Jerry Yin wrote: > Hi Rohan and all, Jerry: Thank you for your time reviewing the draft.
> I can't find the discussing about the connection reuse when NAT/Firewall > involved. Sorry if it is documented somewhere already. That particular behavior is documented in sip-outbound (see Section 2 of connect-reuse for a reference to the discussion delineating connect-reuse and sip-outbound.) sip-outbound can be accessed from: http://tools.ietf.org/html/draft-ietf-sip-outbound-11 > For the above two reasons, I think it would be better to treat the > TCP/SCTP the same way as the TLS. It would make the design and > implementation simple. The SIP routing behavior would be consistent when > supporting the “connection reuse” draft. > > As the TCP security concerns are discussed in the section 9.3 “*Security > Considerations for the TCP Transport”, *the first 3 attacks can be > prevented by Digest authentications. I can’t figure out what is the last > case all about (Proxy enter an aliasing agreement with downstream > proxy)? If there are services between these two proxies, they will > create connections, one or two, anyway. What are really the concerns here? As it turns out, we are about to release -09 based on the WGLC review in November. Brett and I are trying to close an open issue between us, and once that is done, -09 will be released later this week. -09 provides more succinct reasons why TCP/SCTP cannot be reused and it also shortens considerably Section 9.3 based on the WGLC review feedback. Thanks, - vijay -- Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent 2701 Lucent Lane, Rm. 9F-546, Lisle, Illinois 60532 (USA) Email: [EMAIL PROTECTED],bell-labs.com,acm.org} WWW: http://www.alcatel-lucent.com/bell-labs _______________________________________________ Sip mailing list http://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
