A SIP entity receiving a compressed message has to decompress it and
to parse it. This requires slightly more processing power than only
parsing a message. This implies that a denial of service attack
using compressed messages would be slightly worse than an attack with
uncompressed messages.
An attacker inserting the parameter comp=sigcomp in a SIP message
could make a SIP entity send compressed messages to another SIP
entity that did not support SigComp. Appropriate integrity
mechanisms should be used to avoid this attack.
