Browse code

additional issue: paying for seemingly free destinations

Jiri Kuthan authored on 01/03/2003 08:34:19
Showing 1 changed files
... ...
@@ -47,3 +47,19 @@ if not to me (I'm relaying for a local phone to an external address)
47 47
         proxy_authorize (once again, based on from address)
48 48
         done
49 49
 
50
+
51
+Another Concern Raised by Juha
52
+------------------------------
53
+What if users with valid credentials in a domain will call
54
+someone, whose SIP address is rededirected/referred/forwarded
55
+to an accounted PSTN destination? Callers will then "dial"
56
+a sip URI (bob@iptel) which will be turned without their
57
+awareness to (900-666666@iptel), challenged by gateway,
58
+automatically answered by most of existing software today
59
+and accounted then.
60
+
61
+Solutions?
62
+- don't submit credentials automatically in UAC if challenge uri!=
63
+  dialing uri; pop up a confirmation prompt in UA
64
+- challenge with a different realm which will take authentication
65
+- be restrictive and ban forwarding, REFERs, 3xx