<div dir="ltr"><div>On the side of the person needing to comply, one need only make sure the source code is carefully published. On the side of the person wishing to access the source code, the only alternative is to turn on logging or use a hacked client. I don't think it would be permissible to emit no notice regarding the source code at all simply because the protocol doesn't make it easy to read.</div><div dir="ltr"><br></div><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Aug 15, 2019 at 3:43 AM Kevin P. Fleming <<a href="mailto:kevin%2Bosi@km6g.us">kevin+osi@km6g.us</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Bruce's point about the<br>
information being visible in the network traffic was considered in our<br>
discussions, but then we realized that any implementation which used<br>
SIPS (SIP over TLS, analogous to HTTPS) would mean that the<br>
information would *not* be visible in the network traffic; it would<br>
only be visible inside the client software after decryption.</blockquote></div></div>