[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] INFO considered harmful

inline.

Christer Holmberg wrote:

Hi,



Now, does this mean that we also need to restrict what kind of message
body types we allow in INVITE, re-INVITE and UPDATE?

Not really. INVITE means something: it means "I'm trying to set up a
session, and here's a description of that session." The first half ("I'm
trying to set up a session") has specific semantics associated with it. The
second half ("here's a description of that session") tells you exactly what
goes in the body.

INFO just says "Here's a framed chunk of data."

There is no valid comparison between the two.


I agree that the semantics of the commands are different. However, one IS
allowed to include any kind of message body in the INVITE request, to provide
whatever "extra information" about the session (text, HTML, whatever...), so
someone could argue that whatever stuff they put into the INVITE does provide
"extra information" about the session...
There is a huge difference that you are ignorning.

The semantics of INVITE are well defined. SIP-guidelines says bodies can't change that basic semantic. Same with UPDATE.

INFO has no defined semantic. Thus, it is not currently a violation of the spec (and indeed, seemingly encouraged by it) to place all kinds of stuff in it. THis is why we HAVE seen abuse of INFO, but not INVITE or UPDATE.

-Jonathan R.


--
Jonathan D. Rosenberg, Ph.D. 72 Eagle Rock Ave.
Chief Scientist First Floor
dynamicsoft East Hanover, NJ 07936
jdrosen@dynamicsoft.com FAX: (973) 952-5050
http://www.jdrosen.net PHONE: (973) 952-5000
http://www.dynamicsoft.com

_______________________________________________
Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip