RE: SIP and Apache

Robert S. Thau (
Sun, 20 Jun 1999 10:32:21 -0400 (EDT)

Larry Masinter writes [replying to Yaron about SIP-over-HTTP]:

> > All the normal HTTP authentication and caching
> > infrastructure would still apply.
> Uh, right, the "normal HTTP authentication infrastructure" being
> "almost none".

And I'm not sure what use the caching infrastructure would be either,
given the volatility of the data which SIP messages describe (ongoing
phone calls); I'm not sure I see how responses to any SIP request type
other than OPTIONS (i.e., responses to INVITE, BYE, REGISTER, CANCEL)
could be usefully cached.

What's left is use of the proxy infrastructure, and absent caching,
the main effect of that is to make it easier for SIP to slip through a
firewall which is not specifically aware of it. Many security folks
would call that a bug, not a feature.