Hi, We still need text for the security section in the 199 draft.
Robert said the following in his comments on the draft: "There's a lot to talk through here. For instance, I can spoof 199s to affect how a call is ultimately answered in ways that are different (from the endpoints visibility into what happened point-of-view) from cancels/byes or even other response manipulation." As Robert says, calls can already be affected by spoofing responses and/or CANCEL/BYE requests, so I guess the text we are looking for is the "different ways" of spoofing that 199 could be used for. If a spoofed 199 is sent to a UAC, the UAC will (assuming it supports 199) terminate that specific dialog. If a spoofed non-200 final response is sent to a UAC, it will terminate the whole session setup. So, I guess someone could use 199 to terminate a dialog which would be used to provide the UAC with some important information, but the call setup would still continue. However, the same thing could be achieved by spoofing a BYE towards the UAC on the same dialog (eventhough I think many terminals would terminte the whole session setup in that case...). Feel free to do some brainstorming :) Regards, Christer
_______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
