Elwell, John wrote:
Also, the B2BUA could handle the SUBSCRIBE by its own, this is, > becoming a dialog presence server instead of forwarding the SUBSCRIBE > to the UA. > B2BUA must handle all this stuff since they are, in fact, the end > point, not the UA's behind them.[JRE] This reduces it to transitive trust, i.e., no better than P-Asserted-Identity.
Yes. Excepting cryptographic approaches: with any man-in-the-middle, you're at the mercy of that man-in-the-middle, regardless of whether their presence is an attack.
/a _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors at cs.columbia.edu for questions on current sip Use sipping at ietf.org for new developments on the application of sip