I'm pre-reviewing Francois' latest sips draft, and I'm perplexed.
Presume a UA wishes to receive only SIPS requests and not SIP requests.
This is important if we do not wish to reveal information about the UAS
(most critically the identity of the user at this UAS) -- to
packet-sniffers on the wire between UAC and UAS.
Previously it could do this by registering only a SIPS contact and not a
SIP, and by using a SIPS AOR in registration.
Because registering with a SIPS contact header field implies a
binding to both a SIPS Contact and a corresponding SIP Contact . . .
means we simply can't satisfy this use case.
Just waiting for a request and then rejecting it if it didn't come in
over TLS would not meet the requirement, since the plain text of the
request would already have been sent, potentially compromising
information about the UAS.
Do we have a problem?
--
Dean
_______________________________________________
Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip
