On Wed, 2009-01-07 at 16:19 -0600, Jarod Neuner wrote: > On Wed, 2009-01-07 at 11:44 -0600, Pekka Pessi wrote: > > Also, if we want to do some automated Subject testing at tport level, > > I'd go for using tpn_canon which should contain the domain name used > > in the SIP URI. > > Through various mechanisms, an attacker could fool the resolver > into believing that the UAC should connect to sip.mitm.com (which will > be listed in tpn_canon, I think?)
Whoops, dense moment of the day. We still won't support rfc822 names or SIP usernames, but provide good coverage in the meantime. Thanks for the tip! ------------------------------------------------------------------------------ Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB _______________________________________________ Sofia-sip-devel mailing list Sofia-sip-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sofia-sip-devel
