John;
My comments inline..
Elwell, John wrote:
Mayumi,
"If the "temp-gruu" URI parameter and value exist within the REGISTER
response, the user agent SHOULD use the value of the "temp-gruu" as
an anonymous URI representing the originator. This URI SHOULD be
used for Contact and From, for example, wherever the originator of
the URI is required."
I have not heard of using a temp GRUU in the From header field before.
Normally the From header field contains the AoR, not the contact URI,
and where anonymity is required if contains a value such as
sip:[EMAIL PROTECTED] or a domain part of "anonymous.invalid". Of
course, a temp GRUU does provide anonymity (given that you are prepared
to disclose the domain), so I suppose it might work. There may be one or
two side effects:
1. A UAS that simply displays the From URI would display the temp GRUU
rather than something like "sip:[EMAIL PROTECTED]".
I agree, this is a mistake on our side and the From URI should not
utilize the temp-gruu, and instead
should utilize anonymous URI such as "sip:[EMAIL PROTECTED]". One
could try to use the
"anonymous.invalid" domain but this will interfere with the SIP Identity
which heavily relies
on domain of the From header field. We will fix the text here to ensure
temp-gruu is not
used for From URI.
2. If the outbound proxy provides an Authentication Service, it would
need to recognise that this is a temporary GRUU and sign the Identity
header field even though the From URI does not match the identity in the
Proxy-Authorization header field.
If From header is populated using anonymous URI
([EMAIL PROTECTED]),with domain portion equal to
the domain for which the outbound proxy is responsible, this won't be
problematic. The identity
service would use the information in the proxy-authorization to identity
the user and will simply
judge whether that user has a right to send out request while
withholding its identity.
If temp-gruu is used as it is currently written, outbound proxy would
need to look up the
location-service and see if the AoR associated with the credential is
indeed associated with
the temp-gruu in the request. The text will be changed to populate the
From header field with
anonymous URI as mentioned above, so this really is not a concern anymore.
As a side note, if there is a concern about revealing its domain name
to the peer, one would probably
need to utilize a dedicated anonymous service(anonymity provider) which
provides URI to be used in
From while withholding its original domain name etc.
Regards
Shida
I would like to hear opinions on this.
John
_______________________________________________
Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
_______________________________________________
Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
