Arun Patra wrote:
> Hi,
> A small doubt. I want to be get confirmed on this.
> Transport layer of rfc2543bis-05 says when it receives a message it
> should
> check
> whether any transaction exists for that. If not found, it MUST pass the
> message to application core.
> Application core decides whether to create a new server transaction or
> not.
>
> So for almost all scenarios application core always creates a new server
> transaction? Am I right?
Yes. The case were it won't is when the request is not authenticated. If
you create state for unauthenticated requests, you are susceptible to
SYN-attack style denial-of-service attacks.
-Jonathan R.
--
Jonathan D. Rosenberg, Ph.D. 72 Eagle Rock Avenue
Chief Scientist First Floor
dynamicsoft East Hanover, NJ 07936
[EMAIL PROTECTED] FAX: (973) 952-5050
http://www.jdrosen.net PH: (973) 952-5000
http://www.dynamicsoft.com
_______________________________________________
Sip-implementors mailing list
[EMAIL PROTECTED]
http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
