Re: [sipcore] 4244bis and privacy

["Ian Elz" <ian.elz@ericsson.com>]

Francios,

I agree that 4244bis should not specify the actions of proxies etc where this is a matter of local policy.

My original proposed change was to allow the inclusion of the value "none" in the alongside the value "history" to be included in the Privacy header parameter escaped in the hi-targeted-to-uri. (RFC4244 section 4.1)

It appears however that the current interpretation of the Privacy header means that the value included in the Privacy header, which is applicable to the originating rather than retargeting user is applied to the retargeting user rather than the explicit value included for the retargeting user. The escaped privacy value is only used if there is no Privacy header or the Privacy header only contains the value "user".

The end result of this interpretation is that including an explicit value "none" escaped as a Privacy parameter would have no effect and would have the same meaning as not including a Privacy header parameter escaped in the hi-targeted-to-uri.

4244bis is not the place to extend the sip Privacy handling to specify how 3rd party identities in sip messages should have their own specific privacy maintained.

Allowing the inclusion of the explicitly Privacy=none value in the hi-targeted-to-uri would not change any handling at this time but would make the new H-I RFC suitable for use if an updated privacy RFC is proposed which does have specific support for 3rd party identities.

H-I is not the only place where the explicit privacy of 3rd party identities is required. The Referred-By header is one other case where a similar explicit privacy may need to be considered in the future.

regards

Ian

-----Original Message-----
From: Francois Audet [mailto:audet@nortel.com] 
Sent: 26 June 2009 16:55
To: Ian Elz; Elwell, John; Mary Barnes; R.Jesske@telekom.de; ietf.hanserik@gmail.com
Cc: sipcore@ietf.org; shida@agnada.com
Subject: RE: [sipcore] 4244bis and privacy

I do see things that we should fix right-away in History-Info, regarding privacy.

I also think that History-Info shouldn't "overstrech" and get too deep into the nitty gritty of privacy. What should be in HI is high level guidance.

In section 3.1, for example, it says that Privacy header will determine if a History-Info *header field* can be included by an intermediary. This does not make any sense. What it should say is that the Privacy header will determine if a history-info *entry* can be added for the UA inserting the Privacy header.

So, in my opinion, we can go ahead and fix that right now.

I don't think we need to get into super low-level procedural descriptions of the type "proxy MUST this and that if Privacy == this and that". I believe privacy matters are policy-level decisions that service providers and enteprises will have, and they are not going to be implemented by simplistic procedural rules from an RFC.

Comments?
 

