[OpenSIPS-Devel] Presence Subscriptions from External Domains

[Adrian Georgescu]

Hello,

I have a question maybe someone can help or comment.

How can one protect in the real world against faking the identity of presence 
subscriptions originating from foreign domains?

The scenario is:

Once us...@domaina accepts presence subscriptions from us...@domainb and his 
pre-rules is updated with this information, nobody stops somebody else to 
impersonate us...@domainb to send subscribe messages from any source and 
presenting the same From header.

How can the server that serves domainA check for the real identity of the 
foreign subscriber?

Can anyone comment what would be a good practical solution?

Regards,
Adrian


___
Devel mailing list
Devel@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel

Re: [OpenSIPS-Devel] Presence Subscriptions from External Domains

[Olle E. Johansson]

26 aug 2010 kl. 12.46 skrev Adrian Georgescu:

 Hello,
 
 I have a question maybe someone can help or comment.
 
 How can one protect in the real world against faking the identity of presence 
 subscriptions originating from foreign domains?
 
 The scenario is:
 
 Once us...@domaina accepts presence subscriptions from us...@domainb and his 
 pre-rules is updated with this information, nobody stops somebody else to 
 impersonate us...@domainb to send subscribe messages from any source and 
 presenting the same From header.
 
 How can the server that serves domainA check for the real identity of the 
 foreign subscriber?
 
 Can anyone comment what would be a good practical solution?

No, what you're talking about is trust between domains. SIP identity is trying 
to get a grip on that, as well as a few other identity solutions, including 
S/MIME in the good ol' RFC 3261.

/O
___
Devel mailing list
Devel@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel