Hi Dan, >>Section 4.1, item about Contact: >> >>How can the Contact header usefully be used in the signing process? An
>>SBC along the message path will happily replace it. > >I have removed that in -01 (which isn't yet published, of >course). There was some thought it was necessary, but I >agree it should be removed from the signature. > >On a similar note, I am considering removing CallId from the >signature. >Oftentimes the Call Id value contains an IP address (in >dotted decimal or hex), and an SBC or B2BUA may also want to >rewrite such a CallId. I have made a note of that in -01 so >this can be discussed. An SBC can modify almost any header. Looking at chapter 4.1, I would say that at least the To- and From headers are in the "risk zone" (EVEN if you only use the addr-spec part). The CSeq (at least the digit portion) may also be modified, for example if there has been some "dialog piggybacked" requests sent between the SBC and another entity, but not end-to-end. In that case the the SBC may have to increase the CSeq before forwarding the request, if the digit portion value has already been used in a request sent by the SBC in the same direction. Regards, Christer _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