> -----Original Message-----
> From: sipcore-bounces@ietf.org
> [mailto:sipcore-bounces@ietf.org] On Behalf Of Ian Elz
> Sent: Friday, June 26, 2009 01:08
> To: Elwell, John; Barnes, Mary (RICH2:AR00); R.Jesske@telekom.de; 
> ietf.hanserik@gmail.com
> Cc: sipcore@ietf.org; shida@agnada.com
> Subject: Re: [sipcore] 4244bis and privacy
> 
> John,
> 
> Your statement " not anonymise or remove any information that the UAC 
> has already placed in the request " is the key here.
> 
> The UAC has not included the H-I entry, particularly the one 
> containing the identity of the diverting party.
> 
> This was not considered in RFC3323 and we have an issue where we 
> cannot determine which entity included which information.
> This creates a problem where a restriction by the originating party 
> will prevent a downstream identity from permitting presentation of 
> their identity.
> 
> I agree with Mary that this probably requires an update to
> RFC3323 so we should start by updating RFC3323 and then move on to the 
> other impacted RFCs. The issue that this will raise for H-I is that 
> there will be another change required after the Privacy RFC has been 
> agreed.
> 
> This is far from ideal but the 4424bis draft contains a lot more than 
> just this issue.
> 
> Ian
> 
> -----Original Message-----
> From: Elwell, John [mailto:john.elwell@siemens-enterprise.com]
> Sent: 26 June 2009 08:30
> To: Mary Barnes; R.Jesske@telekom.de; ietf.hanserik@gmail.com
> Cc: Ian Elz; sipcore@ietf.org; shida@agnada.com
> Subject: RE: [sipcore] 4244bis and privacy
> 
>  
> 
> > -----Original Message-----
> > From: sipcore-bounces@ietf.org
> > [mailto:sipcore-bounces@ietf.org] On Behalf Of Mary Barnes
> > Sent: 25 June 2009 22:45
> > To: R.Jesske@telekom.de; ietf.hanserik@gmail.com
> > Cc: ian.elz@ericsson.com; sipcore@ietf.org; shida@agnada.com
> > Subject: Re: [sipcore] 4244bis and privacy
> > 
> > Roland,
> > 
> > The reason you can't have "none" at the request level and
> "history" at
> > the entry level is because RFC 3323 states that you MUST NOT apply 
> > privacy to the message. Even if you put "history" in the
> entries, the
> > privacy service would just ignore that - per RFC 3323.  So, if you 
> > want to change that behavior, then RFC 3323 should be
> changed - i.e.,
> > the MUST NOT for the "none" could be changed to a SHOULD
> NOT and then
> > a general statement about possible exceptions. Then, we could add 
> > something to RFC 4244 for this case. But, changing RFC
> > 3323 is totally out of scope for what we are currently working on.  
> [JRE] I would interpret privacy 'none' in RFC 3323 as meaning that a 
> downstream entity must not anonymise or remove any information that 
> the UAC has already placed in the request.
> If a downstream entity chooses:
> - not to add H-I,
> - to add anonymised H-I, or
> - to anonymise an H-I entry that some intermediate entity has added, I 
> don't see that as being in violation of what the UAC has requested.
> 
> John
> 
> 
> > 
> > That all said, I would sure think that if you are leaving a
> "trusted
> > network" that you have a B2BUA in there, as I've said in other 
> > threads. Thus, the B2BUA builds a new request and certainly
> can add a
> > privacy header that it believes is appropriate since the outgoing 
> > request is done by the UAC function of a B2BUA.
> > 
> > Mary. 
> > 
> > 
> > -----Original Message-----
> > From: R.Jesske@telekom.de [mailto:R.Jesske@telekom.de]
> > Sent: Thursday, June 25, 2009 4:32 PM
> > To: ietf.hanserik@gmail.com
> > Cc: Barnes, Mary (RICH2:AR00); ian.elz@ericsson.com;
> sipcore@ietf.org;
> > shida@agnada.com
> > Subject: AW: [sipcore] 4244bis and privacy
> > 
> > Hi Hans Erik,
> > We have also to take regulatory into consideration. In Germany the 
> > last trusted network is responsible for anonymising information.
> > 
> > But nevertheless if Network provider A wants to have History 
> > completely private this operator will set privacy history for the 
> > header.
> > If the succeeding Operator want to present elements the AS
> which adds
> > a entry has then to re label all entries from the preceding network 
> > and the entries from it's own network will be unmarked within the 
> > Header.
> > 
> > But never the less I fully agree to your last sentence.
> > 
> > The real Question is if this should really be allowed that a entry 
> > marked with "none" overrules the privacy statement
