Cullen Jennings wrote:
On Nov 17, 2008, at 10:22 , Alan Johnston wrote:
<snip>
If you have issues with the requirements in the draft, let us know so we
can clarify them.
I can easily imagine cases where customer sensitize information was
transfered over this and it was going to an remote agent phone that
went through another trust domain to route the call to the agent. In
these cases, I think an important requirement would be to protect the
draft from authorized access by intermediaries.
Cullen,
Here's the text from the Security Considerations section of the draft -
let me know if it is not sufficient:
In some cases, it [UUI] may carry private information
that may need confidential transport and integrity protection.
Standard SIP security mechanisms can be used to secure this header
field. For example, TLS transport can provide single hop
confidentiality and integrity protection. For multiple hop or end-
to-end confidentiality and integrity protection, S/MIME can be
utilized.
Thanks,
Alan
Cullen in my individual contributor role
_______________________________________________
Sipping mailing list https://www.ietf.org/mailman/listinfo/sipping
This list is for NEW development of the application of SIP
Use sip-implementors@xxxxxxxxxxxxxxx for questions on current sip
Use sip@xxxxxxxx for new developments of core SIP