Re: [Sipping] Further proceeding with draft-ietf-sipping-update-pai--05

["Francois Audet" <audet at nortel.com>]

> > I am not sure why we believe that response identity IN THIS 
> CONTEXT is 
> > any more vulnerable than request indentity. For 
> RFC4474-style secure 
> > request identity, sure, but in the case of PAI, requests are not 
> > authenticated in the first place.
> [JRE] They are supposed to be. Unless a proxy has 
> authenticated the UA, it has no right to assert an identity 
> (unless just passing on an assertion from an upstream entity 
> that is trusted in accordance with Spec(T)). Now whether this 
> is adhered to in practice is another matter, but I don't 
> think we should relax this in an RFC.

So are we talking about HTTP-digest here?
_______________________________________________
Sipping mailing list  https://www.ietf.org/mailman/listinfo/sipping
This list is for NEW development of the application of SIP
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sip at ietf.org for new developments of core SIP