I remember that some opposed the use of this RFC when it came about telephone numbers because there is no domain part involved.
For Presence I do not see telephone numbers involved but only SIP URIs. Would there be other issues against the use of this RFC for this very purpose? Adrian On Aug 26, 2010, at 1:34 PM, Olle E. Johansson wrote: > > 26 aug 2010 kl. 12.46 skrev Adrian Georgescu: > >> Hello, >> >> I have a question maybe someone can help or comment. >> >> How can one protect in the real world against faking the identity of >> presence subscriptions originating from foreign domains? >> >> The scenario is: >> >> Once us...@domaina accepts presence subscriptions from us...@domainb and his >> pre-rules is updated with this information, nobody stops somebody else to >> impersonate us...@domainb to send subscribe messages from any source and >> presenting the same From header. >> >> How can the server that serves domainA check for the real identity of the >> foreign subscriber? >> >> Can anyone comment what would be a good practical solution? > > No, what you're talking about is trust between domains. SIP identity is > trying to get a grip on that, as well as a few other identity solutions, > including S/MIME in the good ol' RFC 3261. > > /O > _______________________________________________ > Users mailing list > us...@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > _______________________________________________ Devel mailing list Devel@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
