On May 17, 2007, at 3:58 AM, Attila Sipos wrote:
Sorry... found my answer....
While guessing a SIPS AOR from a known SIP
AOR and using it to initiate a request is a valid thing to do,
doing
the opposite (i.e., guessing a SIP AOR from a SIPS AOR and using
it)
is not a valid thing to do as it would be a security downgrade.
Although "downgrading" from SIPS to SIP is disallowed, it is
possible
that a redirect server or UAS sends a 3XX response to a request
to a
Audet Expires October 15, 2007
[Page 8]
Internet-Draft SIPS April
2007
SIPS URI with a contact header field containing a SIP URI.
[RFC3261]/8.1.3.4 states that if the UAC decide to recurse to
the SIP
URI, it "SHOULD inform the user". When a proxy is handling the
3XX,
it can obviously not indicate anything to the user that it is being
redirected from SIPS to SIP: therefore, proxies would not be able
recurse on the contact header field, and instead would either
forward
the 3XX to the UAC or reject the request.
I wonder if it would be worth making an explicit suggestion in the
SIPS that proxies provide a 302 if they receive a SIPS request for an
AOR for which they have only a SIP binding? We could also make a
stronger recommendtation that if you don't know whether an AOR is
SIPS or SIP you would try SIPS first and expect a 302 if you guess
wrong. This could reduce the inclination for people to try SIP first.
--
Dean
_______________________________________________
Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
