Re: [TLS] Question about SIP on TLS

To: Nabil.HAMZI at fr.thalesgroup.com
Subject: Re: [TLS] Question about SIP on TLS
From: Eric Rescorla <ekr at networkresonance.com>
Date: Fri, 22 Aug 2008 07:33:05 -0700
Cc: tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <F22CC918B9A1374CBCD15B54A242DC30451C62@nodalcch2.cch.tcfr.thales>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <F22CC918B9A1374CBCD15B54A242DC30451C62@nodalcch2.cch.tcfr.thales>
Sender: tls-bounces at ietf.org
User-agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.1 Mule/5.0 (SAKAKI)

At Fri, 22 Aug 2008 10:39:20 +0200,
Nabil.HAMZI at fr.thalesgroup.com wrote:
> 
> Hello ! 
> 
> here is my goal : 
> => i have some phones as SIP TLS clients
> => and a proxy/registrar as SIP-TLS server
> 
> And without TLS everthing working fine :
> 1) When a client needs to send a message, he opens its session with the
> server. OK.
> 2) When the server needs to send a message he has to open his session with
> the registred phone. No problem for TCP layer.
> 
> But with TLS :
> 
> For the case 2), there is a problem for TLS layer as the Phone (TCP server)
> is not a TLS server.
> 
> I mean that in order to have it working, do we need to keep a TLS session
> always valid ?


This is not a TLS question. It's a SIP question.

That said (2) doesn't work as well with SIP without TLS as you think it does
because of NATs, firewalls, etc. There is a solution for both the TLS
and non-TLS cases: draft-ietf-sip-outbound.

-Ekr
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

References:
- [TLS] Question about SIP on TLS
  - From: Nabil . HAMZI

Prev by Date: [TLS] Question about SIP on TLS
Next by Date: Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 : portfolio question
Previous by thread: [TLS] Question about SIP on TLS
Next by thread: Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 : portfolio question
Index(es):
- Date
- Thread

Re: [TLS] Question about SIP on TLS

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.