[SR-Users] Call-ID Uniqueness and safety?
Mark Boyce
mark at darkorigins.com
Thu Feb 13 10:07:05 CET 2020
Hi all
Over coffee we’ve been discussing the uniqueness and safety of call-id this morning. Lots of things like RTPEngine recording use call-id to generate filenames (yes it does escape them first :-). Not to mention dialog tracking (also uses from/to tags) etc.
Which got us thinking. As call-id is determined by the first SIP packet that normally comes from a UA, should we care if this UA was broken or worse malicious?
What would happen if they were repeated? For example we may struggle to determine a recordings owner in RTPEngine (file name format is callid+random.wav).
For security should we be rejecting requests where we’ve seen the call-id before?
All theoretical over coffee, as it was that or start working!
Just wondering what peoples thoughts were?
Cheers
Mark
More information about the sr-users
mailing list