On Thursday 17 January 2008 14:08:07 Paul Kyzivat wrote: > Anybody that you permit to register with your scheme can still put any > ip it wants into the the contact addresses it registers. So you haven't > solved the problem you set out to solve. Having something special in the > user part doesn't change that.
It would avoid fraudulent calls through gateways and call to any existing SIP account. Yes, the INVITE would arrive to the IP you set in "Contact" but it will be rejected since that URI doesn't exist. For example, nothing should occur if an INVITE like: INVITE sip:[EMAIL PROTECTED] arrives to the gateway. It would be rejected. > As far as the acceptability of mandating a particular form for the user > part - it isn't going to happen. Devices have been granted that part for > their own use. There are many ways it can and is used by those UAs to > encode information that is useful to them. I didn't know that the username part maybe used to encode information. > Regarding your authentication example: if user2 does this, and the owner > of phone1 complains, then user2 can be punished. In any case, you can > modify your example so the contact used by user2 is: > <sip:[EMAIL PROTECTED]>. In that case the registrar will permit this > according to your proposal. Yes, but when the "INVITE sip:[EMAIL PROTECTED]" arrives to phone1 it will be rejected with 404. This is the same as in-dialog messages, proxies allow them and it's responsability of UAS to reject messages with a To tag not corresponding to an existing session. Regards. -- Iñaki Baz Castillo [EMAIL PROTECTED] _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
