Hi. Colleagues.
I am wondering about a trusted-UAC-behavior in relation to privacy.
7.2 Trusted UAC Behavior in privacy-04
step 1---- if the request is part of an existing dialog, and the request is sent
directly to the UAS,
then the UAC MAY omit the calling subscriber Remote-Party-ID header
:
step 2 ---- If the UAC desires privacy for the Remote-Party-ID header fields it added,
it MUST include an rpi-privacy parameter with each relevant Remote-Party-ID.
step 3 ---- If the UAC indicates "name" or "full" privacy (in either Remote-Party-ID
or
RPID-Privacy), the UAC MUST NOT reveal....
step 4 ---- If the UAC desires "uri" or "full" privacy, the UAC MUST NOT reveal the
subscriber's identity in any other header field than Remote-Party-ID.
If UAC omits the Calling subscriber Remote-Party-ID and don't include Remote-Party-ID
according to step1 and step2 above, because the if-clause in step 3 and step4 is
false(there isn't Remote-Party-ID and PRID-Privacy), step 3 and step 4 isn't applied
to the request.
However, it is not what we want. even though the request is sent directly to the UAS
and there isn't Remote-Party-ID and PRID-Privacy, if we want to provide privacy, step
3 and step 4 MUST be applied.
so the solution that I think is to remove step 1 in draft or to always encrypts From ,
To, etc such as 3GPP.
how do you think about that?
Regards
j.m.jung
_______________________________________________
Sip-implementors mailing list
[EMAIL PROTECTED]
http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