> "history" for the
> > complete header.
> > 
> > I'm against this behaviour. 
> > 
> > Best Regards
> > 
> > Roland
> > 
> > -----Ursprüngliche Nachricht-----
> > Von: Hans Erik van Elburg [mailto:ietf.hanserik@gmail.com]
> > Gesendet: Donnerstag, 25. Juni 2009 22:32
> > An: Jesske, Roland
> > Cc: mary.barnes@nortel.com; ian.elz@ericsson.com; sipcore@ietf.org; 
> > shida@agnada.com
> > Betreff: Re: [sipcore] 4244bis and privacy
> > 
> > Hi Roland,
> > 
> > I don't understand the argument, by the time that the History-Info 
> > leaves operator A that wishes complete privacy, all the
> History-Info
> > headers should be anonymised according to 4244 and 4244bis.
> > 
> > What is the point in mandating that operator A to force
> operator B to
> > also anonymise the entries "owned" by operator B.
> > 
> > It is of course without question that each operator has
> full privacy
> > control over its own added entries. And each operator can based on 
> > local policy decide to remove the entire history if it
> things that is
> > wise to do.
> > 
> > /Hans Erik
> > 
> > 
> > R.Jesske@telekom.de wrote:
> > > Hi Marry and Ian,
> > > The whole discussion puzzle me. We have specified CDIV
> > within TISPAN and 3GPP. 
> > > There is described that privacy "none" can be used for
> > entries. BUT assuming that each entry has its own privacy
> statement if
> > needed.
> > > I fully agree on Mary's comment that a privacy "history" 
> > cannot overruled by a privacy value "none" within a entry. 
> > > There may be operators that would like to keep the whole
> > History Info private even if entries has other statements, so the 
> > entity could add privacy history to the whole header.
> > Nothing more.
> > >
> > > On the other side a Application Server including a entry
> > should have the possibility to rewrite the entries so that
> instead of
> > "history" for the whole header the all received entries within the 
> > History-Info header will be marked with "history" and the
> added header
> > (which shall be presented to the terminating user) will either be 
> > marked with "none" or will not be marked.
> > >
> > > Perhaps a hint could be given, but I do not insist on it.
> > >
> > > Best Regards,
> > >
> > > Roland
> > >
> > >
> > >
> > > -----Ursprüngliche Nachricht-----
> > > Von: sipcore-bounces@ietf.org
> [mailto:sipcore-bounces@ietf.org] Im
> > > Auftrag von Mary Barnes
> > > Gesendet: Donnerstag, 25. Juni 2009 18:29
> > > An: Ian Elz
> > > Cc: sipcore@ietf.org; Shida Schubert
> > > Betreff: Re: [sipcore] 4244bis and privacy
> > >
> > > Hi Ian,
> > >
> > > Responses inline below [MB2].
> > >
> > > Mary.
> > >
> > > -----Original Message-----
> > > From: Ian Elz [mailto:ian.elz@ericsson.com]
> > > Sent: Thursday, June 25, 2009 10:13 AM
> > > To: Barnes, Mary (RICH2:AR00)
> > > Cc: Christer Holmberg; Hans Erik van Elburg; Shida Schubert; 
> > > sipcore@ietf.org; Audet, Francois (SC100:3055)
> > > Subject: RE: 4244bis and privacy
> > >
> > > Mary,
> > >
> > > I am a little concerned about one answer that you gave:
> > >
> > >
> > > If you have a Privacy header with a value of "none" and a
> H-I entry
> > > with Privacy header parameter with value "history" what is
> > the privacy
> > > of the individual H-I entry?
> > > [MB] We did not explicitly address the "none" in RFC
> 4244, but the
> > > general statement is the privacy headers at the request
> > level override
> > > any at the hi-entry level. [/MB]
> > >  
> > > This means that if privacy is required for an individual
> > H-I entry but
> > > the originating user included "Privacy:none" in the request
> > then there
> > > is no option to include the real URI in the H-I entry.
> > > [MB2] I'm confused here - the "none" definition is as you
> > note below,
> > > thus "none" prohibits the removal or anonymization of the
> entries,
> > > thus I would think you would fine this functionality desireable.
> > > However, this does not prohibit an entity based on policy
> > to anonymize
> > > (or remove entries if privacy is required for that domain if the 
> > > entity does not have access to a privacy service). [/MB2]
> > >
> > > This occurs as RFC3323 states in section 4.3: "However, if
> > the Privacy
> > > header value of 'none' is specified in a message, privacy
> services
> > > MUST NOT perform any privacy function and MUST NOT remove
> or modify
> > > the Privacy header."
