Hi, >> When you say “does not support Outbound”, are you referring to the whole >> mechanism, or to the specific >> reuse-of-registration-connection-for-incoming-calls part? > > We have had a lot of discussions about this in the past, where I focused on > the latter. In the current set of standards a server is not allowed to reuse > the incoming TLS connection for outbound requests. Only SIP outbound allows > this.
Correct. However, many still do it, because in addition to the TLS issues it is also needed for NAT traversal. >That’s why I started a discussion about a “half-outbound” - much like the use >of Outbound in SIP over WebSockets today. That specific part could be defined in a separate specification, similar to what we did for SIP keep-alive: people wanted to have a mechanism for negotiating keep-alives, without having to implement everything else in Outbound. Regards, Christer ________________________________________ From: stir <mailto:[email protected]> on behalf of Olle E. Johansson <mailto:[email protected]> Sent: Tuesday, July 13, 2021 9:32:56 AM To: Roman Shpount <mailto:[email protected]> Cc: mailto:[email protected] <mailto:[email protected]>; Mary Barnes <mailto:[email protected]>; Salz, Rich <mailto:[email protected]>; mailto:[email protected] <mailto:[email protected]> Subject: Re: [stir] [Acme] http://NYTimes.com: How Do You Stop Robocalls? 13 juli 2021 kl. 06:58 skrev Roman Shpount <mailto:[email protected]>: At the same time, SIP over TLS has many performance and reliability issues that would need to be addressed before it is ready for industry-wide deployment. There’s also a lack of applicable standards for TLS usage, as I’ve pointed out a few times, but the working group seems to have no energy to fix. SIP over TLS from the SIP phone side requires implementation of SIP outbound, which we never successfully tested at any SIPit. I know of a few implementations now, but haven’t tested them together. Made this presentation five years ago https://www.slideshare.net/oej/sip-tls-security-in-a-peer-to-peer-world /O _______________________________________________ stir mailing list mailto:[email protected] https://www.ietf.org/mailman/listinfo/stir _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
