> With SIP, you don't know that the originating UAS has the same name as > it is claiming to have, because you got the SIP message from some > nearby proxy. DERIVE is more like doing a reverse DNS lookup to see > if the originating host has the name that it claims to have.
Yeah, that's walking the DNS tree. It is valuable; heck, IETF's own mailservers are doing it to reduce spam so it Must Be Good! :-) DERIVE is checking to see if your SIP routing takes you to the same place that (claims to) be originating the incoming INVITE. It is using your *outgoing* SIP routing -- which you must already trust to send outbound messages -- to test the validity of the (proported) From: address of an incoming INVITE. Such a return routability check is probably the best SIP can do in the presence of SBCs and the inability to get draft-fischer-sip-e2e-sec-media-01.txt or draft-wing-sip-identity-media-03.txt off the ground. -d _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