> > >
> > > The only option for an intermediate node including a H-I
> > entry where
> > > "Privacy:none" is specified and privacy for the H-I URI is
> > required is
> > > to include an anonymous entry or not include the H-I entry.
> > > [MB2] If privacy is required then yes, you include
> > anonymous entries
> > > or don't include. That's the basic privacy mechanism for privacy 
> > > levels of "session" "header" and "history" in the R-URI or
> > "history" 
> > > in the specific entries, as well as when there is a policy
> > for privacy
> > > for the entries added by a specific domain. The "none" 
> > really has no
> > > influence on the later case per se. [/MB2]
> > >
> > > In your previous response you stated that we would violate
> > RFC3323 if
> > > we specified additional behaviour for privacy explicitly
> > stated with a
> > > URI -n the H-I entry. I don't believe that this is the case
> > as RFC3323
> > > only considered privacy in a two party scenario and did not
> > consider
> > > third party identities being included in a message between two 
> > > parties. H-I is not the only case where this occurs as the
> > Referred-By
> > > header when included in the INVITE (or other request)
> which results
> > > from the REFER has the same issue.
> > > [MB2] I can't necessarily disagree on this one (we can debate it 
> > > either way). But to fix it requires an update to RFC 3323 and 
> > > shouldn't be something that we want to fix in 4244bis. [/MB2]
> > >
> > > RFC4244 was the first time that there was a recognition
> > that privacy
> > > for these individual third party identities may be
> > required. To allow
> > > this explicit statement of privacy to be overridden by a generic 
> > > statement which is applicable to a different user is
> > counterintuitive.
> > > [MB2] See my comment above. But, as I have consistently
> > said, the idea
> > > that an entity might want to override the "none" is
> > entirely based on
> > > policy and 4244 and 4244bis allow privacy to be applied to
> > the entries
> > > that are added by that entity if the policy dictates so (and we 
> > > already say that). [/MB2]
> > >
> > > The original Privacy header is usually included by or on
> > behalf of the
> > > originating user and should not be allowed to specify the
> > privacy of
> > > the original called user, e.g. the 800 number, and prevent this 
> > > identity being presented if this user does not have the
> > same level of privacy.
> > > [MB2] As I tried to say in a previous response, a random
> > entity (i.e.,
> > > one for whom the R-URI is not in a domain under its
> control) cannot
> > > add a privacy header to the Request. Per RFC 3323 an
> entity may add
> > > the header to a request only if it has the appropriate 
> > > relationship/authorization with the original called user
> > who intiated
> > > the request. And, I would find it very surprising if an
> entity that
> > > did have responsibility would apply privacy since that would be 
> > > counter intuitive and I would hope that SPs would be judicious in 
> > > specifying the appropriate and inappropriate manner in which the 
> > > proxies they deploy and interface with privatize the
> messages. The
> > > protocol CANNOT control this behavior and that's why there is the 
> > > policy clause in 4244 and 4244bis. [/MB2]
> > >
> > > The real issue with the 800 scenario is as you have stated
> > is that the
> > > answerer will not know the original called identity and
> will not be
> > > able to correctly handle the call. As more generic call
> centres are
> > > used which will answer calls on behalf of many different
> > organizations
> > > using CTI and the original called identity to have to implement a 
> > > generic system asking the caller who he originally called appear 
> > > unprofessional, is inefficient and unproductive.
> > > [MB2] And, as I noted, it is rare for a call centre to
> route a call
> > > directly to an agent without a user providing some sort of
> > input. Even
> > > companies like American Airlines, even though they have the
> > info that
> > > I enter via the IVR, they still ask some basic questions
> > and there are
> > > times when they have to reroute me. I don't think we can totally 
> > > automate things.  And, again, once the call hits the
> domain that is
> > > responsible for that 800 number the entities in that domain have 
