> -----Original Message----- > From: Vijay K. Gurbani [mailto:[EMAIL PROTECTED] > Sent: Friday, November 16, 2007 6:05 PM > To: Hadriel Kaplan > Cc: IETF SIP List; Rohan Mahy; Brett Tate > Subject: Re: [Sip] WGLC: draft-ietf-sip-connect-reuse-08.txt > > > What *is* convincing is that without the certificate proof of > > identity inherent in TLS, the mechanism as defined in this draft > > would let a completely different machine, from a different IP, > > pretend to represent a legit domain's proxy by simply putting in the > > Via and alias param. That would be bad. And due to SCTP > > multi-homing coming from any IP, and load-balancing techniques and > > such, just restricting the source IP to avoid that problem won't work > > universally. *That* should be the text in the draft for why TLS is > > required, vs. the "malware" excuse. I am only mentioning this > > because not allowing TCP or SCTP alone is a major detractor for this > > draft, so the explanations for why not need to be strong. > > ... would that be an acceptable compromise?
Sure. BTW, out of curiosity, I thought at some point in the past there was an email saying that for UA's, sip-outbound would be the only draft for explicit connect-reuse behavior. So that this draft was really for proxies, not UA's. Not true? (not that such use would be enforced in any way, just that the focus had changed) -hadriel _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
