Re: [Sip-implementors] SBC sending 403 Forbidden when UE includes Anonymous in From header's user part

Tue, 19 Sep 2017 06:17:06 -0700 

On 9/19/17 6:39 AM, Abinash Sarangi wrote:

Hi Experts,

We are facing an issue wherein INVITE sent by UE is being rejected by SBC with 
403 Forbidden


This is a *policy* issue rather than a *protocol* issue.
The response indicates that the callee (or the SBC acting on behalf of the callee) has a *policy* leading it to reject the call.
In this case it seems likely that it doesn't want to accept calls where the caller is unknown. In environments that use PAI, the expectation is that calls will have a known verified caller identity. There may still be provision (Via Privacy and an anonymous From) to hide that identity from the callee, but the infrastructure insists on knowing.
If you want to place calls in this environment then you have to abide by the rules of identification put in place by the network. Again, this isn't a protocol issue. 

        Thanks,
        Paul


INVITE snap
----------------
INVITE sip:0655430...@xyz.net;transport=TLS SIP/2.0
Via: SIP/2.0/TLS a.b.c.d:37789;branch=z9hG4bK-n5o538-e-125n6m9;rport
Max-Forwards: 70
To: <sip:0655430...@abc.net>
From: Anonymous <sip:anonymous@anonymous.invalid>;tag=n5o538-xwco1g
Call-ID: n5o538-1hjm5to-9@90-237-255-147
CSeq: 14 INVITE
Contact: <sip:+46656430800@a.b.c.d:37789;transport=TLS>
Content-Type: application/sdp
Content-Length: 429
User-Agent: ABC 1.6.3 a

User itself is sending anonymous value in FROM header with no Privacy header 
and without P-Preferred-Identity


In IMS network, CLI information is extracted from PAI and if no PAI is present 
same information can be retrieved from “From” header.


From RFC 3261 point of view,


The From header field allows for a display name.  A UAC SHOULD use
    the display name "Anonymous", along with a syntactically correct, but
    otherwise meaningless URI (like sip:thisis@anonymous.invalid), if the
    identity of the client is to remain hidden.

Question : should the UE also send Privacy header with appropriate values ?

Is the SBC behavior appropriate in rejecting the INVITE ?


Network deployment:

UE--> SBC--> IMS core --> MTAS



Thanks
AS
_______________________________________________
Sip-implementors mailing list
Sip-implementors@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/sip-implementors



_______________________________________________
Sip-implementors mailing list
Sip-implementors@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/sip-implementors

Reply via email to