> > > control over how they muck with the R-URI, such that they
> should be
> > > able to use any IVR info to appropriately direct the call -
> > it's not
> > > the number that's meaningful, but how the system gets the
> > call to the
> > > right user and the additional information they provide as
> > the call is
> > > presented to the agent. I would honestly think that having
> > something
> > > other than an 800 number show up on the display would be far more 
> > > useful and in my experience in the systems I developed
> > we're usually
> > > talking about CTI interfaces so you have a lot you can do.  And, 
> > > actually all of this really doesn't matter in that you MUST
> > be able to
> > > handle this situation independent of the privacy since
> > History-Info is
> > > optional, you need default behavior assigned. [/MB2]
> > >
> > > We have an opportunity to allow presentation of specific
> identities
> > > and to solve this particular problem so we should take it.
> > > [MB2] The most we can do is to document the risks/impacts
> > of the use
> > > of the Privacy headers at the R-URI level. There is
> already general
> > > text in
> > > 4244 and 4244bis that the privacy may impact whether the
> > applications
> > > get the information.  And, as I noted before, most
> > commercial systems
> > > are using B2BUAs which will allow you far more control over
> > the use of
> > > the Privacy headers in the network. But, again, I don't
> > think that's
> > > something that should be address in 4244bis.  [/MB2]
> > >
> > > I hope that we can get some wider discussion on this issue
> > so a more
> > > general consensus can be obtained.
> > >
> > > Regards
> > >
> > > Ian
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: Mary Barnes [mailto:mary.barnes@nortel.com]
> > > Sent: 24 June 2009 17:27
> > > To: Ian Elz
> > > Cc: Christer Holmberg; Hans Erik van Elburg; Shida Schubert; 
> > > sipcore@ietf.org; Francois Audet
> > > Subject: RE: 4244bis and privacy
> > >
> > > Hi Ian,
> > >
> > > Responses inline below [MB].
> > >
> > > Mary. 
> > >
> > > -----Original Message-----
> > > From: Ian Elz [mailto:ian.elz@ericsson.com]
> > > Sent: Wednesday, June 24, 2009 10:37 AM
> > > To: Barnes, Mary (RICH2:AR00)
> > > Cc: Christer Holmberg; Hans Erik van Elburg; Shida Schubert; 
> > > sipcore@ietf.org; Audet, Francois (SC100:3055)
> > > Subject: RE: 4244bis and privacy
> > >
> > > Mary,
> > >
> > > I was not proposing that we change the handling of H-I
> > which is based
> > > upon local policy. If that causes an issue for a network
> > operator then
> > > they can modify their local policy accordingly or arrange
> with the
> > > proxy vendor to modify their equipment to be more flexible with 
> > > regards to policy.
> > >
> > > Can you clarify for me:
> > >
> > > If you have a Privacy header with either "session" or
> "header" doe
> > > this impact the H-I entries or will only a value of
> > "history" impact
> > > the H-I entries?
> > > [MB] Yes, both "session" and "header" level privacy,
> > consistent with
> > > RFC 3323, mandate that entries be anonymized or dropped, with the 
> > > latter being the recommendation for "session" level
> > privacy. RFC 4244
> > > mandated that they be dropped and 4244bis recommends they be 
> > > anonymized. The original intent for the value of "history"
> > was for the
> > > tagging of the individual entries, but you end up getting
> > the header
> > > level functionality as well. [/MB]
> > >
> > > If you have a Privacy header with a value of "none" and a
> H-I entry
> > > with Privacy header parameter with value "history" what is
> > the privacy
> > > of the individual H-I entry?
> > > [MB] We did not explicitly address the "none" in RFC
> 4244, but the
> > > general statement is the privacy headers at the request
> > level override
> > > any at the hi-entry level. [/MB]
> > >
> > > From reading RFC4244 a Privacy header with value "history" will 
> > > effectively make all H-I entries private and there is
> currently no
> > > option to  include a H-I Privacy header parameter with
> value "none".
> > > [MB] Correct, per my comment above. [/MB]
> > >
> > > H-I at present allows the inclusion of Privacy header
> parameters to
> > > explicitly express privacy for an individual H-I entry
> but a single
> > > node which includes a header "Privacy: history" makes all
> > H-I entries
> > > private even if this is not the requirements for the specific URI.
