Michael,
At issue here is what the default implementor is likely to do. With
a new 4xx, the misguided but well-meaning implementor is likely to
try to "helpfully" "repair" the error without thinking about or
understanding the security context.
Using a Warning code raises the bar significantly, but still allows
automata to at least log what happened.
thanks,
-rohan
On Jul 27, 2007, at 10:47 AM, Michael Thomas wrote:
Eric Rescorla wrote:
At Fri, 27 Jul 2007 09:35:12 -0500,
Francois Audet wrote:
The intent is to be UNDISTINGUISHABLE.
We do NOT want the equipment to automatically downgrade. We want
the user to make the decision in a concious way.
Furthermore, we want to emphasise that the SIP and SIPS are
different addresses and are not interchangeable.
Rohan Mahy, Jon Peterson, Eric Rescorla,
Since you were the main people advocating this change, can you
make clear on the list what the rationale is.
Right. So, I want to avoid automatic downgrade. I think that
at minimum that means that we should avoid using a return
code ordinary associated with automatic retry. Better yet
would be to use a hard failure return code and then a textual
error message...
Do people seriously believe that any amount of protestation from
the IETF
is going to prevent implementors from downgrading? If the receiver
(s) really
don't want the SIP method, they don't have to accept them. If they
do, then no
amount of hand wringing MUST NOT's is going to prevent the inevitable.
The only thing this kind of hand wringing is likely to produce is more
incompatibility between the puritans and the sinners.
Mike
_______________________________________________
Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
