5.1 Security Considerations for Implementers

This protocol does not require any special security considerations beyond what is natively defined for SIP, except for the following.

The ms-diagnostics header added by the SIP server could contain information that is private or of a sensitive nature for the enterprise, such as information about a SIP server in the enterprise. Hence, the ms-diagnostics header needs to be removed from SIP requests and SIP responses that are sent to users outside the enterprise, such as to federated partners and unauthenticated users. For reporting errors and troubleshooting information to federated partners and unauthenticated users, the ms-diagnostics-public header can be used.<6>