Cesc Santasusana writes: > Fair enough, but then what do you do against fake BYE messages? If > you do not authenticate them somehow, anybody could sniff the INV > message (and OK/ACK), take the needed fields, and tear down the > session. there is very little you can do to prevent that unless you use tls for signaling. -- juha