I've had a user come to me with a problem where they can't get calls through to one of their suppliers because the Contact URI on the INVITE request doesn't match the Contact URI on their registration binding. It's not unique and I've seen the same mechanism employed elsewhere. The security benefits seem negligible to me unless the supplier also blocks Record-Route headers, which I've seen as well, and which then makes interoperability very difficult.
In this particular case the supplier seems to be doing a string comparison on the INVITE and registering binding URIs. In both cases the URIs are using the same socket and hence the same Host portion so it's only the User and parameter portions that are different. This strikes me as a very fragile mechanism. Has anybody else encountered these type of aggressive registration "policing" systems in the wild? Aaron _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
