That's what I suggested. It makes logical sense.
Thanks,
-----Original Message-----
From: Vivek Talwar [mailto:[email protected]]
Sent: Friday, August 26, 2011 2:46 AM
To: Worley, Dale R (Dale); Uttam Sarkar (usarkar); prakash k;
[email protected]
Subject: RE: [Sip-implementors] In case of Two Privacy Header or
PrivacyHeaderhaving two values
Hi,
These are guidelines while constructing Privacy header with
priv-value.
When a Privacy header is constructed, it MUST consist of either
the
value 'none', or one or more of the values 'user', 'header' and
'session' (each of which MUST appear at most once) which MAY in turn
be followed by the 'critical' indicator.
So while constructing privacy header whether at UAC/Server , the
multiple must not be entered if one of priv-value is "none".
On the other side , Server will send 500 Internal error only in case
"critical" priv-value is in privacy header and Server providing privacy
services is not able hide user information as per priv-value received.
Thanks and Regards,
Vivek Talwar
________________________________________
From: Worley, Dale R (Dale) [[email protected]]
Sent: Friday, August 26, 2011 12:42 AM
To: Vivek Talwar; Uttam Sarkar (usarkar); prakash k;
[email protected]
Subject: RE: [Sip-implementors] In case of Two Privacy Header or
Privacy Headerhaving two values
> From: Vivek Talwar [[email protected]]
>
> So SIP message can have multiple priv-values in privacy header but the
> combination of "none" with any other priv-value is invalid. So "none"
> and "id" is not valid. Although , if present "none" should take
> preference over "id"
If the Privacy header is invalid per RFC 3323, if the element were to
"guess" how to interpret the Privacy header, there is a high
probability that it would fail to provide the privacy functions
desired by the user. So the element should reject the request.
Looking at RFC 3323 section 5, it appears that the preferred error
response for problems with Privacy is 500:
If the 'critical' privacy level is present in the Privacy header of
a request, then if the privacy service is incapable of performing
all of the levels of privacy specified in the Privacy header then
it MUST fail the request with a 500 (Server Error) response code.
The reason phrase of the status line of the response SHOULD contain
appropriate text indicating that there has been a privacy failure
as well as an enumeration of the priv-value(s) which were not
supported by the privacy service (the reason phrase SHOULD also
respect any Accept- Language header in the request if possible).
Dale
Please refer to http://www.frogdesign.com/disclaimer for important
disclosures regarding this electronic communication.
_______________________________________________
Sip-implementors mailing list
[email protected]
https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
