3.3.5.2 SIP Proxy Operation

If a SIP proxy compliant with this protocol stores any state associated with SIP endpoints, it SHOULD use the value of the UUID from the +sip.instance parameter in the Contact header field, if one is present, combined with the address-of-record from the URI of the From or To header field as an index into its state table. Specifically, the UUID from the +sip.instance parameter and the address-of-record from the From header field SHOULD be used to identify the UAC endpoint in requests, and the UUID from the +sip.instance and address-of-record from the To header field SHOULD be used to identify the UAS endpoint in each response.

Before the UUID from the +sip.instance parameter is used, the SIP proxy MUST obtain the value of the +sip.instance parameter and validate that it conforms to the UUID URN syntax specified in the [RFC2141] and [RFC4122]. Furthermore, if the message is a request and it also contains an epid parameter in the From header field or the message is a response and it also contains an epid parameter in the To header field, the SIP proxy MUST validate that the name-based UUID derived as described in section 3.3.3 from the epid parameter value is equal to the UUID extracted from the +sip.instance parameter value. If validation fails, the proxy SHOULD respond with 400 response code.