGLC on SIPS draft? Any last thoughts on transport=tls?
  - From: Dean Willis
- Re: [Sip] Ready for WGLC on SIPS draft? Any last thoughts on transport=tls?
  - From: Robert Sparks
- RE: [Sip] Ready for WGLC on SIPS draft? Any last thoughts on transport=tls?
  - From: Francois Audet
- Re: [Sip] Ready for WGLC on SIPS draft? Any last thoughts on transport=tls?
  - From: Robert Sparks
- RE: [Sip] Ready for WGLC on SIPS draft? Any last thoughts on transport=tls?
  - From: Francois Audet
- RE: [Sip] Ready for WGLC on SIPS draft? Any last thoughts on transport=tls?
  - From: Juha Heinanen
- Re: [Sip] Ready for WGLC on SIPS draft? Any last thoughts on transport=tls?
  - From: Dean Willis
- RE: [Sip] Ready for WGLC on SIPS draft? Any last thoughts on transport=tls?
  - From: Francois Audet
- RE: [Sip] Ready for WGLC on SIPS draft? Any last thoughts on transport=tls?
  - From: Francois Audet

Prev by Date: RE: [Sip] Ready for WGLC on SIPS draft? Any last thoughts on transport=tls?
Next by Date: RE: [Sip] Review of draft-dotson-sip-certificate-auth-sol-00
Previous by thread: RE: [Sip] Ready for WGLC on SIPS draft? Any last thoughts on transport=tls?
Next by thread: [Sip] Proposal for transport=tls
Index(es):
- Date
- Thread