26 aug 2010 kl. 12.46 skrev Adrian Georgescu:
Hello,
I have a question maybe someone can help or comment.
How can one protect in the real world against faking the identity of presence
subscriptions originating from foreign domains?
The scenario is:
Once us...@domaina accepts presence subscriptions from us...@domainb and his
pre-rules is updated with this information, nobody stops somebody else to
impersonate us...@domainb to send subscribe messages from any source and
presenting the same From header.
How can the server that serves domainA check for the real identity of the
foreign subscriber?
Can anyone comment what would be a good practical solution?
No, what you're talking about is trust between domains. SIP identity is trying
to get a grip on that, as well as a few other identity solutions, including
S/MIME in the good ol' RFC 3261.
/O
___
Devel mailing list
Devel@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel