Overall this draft is excellent and exactly what I think it should be for this. Some comments below, major and nits:

Major:


Section 1: There are some additional problems worth noting:
* privacy service has to be a b2bua and thus interferes with security mechanisms that break in the face of b2bua, such as sip identity (which provides message integrity and works well here too to provide the remote side an assurance of authenticated identity, just one that is not provided), which in turn breaks dtls-srtp

* because of the need to signal from the UA to the privacy service exactly the desired functionality, the set of functionalities possible, in terms of what is anonyzmized and what is not, is bounded and required detailed specification.


The user agent setting the "temp-gruu" as a GRUU SHOULD set
   "Anonymous" as a display name in any header where the display name of
   the originator is set.  That indicates the anonymity of the request
   to intermediaries that may invoke some services based on the
   anonymity of the call.

Hmm, I'd prefer something explicit. There are problems with using human-readable and locale-specific text like display name to signal to automata.


Note: A relayed IP address may be used for a Via header, but some
         commented that is not an appropriate to be used for signaling.
         There was a comment about the IP address in Via being stripped
         by the proxy, but that would require that a proxy compliant to
         this specification is in the signaling path.

I think it was me you said you didn't need this. You make a good point here however.

Note: The mechanism of the flag is FFS.

From text above I thought it was presence of the Anonymous in display name, which is bad. I personally like the Privacy: id value since its effectively what everyone is using and also backwards compatible.

I also think we need something to make sure the terminating UA doesn't try to render the From or P-A-ID if someone should insert.

 Proxy Behavior

The draft should talk about RFC 3325 in particular.

Nits:


privacy service.  This document proposes a new privacy mechanism that
   a user agent can facilitate to conceal privacy-sensitive information
   without the need for aid from a privacy service.

This is somehwat misleading; there is a privacy service in the form of turn servers and proxies.

The protection of network
   privacy (e.g., topology hiding) is outside the scope of this
   document.

You need to clarify what this means.

A user agent wanting to obtain functional anonymous URI SHOULD
   support and SHOULD utilize the Global Routable User Agent URI (GRUU)
mechanism.

Isn't this going to need to be a MUST?

response for a "temp-gruu" URI parameter, which provides the desired
   privacy property.
provides URI with the desired property

It is assumed that a user agent is either manually or automatically
   configured through means such as a configuration framework with one
   or more STUN relay servers.

terminology has changed again; these are now called TURN servers once more.



Thanks,
Jonathan R.

--
Jonathan D. Rosenberg, Ph.D.                   600 Lanidex Plaza
Cisco Fellow                                   Parsippany, NJ 07054-2711
Cisco Systems
[EMAIL PROTECTED]                              FAX:   (973) 952-5050
http://www.jdrosen.net                         PHONE: (973) 952-5000
http://www.cisco.com


_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip

Reply via email to