Why would you have trusted the original REGISTER was sent by an authentic UAC, without authentication configured on the registar?
-----Original Message----- From: sip-implementors-boun...@lists.cs.columbia.edu [mailto:sip-implementors-boun...@lists.cs.columbia.edu] On Behalf Of java jalwa Sent: Wednesday, May 20, 2009 8:22 PM To: sip-implementors@lists.cs.columbia.edu Subject: [Sip-implementors] SIP REGISTER without expiration of previousREGISTER Hello All, I am trying to interpret section 10.3 of RFC 3261 which deals with processing of incoming REGISTER requests. Pardon my possible misuse of sip terminologies. Suppose a UAC,which is registered with a SIP registrar, crashes and hence is unable to Un register and unable to save its previous registration state (Call-Id, CSeq etc). The UAC comes up before the previous registration expires. When the UAC comes up , if it sends a REGISTER, with a new Call-Id (Other fields are the same as before: Address-of-record, Contact-ID, To, From, non zero expiration etc). My interpretation is that in this case if the Call-Id is different, the CSeq would not be checked. Is that correct ? The Registrar should update the binding by replacing the old Call-Id. So , unless the Registrar is configured to authenticate a UAC , any endpoint can send a REGISTER with a different Call-ID and cause the Registrar to update its bindings. Is that correct ? Thank you , SD P.S : Please guide me if this is not the appropriate mailing list _______________________________________________ Sip-implementors mailing list Sip-implementors@lists.cs.columbia.edu https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors _______________________________________________ Sip-implementors mailing list Sip-implementors@lists.cs.columbia.edu https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
