What about security risks If both parties are registered to the same SIP domain The SIP server can LIE and generate 2 SAML certs to place itself as the Man-in-the-Middle If the parties are in different domains The SIP servers can COLLUDE Each generating 2nd SAML certs Allowing either of both servers to be the Man-in-the-middle |