El Sábado, 25 de Octubre de 2008, Victor Pascual Ávila escribió: > The > UAS verifies the "From" header by subscribing to the Dialog Event > package [RFC 4235] at the AOR in the "From" header field. If the > entity calling is registered under this AOR, it will confirm that it > is calling by sending some valid dialog state. In this case, the > identity of the caller is considered to be verified.
A question about caller privacy: I hope this mechanims doesn't requiere that 'anyone' can subscribe to the call status of 'anyone'. This is: Alice Proxy 1 (atlanta.com) Proxy 2 (biloxi.com) Bob In order this draft to work, Alice must allow a SUBSCRIBE (Event: dialog) from Bob, but why should Alice allow Bob monitorizing *all* her calls? So, Alice or Proxy 1 should just allow SUBSCRIBE (Event: dialog) from Bob if the Event header includes 'call-id' and 'to-tag' parameters, i.e: Event: dialog;[EMAIL PROTECTED];to-tag=9fxced76sl If not, Alice or Proxy 1 should deny the request with "403 Forbidden". I know that this draft doesn't involve authorization requeriments, but in a real world how would the privacy mechanism be achieved? I suggest that a proxy should allow SUBSCRIBE (Event: dialog) for its local users just if the Event header includes 'call-id' and 'to-tag' parameters. Also, dialog event package is commonly implemented at proxy level with a presence agent instead of forwarding the SUBSCRIBE's to the UA's. In this manner, a default policy in a proxy would allow this draft mechanism working without exposing local users privacy. Would it be the correct way? PD: Thanks for proposing a feasible solution instead of proposing exotic specifications that depend on other specifications which nobody implement. -- Iñaki Baz Castillo _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
