RFC 3329, "Security Mechanism Agreement for the Session Initiation Protocol (SIP)", January 2003Source of RFC: sip (rai)
Errata ID: 2169
Status: Held for Document Update
Publication Format(s) : TEXT
Reported By: Peter Dawes
Date Reported: 2010-04-23
Held for Document Update by: Robert Sparks
Section 4.1 says:
The 200 OK response (6) for the INVITE and the ACK (7) are also sent over the TLS connection. The ACK will contain the same Security- Verify header field as the INVITE (3).
It should say:
The 200 OK response (6) for the INVITE and the ACK (7) are also sent over the TLS connection.
RFC3329 Section 2.6, Table 1: Summary of Header Usage. indicates that Security-Client, Security-Server, Security-Verify are "Not applicable" to the SIP ACK request.
RFC 3261 says (section 20) "Not applicable" means that the header
field MUST NOT be present in a request. If one is placed in a
request by mistake, it MUST be ignored by the UAS receiving the