> > > [MB] Correct, but the only node that should add the header
> > is a node
> > > which is responsible for the domain associated with the
> > Request URI in
> > > the incoming request or is authorized to do so. [/MB]
> > >
> > > I will admit that having worked in a telephony environment
> > for a long
> > > time I am used to having privacy of identities set on a
> per number
> > > basis and the relative inflexibility of the IETF Privacy
> header is
> > > relatively restrictive as to specifying which identities may be 
> > > presented and which not.
> > > [MB] Yes, this is an entirely different paradigm.  I developed 
> > > telephony s/w for over a decade and this is entirely
> different - it
> > > provides a lot more flexibility, which makes things far, far less 
> > > deterministic than what you have in telephony switches where your 
> > > routing and translations are configured for the most part,
> > with just a
> > > few capabilities for controlling the privacy and it's a
> > closed network.
> > >
> > > With RFC4244/4244bis, there MUST be a mechanism at the UAS or end 
> > > application that can handle a request that doesn't have the 
> > > appropriate information either because nodes didn't support 
> > > History-Info or some random node in the network applied
> > privacy (which
> > > I think is highly
> > > unlikely) - this is normative per section 5 of RFC 4244.  So, the 
> > > worst case scenario I see for this 800 service  (which will
> > get to the
> > > right UAS but without the exact 800 number that was dialed)
> > is that it
> > > goes to a default ACD group/customer service agent, etc. who then 
> > > needs to gather the appropriate information and in my
> > experience this
> > > is often an IVR system these days.  So, the service is not
> > broken when
> > > privacy is applied in an undesireable manner, it's just not
> > optimal.  
> > > This is something that should be addressed in the
> target-uri draft
> > > which has all the details of how specific services use
> History-Info.
> > > One other thing to consider is that most networks that are
> > emulating
> > > telephony type features use B2BUAs, which follow the
> > UAS/UAC rules for
> > > the header rather than the proxy rules, noting that the
> UAC can set
> > > the Privacy header to whatever value it sees as appropriate
> > for the request.
> > > [/MB]
> > >
> > >
> > > Regards
> > >
> > > Ian
> > >
> > > -----Original Message-----
> > > From: Mary Barnes [mailto:mary.barnes@nortel.com]
> > > Sent: 24 June 2009 15:48
> > > To: Ian Elz
> > > Cc: Christer Holmberg; Hans Erik van Elburg; Shida Schubert; 
> > > sipcore@ietf.org; Francois Audet
> > > Subject: RE: 4244bis and privacy
> > >
> > > Hi Ian,
> > >
> > > I do not believe we should do the "override" behavior as I
> > think that
> > > violates RFC 3323, as the "history" is really a subset of
> the cases
> > > whereby a UAC or proxy would add "session" or "header" to
> > the request.
> > > And, the latter two cases have the same (undesireable)
> > result.   I agree
> > > this impacts your services, but we can't mandate that
> > proxies provide
> > > information that might violate their local policies and indeed a 
> > > proxy's local policies can result in the information being
> > anonymized
> > > (or removed if they can't anonymize) even in the "none" case.
> > >
> > > I do believe it's reasonable that we strongly recommend that the 
> > > request level (versus specific hi-entries) not be used
> and if it is
> > > used, the consequence is that some services will not have the 
> > > information they need - this was the gist of my previous
> > response (to
> > > which I did not get any additional feedback). Now, we could
> > add some text that the "none"
> > > case SHOULD be used (e.g., added by first hop proxy) if it
> > is desired
> > > that the information not be subject to privacy
> > restrictions. I do not
> > > think it is then particularly useful to add logic around
> the proxy
> > > then being able to tag the entries within their domain as
> > subject to privacy.
> > > I think that conflicts with the intent of the request
> level "none".
> > > However, as I mention above, per the current text, a proxy
> > can (based
> > > on local policy) remove entries - so a proxy can capture
> hi within
> > > their domain and not forward any of that information to the
> > next hop
