On Thursday 17 January 2008 12:24:33 Steve Langstaff wrote: > > On Thursday 17 January 2008 11:28:50 Steve Langstaff wrote: > > > > Hi, because SIP design an UAC is responsible for setting its > > > > "Contact" field in the REGISTER. This can be used to > > > > spoof other UAS > > > > > > or gateways location by malicious users. > > > > > > > > There are "not very ellegant" solutions for this issue but I'm > > > > thinking about forcing a convention: > > > > > > > > A SIP UAC with AoR "sip:[EMAIL PROTECTED]" SHOULD send a > > > > REGISTER with: > > > > Contact: <sip:[EMAIL PROTECTED]> and the registrar server > > > > SHOULD reject any REGISTER with a "Contact" not respecting this > > > > convention for the registering AoR. > > > > > > > > I set "[EMAIL PROTECTED]" since > > > > "[EMAIL PROTECTED]" > > > > would not be secure in multidomain enviroments. > > > > > > How would you cope with multi-port gateway devices that > > > > (say) wanted > > > > > to register the same AoR for mutliple ports, but uses a single IP > > > address for both, or when you have the case of multiple > > > > instances of > > > > > the same AoR behind an SBC? > > > > Do you mean that in these cases the SBC rewrites UAC's > > "Contact" to give each one a distintive URI? > > I'm not sure about the SBC case, but for a mult-port phone gateway, > consider the case where Alice has 2 phones registering sip:[EMAIL PROTECTED] > on different ports of the gateway. > > Currently phone 1 may send out a REGISTER with, for example, > > From: <sip:[EMAIL PROTECTED]> > Contact: <sip:[EMAIL PROTECTED]> > > And phone 2 may send out a REGISTER with > > From: <sip:[EMAIL PROTECTED]> > Contact: <sip:[EMAIL PROTECTED]> > > This is good - the registrar has 2 registrations for Alice, > with distinct contact addresses. All is good. > > With your proposed scheme phone 1 would send out a REGISTER with > > From: <sip:[EMAIL PROTECTED]> > Contact: <sip:[EMAIL PROTECTED]> > > and phone 2 would send out a REGISTER with > > From: <sip:[EMAIL PROTECTED]> > Contact: <sip:[EMAIL PROTECTED]> > > I don't think that the registrar would be aware that Alice has registered > from 2 devices.
Ok, I understand. Making it a little complex it could be: AoR = [EMAIL PROTECTED] => Contact = user(_anything)[EMAIL PROTECTED] This is: the "Contact" URI should be: AoRusernamepart + "_" + anything + "*" + AoRdomain + "@" + device_IP (where "_anything" is optional). So in the case you tell: AoR = [EMAIL PROTECTED] => Contact 1 = [EMAIL PROTECTED] Contact 2 = [EMAIL PROTECTED] Yes, there could be some issues if the AoR contains "*" or "_", but nothing difficuly to solve with a convenient specification. -- ilimit... *Iñaki Baz Castillo* [EMAIL PROTECTED] ÀREA SISTEMES 0034 937 333 375 VOLTA 1, PIS 5 08224 TERRASSA.BCN Aquest enviament és confidencial i està destinat únicament a la persona a qui s'ha enviat. Pot contenir informació privada sotmesa al secret professional, la distribució de la qual està prohibida per la legislació vigent. _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
