> -----Original Message----- > From: Paul Kyzivat [mailto:[EMAIL PROTECTED] > Sent: Friday, November 28, 2008 3:49 PM > > I think it might be worth some effort to attempt an agreement by which > B2BUAs don't have to change callids. For instance, agree on some form of > callid that b2bua's can recognize as "safe" - not including domain names > that might leak some "proprietary" info about the source network.
Yeah that's what I was hoping we could do too a while ago. But it appears that won't succeed - B2BUA's are changing them for other reasons than just the security one. One reason I know of is to track separate dialogs they create, ironically. But I really don't know all the reasons they're doing it - there are lots of vendor devices doing it, and it's clear they're not all doing it for security purposes. Doing this in a new header has another advantage over that as well, fwiw - if we mandate not changing "safe" call-id values, all b2bua's along the path have to stop changing it, and the UAC has to create a "safe" one. If we do a new header, only some b2bua's need to change for matching to work in most cases. All of them would need to pass the header for it to work, but my assumption is that's more likely. It may be a false assumption, but from the traces I get to see, it looks like new headers get through fairly often. (at least those without URI's) -hadriel _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
