Re: [sipcore] #16: Privacy behavior is confusing
Paul Kyzivat <pkyzivat@cisco.com> Mon, 30 August 2010 21:01 UTC
Return-Path: <pkyzivat@cisco.com>
X-Original-To: sipcore@core3.amsl.com
Delivered-To: sipcore@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B9E4F3A68A6 for <sipcore@core3.amsl.com>; Mon, 30 Aug 2010 14:01:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.511
X-Spam-Level:
X-Spam-Status: No, score=-110.511 tagged_above=-999 required=5 tests=[AWL=0.088, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s7bU54YL+m+F for <sipcore@core3.amsl.com>; Mon, 30 Aug 2010 14:01:13 -0700 (PDT)
Received: from rtp-iport-2.cisco.com (rtp-iport-2.cisco.com [64.102.122.149]) by core3.amsl.com (Postfix) with ESMTP id A66033A687C for <sipcore@ietf.org>; Mon, 30 Aug 2010 14:01:13 -0700 (PDT)
Authentication-Results: rtp-iport-2.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av0EADG5e0xAZnwM/2dsb2JhbACDFp1TcaMziW2RfYEigyJzBIoJ
X-IronPort-AV: E=Sophos;i="4.56,294,1280707200"; d="scan'208";a="153586865"
Received: from rtp-core-1.cisco.com ([64.102.124.12]) by rtp-iport-2.cisco.com with ESMTP; 30 Aug 2010 21:01:44 +0000
Received: from [161.44.174.142] (dhcp-161-44-174-142.cisco.com [161.44.174.142]) by rtp-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id o7UL1iKl014011; Mon, 30 Aug 2010 21:01:44 GMT
Message-ID: <4C7C1C1F.8040100@cisco.com>
Date: Mon, 30 Aug 2010 17:01:19 -0400
From: Paul Kyzivat <pkyzivat@cisco.com>
User-Agent: Thunderbird 2.0.0.24 (Windows/20100228)
MIME-Version: 1.0
To: sipcore issue tracker <trac@tools.ietf.org>
References: <064.c332b45494f9c1c0917449f41a07017b@tools.ietf.org>
In-Reply-To: <064.c332b45494f9c1c0917449f41a07017b@tools.ietf.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: sipcore@ietf.org
Subject: Re: [sipcore] #16: Privacy behavior is confusing
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sipcore>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Aug 2010 21:01:14 -0000
[ as individual ] This, in combination with the comments I made on privacy, lead me to think that the whole privacy aspect may need to be rethought. Thanks, Paul sipcore issue tracker wrote: > #16: Privacy behavior is confusing > ------------------------------------+--------------------------------------- > Reporter: hkaplan@… | Owner: > Type: enhancement | Status: new > Priority: minor | Milestone: milestone1 > Component: rfc4244bis | Version: 2.0 > Severity: In WG Last Call | Keywords: > ------------------------------------+--------------------------------------- > [I'm submitting this ticket because when I read the draft the first few > times, it kept annoying me. But it could easily just be me and no one > else.] > > Maybe it's just me, but I've read the draft multiple times and I find the > Privacy header stuff for anonymizing H-I headers to be really confusing. > In RFC 3323, the idea was for providing privacy of the *originator* > information. New headers could stipulate they also reveal such > information and thus should be anonymized, but it's really debatable if > H-I entries reveal information about the *originator*, vs. the target. > > The only way I can see they reveal originator info is because they can > reveal the IP Address of the originator's proxy, or originator's domain, > because Alice may send the request to sip:Bob@aliceproxy.com. But in that > context, it's true the aliceproxy.com H-I has to be anonymized, but > clearly not sip:Bob@bobsproxy.com once aliceproxy retargets to that. > Furthermore, by forcing all H-I entries to be anonymized, it breaks the > use of H-I for some pretty important uses. You could say "well that's > what anonymization means", but that's not true - it is NOT the case that a > caller-id anonymized call does not get the right voicemail or ACD service. > Because "anonymized" calls are about originator information, not > destination information. After all, the destination *knows* who you're > calling... it's not a secret to Bob that you called Bob! > > What the draft needs to do is explain there are multiple "types" of > Privacy: privacy to anonymize the originator, privacy to anonymize > diverting targets from subsequent targets and the originator, and privacy > to anonymize the final reached target from the originator. The last two > happen to work the same way: through the Privacy header being embedded in > the H-I entries of responses. The draft then needs to explain *why* the > first case of originator information could be revealed by H-I, and why > there needs to be support for anonymizing all the H-I's using the Privacy > header for that first case. >
- [sipcore] #16: Privacy behavior is confusing sipcore issue tracker
- Re: [sipcore] #16: Privacy behavior is confusing Paul Kyzivat
- Re: [sipcore] #16: Privacy behavior is confusing Mary Barnes