sip-4----Page:4
1 2 3 4 5 6 7 8 9 10
|
Response Identity is Hard™ Issues: Who are you impersonating when you forge a response? What are intermediaries authorized to do when routing SIP requests? How would a UAC make authorization decisions on the basis of response identity? Architectural properties that make this harder: Lack of distinction between AoRs and contract addresses and ‘identities’ |