On Fri, Mar 6, 2009 at 12:44 AM, Hadriel Kaplan <hkap...@acmepacket.com> wrote: > > >> -----Original Message----- >> From: Elwell, John [mailto:john.elw...@siemens.com] >> Sent: Thursday, March 05, 2009 12:15 PM >> >> Should we specify something that would make life easier for >> proxies/B2BUAs to detect compliance with this, e.g., a magic string at >> the start of the call-ID, rather than simply the absence of "@"? > > At one point I was thinking of just making it either be an "invalid" host: > Call-ID: randomstuffheregibber...@invalid > > Or a fixed-length hex-ascii type thing (like Session-ID). But then someone > pointed out to me that some devices already don't put their IP/host in it, so > there's no reason to go make them change their implementation, nor replace > their call-id until they do. > > The thing is I think that a proxy/b2bua which cares about this for security > properties, would need/want to scan the whole call-id for something which > looks like a host/IP anyway, to make a dynamic decision. So having a magic > string won't help them. And B2BUA's which change it for non-security reasons > will change it no matter what, because it's not the privacy property they > care about.
IMO the UAS shall be able to know whether or not the call-id is end-to-end (e.g. INVITE-Initiated Dialog Event Package: a B2BUA can't fix the call-id if the return-routed subscribe request gets routed along a different path). -- Victor Pascual Ávila _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implement...@cs.columbia.edu for questions on current sip Use sipp...@ietf.org for new developments on the application of sip
