My point was that if you accepted the first registration without authentication, then all bets are off. Any UAC can register the AOR. I was suggesting that the issue of authenticating the first registration is just as important. If you solved that problem, the subsequent registration will also be authenticated. If not, you cannot trust either of those registrations.
________________________________ From: java jalwa [mailto:[email protected]] Sent: Thursday, May 21, 2009 12:18 AM To: [email protected] Subject: Re: [Sip-implementors] SIP REGISTER without expiration of previousREGISTER Thanks Benjamin. Arunachalam, thanks for your response, I am not sure I correctly understood your question.The registrar I am working with has an option allowing it to be configured without authentication, which unfortunately cannot be changed. SD On Wed, May 20, 2009 at 9:03 PM, Benjamin Jacob <[email protected]> wrote: What you have described is correct. A different call id is as good as a different client, but in this case as it's the same UAC, the To and Contact header would be the same. So, the registration info in the registrar would be updated with the new call-id, etc. Also, each registration request should be authenticated by the registrar to take care of fake requests. Regards - Ben > -----Original Message----- > From: [email protected] > [mailto:[email protected]] > On Behalf Of > java jalwa > Sent: Wednesday, May 20, 2009 8:22 PM > To: [email protected] > Subject: [Sip-implementors] SIP REGISTER without expiration > of > previousREGISTER > > Hello All, > I am trying to interpret > section 10.3 of RFC 3261 which deals > with processing of incoming REGISTER requests. > > Pardon my possible misuse of sip terminologies. > > > Suppose a UAC,which is registered with a SIP registrar, > crashes and > hence is unable to Un register and unable to save its > previous > registration state (Call-Id, CSeq etc). > > The UAC comes up before the previous registration expires. > > When the UAC comes up , if it sends a REGISTER, with a new > Call-Id > (Other fields are the same as before: Address-of-record, > Contact-ID, To, > From, non zero expiration etc). My interpretation is that > in this case > if the Call-Id is different, the CSeq would not be checked. > Is that > correct ? The Registrar should update the binding by > replacing the old > Call-Id. > So , unless the Registrar is configured to authenticate a > UAC , any > endpoint can send a REGISTER with a different Call-ID and > cause the > Registrar to update its bindings. Is that correct ? > > Thank you , > SD > > P.S : Please guide me if this is not the appropriate > mailing list > _______________________________________________ > Sip-implementors mailing list > [email protected] > https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors > > _______________________________________________ > Sip-implementors mailing list > [email protected] > https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors > _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
