On Fri, Sep 5, 2008 at 9:38 AM, Scott Lawrence <[EMAIL PROTECTED]> wrote: > > On Fri, 2008-09-05 at 09:04 -0400, M. Ranganathan wrote: >> Why does sipx proxy challenge REFER requests from services that are >> known to be co-hosted with it? It could be made more efficient if such >> requests were not challenged. > > It is never appropriate to use a source IP address or port as an > authenticator.
Yes I would readily agree for a public IP address which is globally routable this is a rather weak form of "authentication". > > If we were to use SIP over TLS between components with peer > authentication, we could trust the sender, but to add the overhead of > doing that for all requests just to avoid challenging a REFER would not > be a good tradeoff. Agreed. However, if you are using TCP for signaling and you are collocated with the proxy (one can also throw in "AND if you can add the ability to listen on localhost to the proxy" ), would challenge be necessary? Ranga > > -- M. Ranganathan _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
