Overall this draft is excellent and exactly what I think it should be
for this. Some comments below, major and nits:
Major:
Section 1: There are some additional problems worth noting:
* privacy service has to be a b2bua and thus interferes with security
mechanisms that break in the face of b2bua, such as sip identity (which
provides message integrity and works well here too to provide the remote
side an assurance of authenticated identity, just one that is not
provided), which in turn breaks dtls-srtp
* because of the need to signal from the UA to the privacy service
exactly the desired functionality, the set of functionalities possible,
in terms of what is anonyzmized and what is not, is bounded and required
detailed specification.
The user agent setting the "temp-gruu" as a GRUU SHOULD set
"Anonymous" as a display name in any header where the display name of
the originator is set. That indicates the anonymity of the request
to intermediaries that may invoke some services based on the
anonymity of the call.
Hmm, I'd prefer something explicit. There are problems with using
human-readable and locale-specific text like display name to signal to
automata.
Note: A relayed IP address may be used for a Via header, but some
commented that is not an appropriate to be used for signaling.
There was a comment about the IP address in Via being stripped
by the proxy, but that would require that a proxy compliant to
this specification is in the signaling path.
I think it was me you said you didn't need this. You make a good point
here however.
Note: The mechanism of the flag is FFS.
From text above I thought it was presence of the Anonymous in display
name, which is bad. I personally like the Privacy: id value since its
effectively what everyone is using and also backwards compatible.
I also think we need something to make sure the terminating UA doesn't
try to render the From or P-A-ID if someone should insert.
Proxy Behavior
The draft should talk about RFC 3325 in particular.
Nits:
privacy service. This document proposes a new privacy mechanism that
a user agent can facilitate to conceal privacy-sensitive information
without the need for aid from a privacy service.
This is somehwat misleading; there is a privacy service in the form of
turn servers and proxies.
The protection of network
privacy (e.g., topology hiding) is outside the scope of this
document.
You need to clarify what this means.
A user agent wanting to obtain functional anonymous URI SHOULD
support and SHOULD utilize the Global Routable User Agent URI (GRUU)
mechanism.
Isn't this going to need to be a MUST?
response for a "temp-gruu" URI parameter, which provides the desired
privacy property.
provides URI with the desired property
It is assumed that a user agent is either manually or automatically
configured through means such as a configuration framework with one
or more STUN relay servers.
terminology has changed again; these are now called TURN servers once more.
Thanks,
Jonathan R.
--
Jonathan D. Rosenberg, Ph.D. 600 Lanidex Plaza
Cisco Fellow Parsippany, NJ 07054-2711
Cisco Systems
[EMAIL PROTECTED] FAX: (973) 952-5050
http://www.jdrosen.net PHONE: (973) 952-5000
http://www.cisco.com
_______________________________________________
Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip