IETF Logo Mail Archive

Re: [sipcore] privacy handling

Hadriel Kaplan <HKaplan@acmepacket.com> Wed, 01 September 2010 01:06 UTC

Return-Path: <HKaplan@acmepacket.com>
X-Original-To: sipcore@core3.amsl.com
Delivered-To: sipcore@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6AED03A68BB for <sipcore@core3.amsl.com>; Tue, 31 Aug 2010 18:06:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.442
X-Spam-Level:
X-Spam-Status: No, score=-2.442 tagged_above=-999 required=5 tests=[AWL=0.157, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6JlrdI4dgCvT for <sipcore@core3.amsl.com>; Tue, 31 Aug 2010 18:06:28 -0700 (PDT)
Received: from etmail.acmepacket.com (etmail.acmepacket.com [216.41.24.6]) by core3.amsl.com (Postfix) with ESMTP id 51CF43A68B5 for <sipcore@ietf.org>; Tue, 31 Aug 2010 18:06:28 -0700 (PDT)
Received: from mail.acmepacket.com (216.41.24.7) by etmail.acmepacket.com (216.41.24.6) with Microsoft SMTP Server (TLS) id 8.1.375.2; Tue, 31 Aug 2010 21:06:58 -0400
Received: from mail.acmepacket.com ([127.0.0.1]) by mail ([127.0.0.1]) with mapi; Tue, 31 Aug 2010 21:06:37 -0400
From: Hadriel Kaplan <HKaplan@acmepacket.com>
To: Paul Kyzivat <pkyzivat@cisco.com>
Date: Tue, 31 Aug 2010 21:06:37 -0400
Thread-Topic: [sipcore] privacy handling
Thread-Index: ActJce14EOypwdrZQMaCbwSU6LfgGQ==
Message-ID: <3A70CF37-334C-4765-9EB3-5CC9E08BD064@acmepacket.com>
References: <CD5674C3CD99574EBA7432465FC13C1B21FFC79C01@DC-US1MBEX4.global.avaya.com> <4C7D3990.5010205@cisco.com> <AANLkTimiDwgpgJbDT0c_sVov_76YAcPoz4Or21acVHkD@mail.gmail.com> <4C7D730F.3060202@cisco.com> <AANLkTimUrGA6AM=p8azr=KmxVTgAG=_CvHq3dcaH9RPk@mail.gmail.com> <4C7D83CC.5000908@cisco.com> <311D1F6C-0EC5-43CB-9107-ED88DD022963@acmepacket.com> <4C7D9E47.20802@cisco.com>
In-Reply-To: <4C7D9E47.20802@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "Worley, Dale R (Dale)" <dworley@avaya.com>, "SIPCORE (Session Initiation Protocol Core) WG" <sipcore@ietf.org>
Subject: Re: [sipcore] privacy handling
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sipcore>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Sep 2010 01:06:29 -0000

On Aug 31, 2010, at 8:28 PM, Paul Kyzivat wrote:

> Hadriel Kaplan wrote:
>> On Aug 31, 2010, at 6:35 PM, Paul Kyzivat wrote:
>> 
>>> Another point I just realized while reviewing 3323: when a privacy
>>> service acts on a privacy value, such as "Privacy:header", or
>>> "Privacy:history", it also removes that value from the Privacy header.
>>> So those actions are only performed *once*. If "Privacy:history" is
>>> included by the UAC, and is processed by the first proxy encountered,
>>> subsequently added H-I information will not be anonymized. (Unless
>>> "Privacy:history" is added *again* by a proxy after that.)
>> 
>> But isn't that the right thing, and what we really want?  I mean if you make a call to me, you may want to anonymize your H-I so I don't find out the call is coming from you/Cisco, but that is really only possible and practical for the H-I entries generated by Cisco or some privacy service under your control - once the request reaches Acme you can't expect my servers to anonymize who it's from.  And I need and should expect H-I entries generated by my local servers to reach me, regardless of whether you put a Privacy header in or not.
>> If I divert the request to Dale at Avaya, then I can add my own Privacy header and my servers/service will anonymize before sending it to Avaya.
> 
> If the caller only wants his own entry removed, why doesn't he just 
> leave it out in the first place?

Because the first Proxy adds it anyway, and because it is presumably useful within the originator's trust-domain.

> But that only works if the caller knows that the privacy service is 
> positioned in such a place. That is the sort of guarantee that 3325 
> tries to put in place. But it isn't there in 3323.

In what way does 3325 guarantee such a thing?  Afaik, just by mandating that a Proxy implementing 3325 anonymize if its next-hop isn't in the same trust-domain.  I assume there is going to be the same type of language in this 4424bis draft.


> Is the elephant in the room here an assumption that Privacy headers are 
> really directives to SBCs, and everybody assumes there is one acting on 
> their behalf in the path?

No, though I expect some SBCs will probably remove all H-I entries other than "mp" ones, and change those to not include IP addresses.

-hadriel

v2.23.0 | Report a Bug | By Email