Security Changes for RTC Client API version 1.3 (Windows Embedded CE 6.0)
1/6/2010
RTC Client API version 1.3 contains some security-related changes.
Additional client security options for RTC Client
The RTC client can be initialized so that 1) it discards unauthenticated watchers and does not subscribe to any roaming sessions and/or 2) it drops any unauthenticated INVITE, MESSAGE, and OPTION requests.
The IRTCClient2::InitializeEx method can take two additional RTCIF_ Constants for discarding unauthenticated requests (RTCIF_DISABLE_UNAUTH_WATCHERS_AND_ROAMING and RTCIF_DISABLE_UNAUTH_SESSIONS).
Check server certificate against certification authority's certificate revocation list
RTC Client API version 1.3 connects to the certification authority and checks that the server's certificate has not been revoked. If the certificate is revoked, the client does not connect to the server. For more information, see the Microsoft® Office Live Communications Server 2005 Reference Guide.