On Thursday 17 January 2008 11:28:50 Steve Langstaff wrote: > > Hi, because SIP design an UAC is responsible for setting its > > "Contact" field in the REGISTER. This can be used to spoof > > other UAS or gateways location by malicious users. > > > > There are "not very ellegant" solutions for this issue but > > I'm thinking about forcing a convention: > > > > A SIP UAC with AoR "sip:[EMAIL PROTECTED]" SHOULD send a REGISTER with: > > Contact: <sip:[EMAIL PROTECTED]> > > and the registrar server SHOULD reject any REGISTER with a > > "Contact" not respecting this convention for the registering AoR. > > > > I set "[EMAIL PROTECTED]" since > > "[EMAIL PROTECTED]" > > would not be secure in multidomain enviroments. > > How would you cope with multi-port gateway devices that (say) wanted to > register the same AoR for mutliple ports, but uses a single IP address for > both, or when you have the case of multiple instances of the same AoR > behind an SBC?
Do you mean that in these cases the SBC rewrites UAC's "Contact" to give each one a distintive URI? -- ilimit... *Iñaki Baz Castillo* [EMAIL PROTECTED] ÀREA SISTEMES 0034 937 333 375 VOLTA 1, PIS 5 08224 TERRASSA.BCN Aquest enviament és confidencial i està destinat únicament a la persona a qui s'ha enviat. Pot contenir informació privada sotmesa al secret professional, la distribució de la qual està prohibida per la legislació vigent. _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
