Re: [Sip] FW: I-D Action:draft-kaplan-sip-session-id-00.txt

[Hadriel Kaplan <HKaplan at acmepacket.com>]

> -----Original Message-----
> From: Paul Kyzivat [mailto:pkyzivat at cisco.com]
> Sent: Friday, November 28, 2008 3:49 PM
>
> I think it might be worth some effort to attempt an agreement by which
> B2BUAs don't have to change callids. For instance, agree on some form of
> callid that b2bua's can recognize as "safe" - not including domain names
> that might leak some "proprietary" info about the source network.

Yeah that's what I was hoping we could do too a while ago.  But it appears that won't succeed - B2BUA's are changing them for other reasons than just the security one.  One reason I know of is to track separate dialogs they create, ironically.  But I really don't know all the reasons they're doing it - there are lots of vendor devices doing it, and it's clear they're not all doing it for security purposes.

Doing this in a new header has another advantage over that as well, fwiw - if we mandate not changing "safe" call-id values, all b2bua's along the path have to stop changing it, and the UAC has to create a "safe" one.  If we do a new header, only some b2bua's need to change for matching to work in most cases.  All of them would need to pass the header for it to work, but my assumption is that's more likely.  It may be a false assumption, but from the traces I get to see, it looks like new headers get through fairly often. (at least those without URI's)

-hadriel
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip