Open Issues Do UAC and UAS need to know about media changes requested of their peer? Do we need to encrypt media policies so that only UAC/UAS can see them? Hard to achieve Sips would get us privacy excepting in-path elements – seems good enough to me Mechanism must not introduce DoS – is this stating the obvious? Proposal: rephrase as – must not introduce amplification on unauthenticated requests |