>>>>> "Stefan" == Stefan Paetow <[log in to unmask]> writes: Stefan> first paragraph of Section 2.1, Chargeable-User-Identity attribute, Stefan> explicitly forbids any changes outside the home organisation, Stefan> although, as you pointed out, there is no technical way to prevent Stefan> that. Additionally, Section 6 (Security Considerations) points out the Stefan> technical deficiency, but again reiterates the requirement that the Stefan> CUI may not change in transit. However the RFC also encourages home organizations to frequently change the CUI.