I think what is going on is that since sipXbridge is intended entirely for ITSP usage, we can use (better or worse) authentication mechanisms. But the DoS problem remains for anyone using across-the-Internet SIP -- which we expect to be a steadily increasing fraction of users.
One question is the threat model. If we're worried about pure DoS, then existing Internet DoS techniques seem to be sufficient, and sipX is not the place to solve the problem. But there may be other threats that are specific to the SIP layer. It's probably going to be hard to design a solution without any data regarding the threats that will materialize (as opposed to the ones that we conjecture). Dale _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
