Dean, you are talking about a different case. Nobody is suggesting that if you are given a SIPS URI you should also assume that a SIP URI will work.
I think it's pretty obvious. > -----Original Message----- > From: Dean Willis [mailto:[EMAIL PROTECTED] > Sent: Monday, April 16, 2007 22:53 > To: Paul Kyzivat > Cc: Hisham Khartabil; sip@ietf.org; Audet, Francois (SC100:3055) > Subject: Re: [Sip] SIPS question: How to prevent plaintext > requests from being delivered to a UA > > Paul Kyzivat wrote: > > > > So you mean both a sip and sips contact would be registered > over the > > same (tls) flow. As Francois said, he proposed this long ago and it > > was rejected for a bunch of reasons. The only benefit I can see to > > this is as a way to indicate a policy regarding whether sip > requests > > are/aren't desired over this flow. Things will work just > fine without > > that policy (the UAS can simply reject them if it wishes). It > > complicates a lot of things so I prefer to stick with what > was already > > decided about this. > > No, this DOESN'T work fine, as the privacy of the UAS's > AOR-to-Contact binding is compromised by sending the request > from the UAC, even if the UAS rejects the request. > > If the sender KNEW that the UAS only accepted SIPS, this > compromise would not occur. > > And if the sender is given only a SIPS URI for an AOR, the > sender MUST assume that the UAS accepts only SIPS requests > and MUST NOT send a request to that AOR using SIP. Otherwise, > the privacy of the UAS's AOR-to-Contact binding might be > compromised (and in security, one can assume that if it might > be compromised, it probably has been-- It's tainted). > > -- > Dean > > _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
