Paul Kyzivat wrote:
We have a lot of history of people taking carefully phrased things like this and using them to justify a lot of incorrect behavior. We don't want this to be misconstrued.
Paul, Hadriel: So ... where do we stand on this? It appears that Digest challenge for proxies is a non-starter. Yesterday, I had suggested something along these lines: If A opens up a TCP connection to B, and it has some policy such that it considers B to be trusted, it MAY insert an alias parameter in the topmost Via of that request. This will cause B to send requests in the backwards direction over that connection. Exactly what this policy is will be left up to each service provider and implementation. The draft can adequately warn implementations not to do so over TCP due to various security reasons documented elsewhere in the draft. The normative strength of reusing a TCP connection in this manner could be left as a SHOULD, with strong incentives to perform connection reuse only over TLS. This, of course, means that there is connection reuse in TCP as well (i.e., using one TCP stream), but is not encouraged by the draft, and implementations doing so will have adequately weighed in the associated risks before doing so. Would this be a working solution that will strike a middle- ground? Is this agreeable? Thanks, - vijay -- Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent 2701 Lucent Lane, Rm. 9F-546, Lisle, Illinois 60532 (USA) Email: [EMAIL PROTECTED],bell-labs.com,acm.org} WWW: http://www.alcatel-lucent.com/bell-labs _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
