Greetings again. draft-holmberg-dispatch-iotl describes a new SIP URI parameter that indicates "indicate that the entity associated with the address, or an entity responsible for the host part of the address, represents the end of a specific traffic leg (or multiple traffic legs)". The security considerations are short: The information SHOULD only be used for making policy decisions based on the role by nodes within the same trust domain [RFC3325]. In addition, there MUST exist an agreement between the operators for usage of the roaming role information. URIs passed are protected as well as anything in SIP: completely if you're actually using TLS, not at all if you're not. A MITM fiddling with this parameter on SIP-without-TLS can cause problems, but those problems are approximately the same as for all other parts of the unprotected URI. I'm not a fan of having every SIP document say "if you aren't using TLS like we said you should, you're in danger", so I think it is fine that this one doesn't say that. There are no other significant security considerations beyond the one above. --Paul Hoffman