RE: [Sip] SIP Identity using Media Path

["Christer Holmberg (JO/LMF)" <christer.holmberg@xxxxxxxxxxxx>]

Hi Dan, 

>>Section 4.1, item about Contact:
>> 
>>How can the Contact header usefully be used in the signing process? An

>>SBC along the message path will happily replace it.
> 
>I have removed that in -01 (which isn't yet published, of 
>course).  There was some thought it was necessary, but I 
>agree it should be removed from the signature.
> 
>On a similar note, I am considering removing CallId from the 
>signature.
>Oftentimes the Call Id value contains an IP address (in 
>dotted decimal or hex), and an SBC or B2BUA may also want to 
>rewrite such a CallId.  I have made a note of that in -01 so 
>this can be discussed.

An SBC can modify almost any header. Looking at chapter 4.1, I would say
that at least the To- and From headers are in the "risk zone" (EVEN if
you only use the addr-spec part).

The CSeq (at least the digit portion) may also be modified, for example
if there has been some "dialog piggybacked" requests sent between the
SBC and another entity, but not end-to-end. In that case the the SBC may
have to increase the CSeq before forwarding the request, if the digit
portion value has already been used in a request sent by the SBC in the
same direction.

Regards,

Christer