Dale R. Worley wrote:
But Dan Petrie has convinced me that proxies should not test for merged or looped requests. The reason is that it is impossible for a proxy to accurately determine whether two requests are "the same". Only the recipient UA can determine whether two requests are "the same".
While I agree that a proxy will not be able to determine whether a request merged, it is definitely within the realm of the processing rules of the proxy to do loop detection. In fact, if this is not done, the sort of attack documented in Scott Lawrence's draft can be easily mounted. See http://www.ietf.org/internet-drafts/draft-lawrence-maxforward-problems-00.txt for more information. Thanks, - vijay _______________________________________________ Sip-implementors mailing list [email protected] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
