26 aug 2010 kl. 12.46 skrev Adrian Georgescu: > Hello, > > I have a question maybe someone can help or comment. > > How can one protect in the real world against faking the identity of presence > subscriptions originating from foreign domains? > > The scenario is: > > Once us...@domaina accepts presence subscriptions from us...@domainb and his > pre-rules is updated with this information, nobody stops somebody else to > impersonate us...@domainb to send subscribe messages from any source and > presenting the same From header. > > How can the server that serves domainA check for the real identity of the > foreign subscriber? > > Can anyone comment what would be a good practical solution?
No, what you're talking about is trust between domains. SIP identity is trying to get a grip on that, as well as a few other identity solutions, including S/MIME in the good ol' RFC 3261. /O _______________________________________________ Devel mailing list Devel@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
