sip-4----Page:8
1 2 3 4 5 6 7 8 9 10
|
What is the solution space? Strategy 1: Increase transaction security Try to prevent adversaries from learning enough about transactions/dialogs to forge responses Strategy 2: Provide a causal trace of intermediary agency after the fact E.g., Request History (post-facto authorization at UAC) Each intermediary sending a backwards-direction NOTIFY (i.e., an implicit SUBSCRIBE) Strategy 3: Let the UAC explore new targets for a request rather than an intermediary E.g., Redirection (before the fact authorization at UAC) Spidering contacts via presence before sending a “real” request Strategy 4: Essentially do nothing – bar for attackers is high enough that we shouldn’t worry |