Hi Rohan and all,
I can't find the discussing about the connection reuse when NAT/Firewall
involved. Sorry if it is documented somewhere already. Here's my comments:
SIP UA behind a NAT/Firewall using TCP: According to the current draft (08),
the UA and proxy have to create bi-direction connections. It seems that it is
impossible for the proxy (at the public side of the firewall) to make a new TCP
connection to the phone for incoming requests without reusing the phones
existing TCP connection with the proxy.
SIP UA behind a NAT using TCP to register to the server: The only possible
way a UA can receive incoming calls is to reuse the TCP connection that it has
created to register with the proxy/registrar.
For the above two reasons, I think it would be better to treat the TCP/SCTP
the same way as the TLS. It would make the design and implementation simple.
The SIP routing behavior would be consistent when supporting the connection
reuse draft.
As the TCP security concerns are discussed in the section 9.3 Security
Considerations for the TCP Transport, the first 3 attacks can be prevented by
Digest authentications. I cant figure out what is the last case all about
(Proxy enter an aliasing agreement with downstream proxy)? If there are
services between these two proxies, they will create connections, one or two,
anyway. What are really the concerns here?
Regards,
Jerry
---------------------------------
Never miss a thing. Make Yahoo your homepage._______________________________________________
Sip mailing list http://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
