Am 17.04.2011 13:54, schrieb Juha Heinanen:
IƱaki Baz Castillo writes:
Depending on our topology we can just ask for authentication for every in-dialog request (unless it comes from a trusted node as a PSTN gw) but without trying to check the identity of the in-dialog request originator. Well, the identity is asserted by the proxy after authentication success. During an in-dialog request it doesn't matter the From/To URI value (this is not true in an initial INVITE in which From is usually used for accounting and CLI.
inaki,
lets say that a sip ua has dialog established with pstn gw and the sip ua sends refer to pstn gateway for the purpose of transferring the call to another pstn destination. in that case, referred-by uri is used for accounting of the new pstn leg.
I use Asterisk as AS/GW and I do not trust Refered-By (especially within Asterisk it is not authenticated thus it can contain anything) - I use the peer information in Asterisk internally for accounting.
Of course it should be safe to use Refered-By header if you requires authentication and check auth-user with Refered-By. (maybe i should add this to my proxy :)
regards klaus