Hi Alan, That resolves all my concerns. However, it might be helpful to include the two following explanations in the draft text.
Thanks! Ben. On Oct 27, 2011, at 10:53 AM, Alan Johnston wrote: […] >> >> >> -- REQ-12: >> >> What degree of certainty is required here? (i.e. strong identity?) If >> implied by the SIP dialog, does that impact expectations on what sort of >> authn must happen at the SIP layer? > > This is not meant to imply strong identity. And since UUI data can appear in > a response, there aren't really any strong methods available with SIP. The > UUI mechanism does not introduce stronger authorization requirements for SIP, > but instead the mechanism needs to be able to utilize existing SIP approaches. > >> >> -- REQ 13: >> >> I'm not sure I understand how this interacts with the ability for >> intermediaries to remove UUI. Should this be detectable by the endpoints? Or >> is that ability limited to the hop-by-hop case, or require no integrity >> protection? > > Yes, there are tradeoffs between this requirement and requirement REQ-9. > Hop-by-hop protection is one way to resolve this interaction. […] _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www.ietf.org/mailman/listinfo/gen-art