> Such a return routability check is probably the best SIP can do in the > presence of SBCs and the inability to get > draft-fischer-sip-e2e-sec-media-01.txt or draft-wing-sip-identity-media-03.txt > off the ground. > > -d
I believe this sums it up; correct and balanced. Henry On 10/28/08 10:52 PM, "Dan Wing" <[EMAIL PROTECTED]> wrote: >> With SIP, you don't know that the originating UAS has the same name as >> it is claiming to have, because you got the SIP message from some >> nearby proxy. DERIVE is more like doing a reverse DNS lookup to see >> if the originating host has the name that it claims to have. > > Yeah, that's walking the DNS tree. It is valuable; heck, IETF's own > mailservers are doing it to reduce spam so it Must Be Good! :-) > > DERIVE is checking to see if your SIP routing takes you to the > same place that (claims to) be originating the incoming INVITE. > It is using your *outgoing* SIP routing -- which you must already > trust to send outbound messages -- to test the validity of the > (proported) From: address of an incoming INVITE. > > > Such a return routability check is probably the best SIP can do in the > presence of SBCs and the inability to get > draft-fischer-sip-e2e-sec-media-01.txt or draft-wing-sip-identity-media-03.txt > off the ground. > > -d > > _______________________________________________ > Sip mailing list https://www.ietf.org/mailman/listinfo/sip > This list is for NEW development of the core SIP Protocol > Use [EMAIL PROTECTED] for questions on current sip > Use [EMAIL PROTECTED] for new developments on the application of sip _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