> > > in another domain - you already have that functionality.  
> > But, I think
> > > this introduces the general problem that you might be
> > impacting other
> > > services further down the line, which I thought was the
> problem you
> > > were wanting to solve - not specifically your example
> > service but, for
> > > example, in the case that someone is debugging and they want the 
> > > entire history, so depending upon the service, this is also 
> > > undesirable behavior.
> > >
> > >
> > > Regards,
> > > Mary. 
> > >
> > > -----Original Message-----
> > > From: Ian Elz [mailto:ian.elz@ericsson.com]
> > > Sent: Wednesday, June 24, 2009 2:57 AM
> > > To: Barnes, Mary (RICH2:AR00)
> > > Cc: Christer Holmberg; Hans Erik van Elburg; Shida Schubert; 
> > > sipcore@ietf.org; Audet, Francois (SC100:3055)
> > > Subject: RE: 4244bis and privacy
> > >
> > >
> > >  Mary,
> > >
> > > [I have added the list to this thread for wider comment.]
> > >
> > > In the previous discussions I commented that in RFC4424
> > that a Privacy
> > > header with value "history" effectively makes all H-I
> > entries private
> > > with the result that the H-I entries may be removed.
> > >
> > > There has now been a comprehensive discussion on
> indication of the
> > > initial 'target' to the final recipient for call handling
> purposes.
> > >
> > > The main use case related to a freephone example where the
> > answering
> > > location may be a call centre where the original freephone
> > number may
> > > be required for correct call handling.
> > >
> > > If you now consider the following example (modified from
> Francois' 
> > > text in the latest draft - excuse any errors that I may
> > have inserted)
> > >
> > > INVITE sip:sip:+18001234567@example.com;user=phone;p=x
> > > Privacy: history
> > > History-Info:
> > > 
> > <sip:+18001234567@example.com;user=phone;p=x>;index=1;rt;aor  
> >        (1)
> > > History-Info: <sip:bob@biloxi.example.com>;index=1.1;mp;aor
> > > (2)
> > > History-Info: <sip:bob@192.0.2.3>;index=1.1.1;rc
> > > (3)
> > >
> > > In this case due to the Privacy header all of the H-I entries are 
> > > considered private and the +18001234567 will not be
> > delivered to the
> > > final destination with the result that call handling may
> > not be correct.
> > > The Privacy header may have been inserted by any of the
> nodes which
> > > routed the message and inserted a H-I entry.
> > >
> > > If however the H-I was allowed to include a header parameter of 
> > > "?Privacy=none" in the H-I entry and that an explicit H-I entry 
> > > privacy value would be considered to have precedence over
> a Privacy
> > > header with a value of "history" then the mapping of the
> > +18001234567
> > > could be explicitly specified as not private and may be passed on.
> > >
> > > Thus when the mapping from sip:+18001234567@example.com to 
> > > sip:bob@biloxi.example.com when H-I entry (2) above is
> > included could
> > > also insert the Privacy header parameter in H-I entry (1).
> > >
> > > Thus the message would appear as follows:
> > >
> > > INVITE sip:sip:+18001234567@example.com; user=phone;p=x
> > > Privacy: history
> > > History-Info:
> > > 
> > 
> <sip:+18001234567@example.com?Privacy=none;user=phone;p=x>;index=1;rt;
> > > ao
> > > r
> > > History-Info: <sip:bob@biloxi.example.com>;index=1.1;mp;aor
> > > History-Info: <sip:bob@192.0.2.3>;index=1.1.1;rc
> > >
> > > This would result in all the H-I entries except (1) being
> > considered
> > > private with the result that the =1800... Number is
> passed for call
> > > handling purposes.
> > >
> > > This change is backward compatible with the existing
> > implementation as
> > > any node using the existing functionality as defined in
> > RFC4244 will
> > > continue to be supported.
> > >
> > > The alternative is to remove the ability to include the
> > value "history"
> > > in the Privacy header and only allow this value in the
> > Privacy header
> > > parameter. This alternative is not backward compatible.
> > >
> > > Without this change a single node in the message path which
> > includes a
> > > header "Privacy: history" will prevent delivery of the
> aor and thus
> > > prevent proper call handling.
> > >
> > > Ian Elz
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: Christer Holmberg
> > > Sent: 23 June 2009 19:40
> > > To: 'Mary Barnes'; Francois Audet; Hans Erik van Elburg; Shida 
> > > Schubert
