Iñaki Baz Castillo wrote:
> El Miércoles, 15 de Octubre de 2008, Paul Kyzivat escribió:
>> Iñaki Baz Castillo wrote:
>>> El Martes, 14 de Octubre de 2008, Paul Kyzivat escribió:
>>>> I was thinking of something more extreme:
>>>>
>>>> REGISTER sip:example.com
>>>> To: sip:[EMAIL PROTECTED]
>>>> From: sip:[EMAIL PROTECTED]
>>>> Contact: sip:[EMAIL PROTECTED]
>>>> Contact: sip:[EMAIL PROTECTED]
>>>>
>>>> where the above is sent from other.example.com. In this case
>>>> other.example.com is never the right place to send requests intended for
>>>> phone1.example.com or phone2.example.com.
>>> Yes, it's more extreme ;)
>> Its also entirely legal. And there are interesting use cases for it.
>
> Yes, you mean the 3rd party registration, is it?
Technically this isn't 3rd party registration, which has nothing to do
with the value of the contacts. The following is 3rd party registration:
REGISTER sip:example.com
To: sip:[EMAIL PROTECTED]
From: sip:[EMAIL PROTECTED]
Contact: sip:bob_phone.example.com
Contact: sip:alice_phone.example.com;expires=0
In this case the request would first have to be authenticated as bob,
and then there would have to be some authorization mechanism that
permits bob to register to alice's AOR.
(I just threw in the 2nd contact for fun.)
Thanks,
Paul
_______________________________________________
Sip-implementors mailing list
Sip-implementors@lists.cs.columbia.edu
https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
