Hi,
We still need text for the security section in the 199 draft.
Robert said the following in his comments on the draft:
"There's a lot to talk through here. For instance, I can spoof 199s to affect how a call is ultimately answered in ways that are different (from the endpoints visibility into what happened point-of-view) from cancels/byes or even other response manipulation."
As Robert says, calls can already be affected by spoofing responses and/or CANCEL/BYE requests, so I guess the text we are looking for is the "different ways" of spoofing that 199 could be used for.
If a spoofed 199 is sent to a UAC, the UAC will (assuming it supports 199) terminate that specific dialog. If a spoofed non-200 final response is sent to a UAC, it will terminate the whole session setup. So, I guess someone could use 199 to terminate a dialog which would be used to provide the UAC with some important information, but the call setup would still continue. However, the same thing could be achieved by spoofing a BYE towards the UAC on the same dialog (eventhough I think many terminals would terminte the whole session setup in that case…).
Feel free to do some brainstorming :)
Regards,
Christer
_______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors at cs.columbia.edu for questions on current sip Use sipping at ietf.org for new developments on the application of sip