Am 17.04.2011 13:54, schrieb Juha Heinanen: > Iñaki Baz Castillo writes: > >> Depending on our topology we can just ask for authentication for every >> in-dialog request (unless it comes from a trusted node as a PSTN gw) >> but without trying to check the identity of the in-dialog request >> originator. Well, the identity is asserted by the proxy after >> authentication success. During an in-dialog request it doesn't matter >> the From/To URI value (this is not true in an initial INVITE in which >> From is usually used for accounting and CLI. > > inaki, > > lets say that a sip ua has dialog established with pstn gw and the sip > ua sends refer to pstn gateway for the purpose of transferring the call > to another pstn destination. in that case, referred-by uri is used for > accounting of the new pstn leg.
I use Asterisk as AS/GW and I do not trust Refered-By (especially within Asterisk it is not authenticated thus it can contain anything) - I use the peer information in Asterisk internally for accounting. Of course it should be safe to use Refered-By header if you requires authentication and check auth-user with Refered-By. (maybe i should add this to my proxy :) regards klaus _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users