IETF Logo Mail Archive

Re: privacy without b2bua, was: Re: third alternative (was RE: [Sip] RE: Identity after reinvite)

Paul Kyzivat <pkyzivat@cisco.com> Wed, 24 November 2004 14:37 UTC

Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA27911 for <sip-web-archive@ietf.org>; Wed, 24 Nov 2004 09:37:31 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CWyKs-000147-DJ for sip-web-archive@ietf.org; Wed, 24 Nov 2004 09:41:34 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CWyEi-0006W5-Qb; Wed, 24 Nov 2004 09:35:12 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CWyDn-0006EL-Jr for sip@megatron.ietf.org; Wed, 24 Nov 2004 09:34:15 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA27738 for <sip@ietf.org>; Wed, 24 Nov 2004 09:34:13 -0500 (EST)
Received: from sj-iport-2-in.cisco.com ([171.71.176.71] helo=sj-iport-2.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CWyHg-0000Ua-Cp for sip@ietf.org; Wed, 24 Nov 2004 09:38:16 -0500
Received: from sj-core-2.cisco.com (171.71.177.254) by sj-iport-2.cisco.com with ESMTP; 24 Nov 2004 06:37:07 -0800
Received: from flask.cisco.com (IDENT:mirapoint@flask.cisco.com [161.44.122.62]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id iAOEXeAC014943; Wed, 24 Nov 2004 06:33:41 -0800 (PST)
Received: from cisco.com (che-vpn-cluster-2-194.cisco.com [10.86.242.194]) by flask.cisco.com (MOS 3.4.6-GR) with ESMTP id ANG68930; Wed, 24 Nov 2004 09:33:39 -0500 (EST)
Message-ID: <41A49BC2.4020908@cisco.com>
Date: Wed, 24 Nov 2004 09:33:38 -0500
From: Paul Kyzivat <pkyzivat@cisco.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Jonathan Rosenberg <jdrosen@cisco.com>
Subject: Re: privacy without b2bua, was: Re: third alternative (was RE: [Sip] RE: Identity after reinvite)
References: <24EAE5D4448B9D4592C6D234CBEBD597089963@stntexch03.cis.neustar.com> <41A44526.3080703@cisco.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7aafa0432175920a4b3e118e16c5cb64
Content-Transfer-Encoding: 7bit
Cc: 'Cullen Jennings' <fluffy@cisco.com>, "'sip@ietf.org'" <sip@ietf.org>, 'David R Oran' <oran@cisco.com>, "Peterson, Jon" <jon.peterson@neustar.biz>
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Sender: sip-bounces@ietf.org
Errors-To: sip-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f607d15ccc2bc4eaf3ade8ffa8af02a0
Content-Transfer-Encoding: 7bit

Jonathan - inline.

	Paul

Jonathan Rosenberg wrote:
> 
>> RFC3323 is about due for an update, I think, because the major functions
>> that it provides can be performed without a B2BUA, thanks to new SIP
>> mechanisms like GRUUs and session-policy. So while I agree that an
>> anonymization service is the right approach to this problem, these days I
>> think you can probably build an anonymization service without building a
>> B2BUA.
> 
> I believe this is probably true. Here's how I think it'd work:
> 
> A client that wants to make an anonymous call contacts a TURN server 
> providing anonymization services. That server provides the client with 
> IP addresses and ports that it can use in its Via, contact, and SDP. The 
> From field is anonymized. A privacy header is inserted. The request is 
> sent via the TURN server to the user's outbound proxy. That proxy can 
> still authenticate the client, and even insert an identity header that 
> at least vouches that the client is a legit client that is just anonymous.

While I buy the approach, I don't think what you are describing is a 
TURN server. It is a combination of a TURN server and a SIP 
anonymization server. And I don't even see how this can be viewed as one 
thing. The client has to contact a TURN server from the address/port it 
intends to use for media. For multiple media streams it needs to do this 
multiple times from different source ports. It also has to contact the 
sip anonymization server to set up the sip anonymization. Then it can 
proceed as you describe.

Still seems like a good approach - but it requires additional servers / 
protocols, and extra work on the part of the client. I can see how some 
might find it easier to just send a sip request to a server that does 
all the work by magic.

	Paul

> The provider of the anonymization server (turn in this case) can be 
> completely decoupled from the sip provider. That provides an excellent 
> level of anonymity compared to even a b2bua. The b2bua approach would 
> still allow the recipient to trace the IP address in the SDP and Contact 
> to the particular provider; this might not be sufficient (I don't recall 
> off hand if rfc3323 discusses this problme).
> 
> It also means that there is no need to signal things like header or 
> media level privacy. The client simply chooses to obfuscate (using the 
> learned turn addresses) whatever fields it wishes to anonymize. This has 
> the impact of simplifying the privacy spec significantly. Indeed, it 
> would seem that it is hardly needed at all...




_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip

v2.23.0 | Report a Bug | By Email