Francois Audet wrote:
Euh, not. There is also 3)
3) Have a policiy in the proxy associated with Bob of not
delivering anything but sips.
#3 only works if all the proxies between Bob and Bob's home
proxy have this policy. For example, Bob's edge proxy may be
different from Bob's home proxy.
Dean, the request in this scenario
was sent out over non-TLS sent with sips in
the first place. The damage done.
Huh? No, the request was sent SIP because the user or user's UA chose to
downgrade from the SIPS URI they had been given.
If a proxy in the middle want to upgrade to sip, it can just
send a 3XX with Contact: sips
Sure. If there's a proxy in the middle, and the damage wasn't already
done by leakage
Only if an outbound proxy is used. P2P very well might not
have outbound proxies. Remember, SIP DOES NOT REQUIRE YOU TO
ALWAYS USE A PROXY.
Dean, the request was sent using SIP in the first place. If there
is no proxy, then the 3XX solution makes more sense.
Yes, that's exactly my point. If you're given a SIPS URI, use it. Don't
downgrade to SIP. Ever. Not at a proxy, not at a UA, not at a user.
And text (which we have) that effectively says "If the user registers
with SIPS it means they want to receive both SIP and SIPS requests" is
dangerously misleading, because it encourages the user to downgrade and
expect it to work.
--
Dean
_______________________________________________
Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
