Let me name the elements to make this explanation shorter:
A --------- B ---------- C
Now, suppose A sends a dialog establishing request to B without TLS,
and B sends to C with TLS. If B does not record route, but C does,
then the next request from A would have to go directly to C. Seems
harmless at first, but A might not support TLS (perhaps it is an
endpoint). It now has no way to send its subsequent request.
There are other failures like this (A may not have keying material
that C will accept or vice-versa), and effects of the general security
architecture (not running another TLS start handshake at C) that
provide additional motivation to the requirement.
RjS
On Mon, 2002-12-16 at 05:51, Kowsalya Subramanian wrote:
> Hi,
>
> It is stated in rfc3261 that when a proxy decides to forward a request over
> TLS but received on non-TLS MUST record-routed. Why is this mandated?.
>
> Thanks,
> Kowsalya
>
> _______________________________________________
> Sip-implementors mailing list
> [EMAIL PROTECTED]
> http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
_______________________________________________
Sip-implementors mailing list
[EMAIL PROTECTED]
http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
