History-Info – 2 options for Robust Security draft-ietf-sip-identity-02: Redirect ONLY in the case of retargeting “to a domain for which the processing entity is not responsible” Scenario is a corner case and not the most likely one involving History-Info, thus impact is likely less than perceived. Seems to put a large burden on points of Interworking and UAC, rather than the intermediary. May be difficult to make backwards compatible. Obviates the need for intermediary involvement and a transitive trust model. 2. draft-ietf-mahy-sipping-add-body: Proposes to “relax” restriction that proxies cannot add message bodies to allow securing information added by intermediaries. Provides a general purpose mechanism, thus avoiding the requirement to define P-headers for cases where this functionality is useful. Doesn’t entirely resolve the “robust” security problem for History-Info - another intermediary needs to unpack to access index (transitive model) Facilitates Interworking |