5.1 Security Considerations for Implementers

Security considerations for authenticated RPCs that are used in the Telephony Remote Protocol are as specified in [MS-RPCE]. The client always performs authenticated RPCs.

The RPC connection uses the ncacn_ip_tcp protocol sequence. Both client and server use RPC_C_AUTHN_LEVEL_PKT_PRIVACY for ClientAttach and RemoteSPAttach, respectively, based on the version of Windows that supports this level of authentication. Either the client or the server can reject unencrypted packets based on configuration.<11>

The server performs access control checks based on the credentials of the user.