I've heard reference to this security issue in the past but have just gone and read it for the first time, Section 9.3 right? I'm not sure I completely understand it. Are you saying that another program can hijack the connection once the legitimate SIP user is not present on the connection anymore? Would not the legitimate user have torn down the TCP connection when it exited? Wouldn't the TCP connection require authentication when it was reestablished? My apologies for my lack of understanding.
Thanks, FM -----Original Message----- From: Vijay K. Gurbani [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 18, 2007 12:03 PM To: jiang mingda Cc: [email protected] Subject: Re: [Sip] sip tcp connection jiang mingda wrote: > Hi Folks, I have a question about sip over TCP. How many connections > should be established between two sip servers/proxies? Shall I create > only one tcp connection between them? You cannot use one connection for bi-directional requests because of the security risk identified in Section 9 of connect-reuse (http://tools.ietf.org/html/draft-ietf-sip-connect-reuse-07). _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
