> When the UAC comes up , if it sends a REGISTER, with a new > Call-Id (Other fields are the same as before: Address-of-record, > Contact-ID, To, From, non zero expiration etc). My interpretation > is that in this case if the Call-Id is different, the CSeq would > not be checked. Is that correct?
CSeq values are unique to the dialog (or register's "pseudo dialog"). Since the register's Call-Id changed, it is a different "pseudo dialog". > The Registrar should update the binding by replacing the old Call-Id. The binding is updated (assuming reach that far within rfc3261 section 10.3); changing Call-Id would only be one aspect. > So , unless the Registrar is configured to authenticate a UAC, any > endpoint can send a REGISTER with a different Call-ID and cause the > Registrar to update its bindings. Is that correct? If you are asking for security reasons, you should read rfc3261 section 26 (especially section 26.3.2.1). Attempting to toy with another's existing binding is only one of many things an attacker can try to do. If you are accidental reasons, the answer is usually no since the Contact (i.e. part of the binding mechanism) would be different. Thus it would create an additional binding. _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