> > > Cc: Ian Elz
> > > Subject: RE: 4244bis and privacy
> > >
> > >  
> > > Hi,
> > >
> > > I include Ian, so he can comment to your resposne himself.
> > >
> > > Regards,
> > >
> > > Christer
> > >
> > >
> > > -----Original Message-----
> > > From: Mary Barnes [mailto:mary.barnes@nortel.com]
> > > Sent: Tuesday, June 23, 2009 9:40 PM
> > > To: Christer Holmberg; Francois Audet; Hans Erik van
> Elburg; Shida
> > > Schubert
> > > Subject: RE: 4244bis and privacy
> > >
> > > Here was the thread of response and the last comment was
> > from Ian that
> > > he would consider the response:
> > > http://www.ietf.org/mail-archive/web/sip/current/msg26948.html
> > >
> > > And, there was not agreement on the "none" but rather to
> > qualify the
> > > SHOULD NOT forward.  However, in the sipcore-4244bis-00,
> > rather than
> > > changing the text such that the headers SHOULD be removed, we 
> > > recommend that they be anonymized (in section 4.3.3.3.1).
>  That is
> > > entirely consistent with RFC 3324 and thus we have removed the 
> > > recommendations to remove the headers entirely. However,
> > that changed
> > > never got done in section 3.2, so we would need to change this:
> > >    "Thus, the History- Info header
> > >    SHOULD NOT be included in Requests where the requestor
> > has indicated
> > >    a priv-value of Session- or Header-level privacy."
> > >
> > > But, I'm really beginning to be of the mindset that we
> should just
> > > remove all the subsections of section 3 (i.e., leave the
> > text in the
> > > upper level section), so we don't have to keep worrying about 
> > > consistency.
> > >
> > > So, lets either fixt the text in 3.2 or remove altogether
> > and then I
> > > think we are really at the point of needing to submit this
> > version so
> > > folks that actually have an interest in it can review the updated 
> > > document.
> > >
> > > Mary. 
> > >
> > > -----Original Message-----
> > > From: Christer Holmberg [mailto:christer.holmberg@ericsson.com]
> > > Sent: Tuesday, June 23, 2009 1:10 PM
> > > To: Barnes, Mary (RICH2:AR00); Audet, Francois
> > (SC100:3055); Hans Erik
> > > van Elburg; Shida Schubert
> > > Subject: 4244bis and privacy
> > >
> > >
> > > Hi,
> > >
> > > Below is a comment/proposal which one of my collegues (Ian
> > Elz) gave
> > > on the list a while ago, when the first version of 4244bis was 
> > > submitted, but was not incorporated. Do you think it would
> > be useful?
> > >
> > > -------
> > >
> > > While the HI approach to target may solve the problem of
> > being able to
> > > deliver the target URI to the final destination there is no
> > guarantee
> > > that it will actually be delivered.
> > >
> > > The problem arises with how Privacy is defined for HI.
> > >
> > > 4424 defines a new Privacy value "history" which may be placed in 
> > > either the Privacy header or as a header parameter to the
> HI entry.
> > >
> > > If one node uses the former option "Privacy: history" then
> > this will
> > > make all headers private and will result in all HI entries being 
> > > removed or made anonymous when the message containing the HI is 
> > > delivered to the user.
> > >
> > > There is a simple solution to this and that is to also
> > allow the use
> > > of the "none" Privacy value as a header parameter in the
> HI entry. 
> > > This would explicitly state that no privacy is required to the HI 
> > > entry and this would override a "history" value in the
> > Privacy header.
> > >
> > > I pointed this out to Mary when the 4424bis draft was first
> > published
> > > but the change has not been made in the latest draft.
> > >
> > > The change is backward compatible and would not cause an
> issue with
> > > any existing implementations.
> > >
> > > ------
> > >
> > > Regards,
> > >
> > > Christer
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > sipcore mailing list
> > > sipcore@ietf.org
> > > https://www.ietf.org/mailman/listinfo/sipcore
> > > _______________________________________________
> > > sipcore mailing list
> > > sipcore@ietf.org
> > > https://www.ietf.org/mailman/listinfo/sipcore
> > >   
> > _______________________________________________
> > sipcore mailing list
> > sipcore@ietf.org
> > https://www.ietf.org/mailman/listinfo/sipcore
> > 
> _______________________________________________
> sipcore mailing list
> sipcore@ietf.org
> https://www.ietf.org/mailman/listinfo/sipcore
>