I was just trying to help this not get bogged down.
On Nov 20, 2008, at 17:17 , Alan Johnston wrote:
Cullen Jennings wrote:
>
> On Nov 17, 2008, at 10:22 , Alan Johnston wrote:
> <snip>
>>
>>
>> If you have issues with the requirements in the draft, let us
know so we
>> can clarify them.
>>
> I can easily imagine cases where customer sensitize information was
> transfered over this and it was going to an remote agent phone that
> went through another trust domain to route the call to the agent. In
> these cases, I think an important requirement would be to protect
the
> draft from authorized access by intermediaries.
>
Cullen,
Here's the text from the Security Considerations section of the
draft -
let me know if it is not sufficient:
In some cases, it [UUI] may carry private information
that may need confidential transport and integrity protection.
Standard SIP security mechanisms can be used to secure this header
field. For example, TLS transport can provide single hop
confidentiality and integrity protection. For multiple hop or end-
to-end confidentiality and integrity protection, S/MIME can be
utilized.
Uh, I can understand how S/MIME protects a body but seems like a bit
more might be needed to explain how it protects a header.
Thanks,
Alan
>>
>
> Cullen in my individual contributor role
>
>
>
_______________________________________________
Sipping mailing list https://www.ietf.org/mailman/listinfo/sipping
This list is for NEW development of the application of SIP
Use sip-implementors@xxxxxxxxxxxxxxx for questions on current sip
Use sip@xxxxxxxx for new developments of core SIP
_______________________________________________
Sipping mailing list https://www.ietf.org/mailman/listinfo/sipping
This list is for NEW development of the application of SIP
Use sip-implementors@xxxxxxxxxxxxxxx for questions on current sip
Use sip@xxxxxxxx for new developments of core SIP
