Iñaki Baz Castillo wrote:
> On Thursday 17 January 2008 14:08:07 Paul Kyzivat wrote:
>
>> Anybody that you permit to register with your scheme can still put any
>> ip it wants into the the contact addresses it registers. So you haven't
>> solved the problem you set out to solve. Having something special in the
>> user part doesn't change that.
>
> It would avoid fraudulent calls through gateways and call to any existing SIP
> account. Yes, the INVITE would arrive to the IP you set in "Contact" but it
> will be rejected since that URI doesn't exist.
>
> For example, nothing should occur if an INVITE like:
> INVITE sip:[EMAIL PROTECTED]
> arrives to the gateway. It would be rejected.
This requires that every sip device in the universe adopt your naming
convention for Contact addresses. That isn't going to happen.
>> As far as the acceptability of mandating a particular form for the user
>> part - it isn't going to happen. Devices have been granted that part for
>> their own use. There are many ways it can and is used by those UAs to
>> encode information that is useful to them.
>
> I didn't know that the username part maybe used to encode information.
It can be used any way the creator of the URI wants to use it. The point
is that only nodes responsible for the domain of a URI are supposed to
interpret the user part of that URI. (BTW that is another reason why the
registrar should not be following your proposal. The registrar is
(presumably) not responsible for the domains of the contact uris.
>> Regarding your authentication example: if user2 does this, and the owner
>> of phone1 complains, then user2 can be punished. In any case, you can
>> modify your example so the contact used by user2 is:
>> <sip:[EMAIL PROTECTED]>. In that case the registrar will permit this
>> according to your proposal.
>
> Yes, but when the "INVITE sip:[EMAIL PROTECTED]" arrives to phone1 it will be
> rejected with 404.
> This is the same as in-dialog messages, proxies allow them and it's
> responsability of UAS to reject messages with a To tag not corresponding to
> an existing session.
I'll also mention that it is quite common (though not especially wise)
for UAs to use the same contact address for registrations to multiple
AORs. And it is pretty common for specialized UAs, like phones, to
entirely ignore the R-URI and process any requests incoming to their sip
port.
Paul
_______________________________________________
Sip-implementors mailing list
[email protected]
https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
