494 Security Agreement Required
Category : Uncategorized
Alert info. If an INVITE request is present, the Alert-Info header field indicates an alternative ringtone to the UAS. If there are 180 (ringtone) in a response, the Alert-Info header field indicates an alternative ringtone to the UAC. A typical use is for a proxy to insert this header field to provide a distinctive rings function. The Alert-Info header field may cause security risks. In addition, a user should be able to selectively disable this feature. The 494 Security Agreement Required  response is used to deny a requirement containing a Require: sec-agree header field as part of the security agreement mechanism. Call info. This field contains additional information about the caller or caller, depending on whether it is found in a query or response. The purpose of the URI is described by the purpose parameter. The “icon” parameter refers to an image that is appropriate as an iconic representation of the caller or caller. The “info” parameter describes the caller or caller in general, for example.B. through a website.
The “card” parameter provides a business card, for example. B in vCard or LDIF format. Additional tokens can be registered with IANA. Using the call information header field may pose a security risk. If a caller retrieves the URIs provided by a malicious caller, the caller may be likely to display inappropriate or offensive content, dangerous or illegal content, etc. Therefore, it is recommended that a UA return the information in the call header field only if it can verify the authenticity of the item that created the header field and trusts that item. It is not necessarily the AU by peers; A proxy can insert this header field into the requirements. The core of the UAC.
(RFC 3261) The set of processing functions necessary for a UAC located above the transaction and transport layers. Event package. (RFC 3265) An event packet is an additional specification that defines a set of status information communicated by a notification to a subscriber. Event packets also define additional syntax and semantics based on the framework defined in this document and necessary to transmit this status information. Server. Contains information about the software used by the UAS to process the requirement. By disclosing the specific software version of the server, the server may be more vulnerable to attacks on software that is known to contain security vulnerabilities. Implementers MUST make the server field a configurable option. sec-agree. This option day indicates support for the security agreement mechanism.
When used in require or Proxy Require headers, it is said that proxy servers must use the security agreement mechanism….