Scott Lawrence wrote: > On Fri, 2008-10-24 at 14:46 -0400, Dale Worley wrote: >> I'm not convinced that anyone *uses* out-of-dialog REFERs, despite the >> number of times I have seen mechanisms proposed in the IETF that use >> them. But it's clear that if someone uses o.o.d. REFER for something, >> the mechanism should require authentication (otherwise it would be quite >> a security problem). So I vote for authenticating o.o.d. REFER. > > Agreed. I think we should have a short list of methods that allowed > out-of-dialog (OPTIONS, at least) without challenge. All others should > be challenged if they have on of our identities in the From header. >
OK, I will go ahead with this implementation. As of now we only have REGISTER and OPTIONs method that will challenged, even if they are out-of-dialog. Arjun _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
