On Wed, Nov 19, 2008 at 9:39 PM, Hadriel Kaplan <[EMAIL PROTECTED]> wrote: > BTW, I think it still is subject to the Baiting attack. I make a Bank call > me, and I then re-use its call-id+tag in an INVITE I send to you. Since it's > the same call-id and tag, Bank will say "yes I'm making that call".
In the current spec, all subscriptions should be authorized before approval and a caller (Bank) should accept subscribe requests only from URIs to which it has sent an INVITE-request (Hadriel). -- Victor Pascual Ávila _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
