yes, If a TLS connection is made to foo.com, then it can be left up for a long time and any message destined for foo.com can be sent over it.
inline ... On 12/13/04 4:59 AM, "Todd Huang" <[EMAIL PROTECTED]> wrote: > Mr. Jennings: > > Thanks. > > As you mentioned, the TLS channels should be kept up for a ling time and > can be used for > many transactions. Do you mean that the TLS channel should be always there > once it had been > successfully established between the client and the proxy server? > > For example, the client successfully establishes the TLS channel with > the proxy server and > does the following operations: > > 1. Sends Register to the Proxy server > 2. Sends Invite to another user, but cancels it before the party answers it > 3. Sends Invite to another user, and terminates the call by sending Bye > 4. Sends Invite to the same user again later > > Will all these SIP messages be sent on the same TLS channel without > breaking it down and yes - assuming all these messages were sent to the same outbound proxy > > If the client is equipped with two voice ports, should we establish > independent TLS channel > for each voice port respectively? Or all of the transactions held between > the client and the Proxy > server can use the same TLS channel no matter which port generating it? > They can be done on one port (assuming they both connect to the same proxy) > Thanks. > >>> Mr. Jennings: >>> >>> Thanks for your kindly answer. >>> >>> Followings are some questions about the SIP TLS implemantation. >>> >>> 1. Can the established TLS channel be hold for the subsequent SIP >> messages? >>> For example, >> yes >>> the client established the TLS channel with the proxy server before >>> sending the Register >>> message. Will the client send close_notify alert right after >> receiving >>> the 200 OK from the >>> server? Or the client can continuously using this TLS channel for >> the >>> upcoming incoming >>> or outgoing call? >>> >>> I had seen one implementation for the client to send close_notify >> alert >>> right after the 401 >>> response. The client then established a new TLS channel to complete >> the >>> SIP challenge >>> response process. Is it correct? >>> >> >> The TLS channels should be kept up for a ling time and can be used for many >> transaction. It should not be re setup for each transaction >> >>> 2. Should the client get the server's certificate in advance to build >> the >>> trusted CA list in order >>> to verify server's certificate? How can we build the trusted CA >> list on >>> client side? >> >> No it can get the cert when it does the TLS handshake, but it does need to >> have a list of trusted roots - I suggest the UA should have a configurable >> list certificates for trusted roots > > _________________________________________________________________ > Express yourself instantly with MSN Messenger! Download today it's FREE! > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ _______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
