10 okt 2011 kl. 14:15 skrev Juha Heinanen:
IƱaki Baz Castillo writes:
Forget the two ob proxies if you want. The rest of the specification is the best answer for NAT and TCP/TLS, much better than the half-solutions we use today (those that makes the registrar to mantain 40 bindings for the same AoR when the device is a movile using SIP over TCP and reconnects every few minutes).
i don't have anything against that when ua registers it tells its unique id so that registrar can discard the old ones.
what i was trying to say that outbound does not bring any help to implementing redundant sip infrastructure, where two active proxies could have worked together each with its own ip address.
What are you proposing then Juha? not implementing RFC 5626 and continuing with custom solutions that don't work well? continuing with Contact rewritting? No please.
what comes to nat traversal, what are the problems with contact rewriting? so far it has worked quite well for me.
For platforms where you want some sort of integrity check in the message, like with S/MIME or SIP Identity, rewriting the message will break security. If we want to build secure platforms in SIP, we need to find solutions that doesn't require SDP and SIP rewrites in the proxys.
That's why ICE puts the burden of finding IP addresses and relay servers on the UA and SIP outbound puts connection management on the UA. If the UA can handle all of this and have all data correct when sending the message, a message rewrite that breaks digital signatures should not be needed any more.
One thing I realized the other night during a SIP discussion was that Ice doesn't allow a network provider to implement a policy. I don't think a proxy can't say "442 Always use media relay" and force the client to drop local addresses, like if there's a requirement for lawful intercept in the network. That will be something that needs to be added to ICE.
/O