IETF Logo Mail Archive

[sipcore] #16: Privacy behavior is confusing

"sipcore issue tracker" <trac@tools.ietf.org> Mon, 30 August 2010 20:14 UTC

Return-Path: <trac@tools.ietf.org>
X-Original-To: sipcore@core3.amsl.com
Delivered-To: sipcore@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ABBB23A6866 for <sipcore@core3.amsl.com>; Mon, 30 Aug 2010 13:14:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.573
X-Spam-Level:
X-Spam-Status: No, score=-102.573 tagged_above=-999 required=5 tests=[AWL=0.027, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7p3wb7qtZOub for <sipcore@core3.amsl.com>; Mon, 30 Aug 2010 13:14:38 -0700 (PDT)
Received: from zinfandel.tools.ietf.org (unknown [IPv6:2001:1890:1112:1::2a]) by core3.amsl.com (Postfix) with ESMTP id A19FC3A67F8 for <sipcore@ietf.org>; Mon, 30 Aug 2010 13:14:36 -0700 (PDT)
Received: from localhost ([::1] helo=zinfandel.tools.ietf.org) by zinfandel.tools.ietf.org with esmtp (Exim 4.72) (envelope-from <trac@tools.ietf.org>) id 1OqAl1-0001Ei-34; Mon, 30 Aug 2010 13:15:07 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: sipcore issue tracker <trac@tools.ietf.org>
X-Trac-Version: 0.11.7
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.11.7, by Edgewall Software
To: hkaplan@acmepacket.com
X-Trac-Project: sipcore
Date: Mon, 30 Aug 2010 20:15:07 -0000
X-URL: http://tools.ietf.org/sipcore/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/sipcore/trac/ticket/16
Message-ID: <064.c332b45494f9c1c0917449f41a07017b@tools.ietf.org>
X-Trac-Ticket-ID: 16
X-SA-Exim-Connect-IP: ::1
X-SA-Exim-Rcpt-To: hkaplan@acmepacket.com, sipcore@ietf.org
X-SA-Exim-Mail-From: trac@tools.ietf.org
X-SA-Exim-Scanned: No (on zinfandel.tools.ietf.org); SAEximRunCond expanded to false
Cc: sipcore@ietf.org
Subject: [sipcore] #16: Privacy behavior is confusing
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.9
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sipcore>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Aug 2010 20:14:41 -0000

#16: Privacy behavior is confusing
------------------------------------+---------------------------------------
 Reporter:  hkaplan@…               |       Owner:            
     Type:  enhancement             |      Status:  new       
 Priority:  minor                   |   Milestone:  milestone1
Component:  rfc4244bis              |     Version:  2.0       
 Severity:  In WG Last Call         |    Keywords:            
------------------------------------+---------------------------------------
 [I'm submitting this ticket because when I read the draft the first few
 times, it kept annoying me.  But it could easily just be me and no one
 else.]

 Maybe it's just me, but I've read the draft multiple times and I find the
 Privacy header stuff for anonymizing H-I headers to be really confusing.
 In RFC 3323, the idea was for providing privacy of the *originator*
 information.  New headers could stipulate they also reveal such
 information and thus should be anonymized, but it's really debatable if
 H-I entries reveal information about the *originator*, vs. the target.

 The only way I can see they reveal originator info is because they can
 reveal the IP Address of the originator's proxy, or originator's domain,
 because Alice may send the request to sip:Bob@aliceproxy.com.  But in that
 context, it's true the aliceproxy.com H-I has to be anonymized, but
 clearly not sip:Bob@bobsproxy.com once aliceproxy retargets to that.
 Furthermore, by forcing all H-I entries to be anonymized, it breaks the
 use of H-I for some pretty important uses.  You could say "well that's
 what anonymization means", but that's not true - it is NOT the case that a
 caller-id anonymized call does not get the right voicemail or ACD service.
 Because "anonymized" calls are about originator information, not
 destination information.  After all, the destination *knows* who you're
 calling... it's not a secret to Bob that you called Bob!

 What the draft needs to do is explain there are multiple "types" of
 Privacy: privacy to anonymize the originator, privacy to anonymize
 diverting targets from subsequent targets and the originator, and privacy
 to anonymize the final reached target from the originator.  The last two
 happen to work the same way: through the Privacy header being embedded in
 the H-I entries of responses.  The draft then needs to explain *why* the
 first case of originator information could be revealed by H-I, and why
 there needs to be support for anonymizing all the H-I's using the Privacy
 header for that first case.

-- 
Ticket URL: <http://trac.tools.ietf.org/wg/sipcore/trac/ticket/16>
sipcore <http://tools.ietf.org/sipcore/>

v2.23.0 | Report a Bug | By Email