[OpenSIPS-Users] [OpenSIPS-Devel] Presence Subscriptions from External Domains
Adrian Georgescu
ag at ag-projects.com
Thu Aug 26 16:01:58 CEST 2010
I remember that some opposed the use of this RFC when it came about telephone numbers because there is no domain part involved.
For Presence I do not see telephone numbers involved but only SIP URIs. Would there be other issues against the use of this RFC for this very purpose?
Adrian
On Aug 26, 2010, at 1:34 PM, Olle E. Johansson wrote:
>
> 26 aug 2010 kl. 12.46 skrev Adrian Georgescu:
>
>> Hello,
>>
>> I have a question maybe someone can help or comment.
>>
>> How can one protect in the real world against faking the identity of presence subscriptions originating from foreign domains?
>>
>> The scenario is:
>>
>> Once userA at domainA accepts presence subscriptions from userB at domainB and his pre-rules is updated with this information, nobody stops somebody else to impersonate userB at domainB to send subscribe messages from any source and presenting the same From header.
>>
>> How can the server that serves domainA check for the real identity of the foreign subscriber?
>>
>> Can anyone comment what would be a good practical solution?
>
> No, what you're talking about is trust between domains. SIP identity is trying to get a grip on that, as well as a few other identity solutions, including S/MIME in the good ol' RFC 3261.
>
> /O
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
More information about the Users
mailing list