[SR-Users] How to validate re-invites without challenging them?

19 Sep 2023


      Hi List
At the moment, we challenge every invite (and re-invite) to make sure
the customer is authenticated.
Now we have one kind of PBX, which never does not authenticate when we
challenge a Re-Invite.
According to the vendor of that PBX's RFC interpretation, answering a
challenge to a re-invite is optional. If that is ignored by the PBX,
then the existing established dialog shall not end.
Unfortunately this causes the session timer to run out.
I am therefore wondering, if there is a safe way not to challenge
re-invites.
A Re-Invite contains a To-Tag. So I could bypass authentication on
presence of a to-Tag. But then, how do I prevent a customer to just set
a spoofed To-Tag to circumvent authentication?
Is there a feasible way?
Mit freundlichen Grüssen
-Benoît Panizzon-
-- 
I m p r o W a r e   A G    -    Leiter Commerce Kunden
______________________________________________________

Zurlindenstrasse 29             Tel  +41 61 826 93 00
CH-4133 Pratteln                Fax  +41 61 826 93 01
Schweiz                         Web  http://www.imp.ch
______________________________________________________

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

[SR-Users] How to validate re-invites without challenging them?