.:: Francesco la Torre ::. wrote:
> According some general privacy considerations, from an authentication
> service's point of view, an anonymous may be a known user in his domain
> that he has authenticated, but he's keeping its identity private.
> Nothing strange.
Fine. But what value does that bring to the recipient, compared to no
authenticated identity at all?
Paul
> Francesco la Torre
>
> IIT-National Council Research
> Security Session
> Pisa, Italy
>
> Il giorno mar, 19/02/2008 alle 10.37 -0500, Paul Kyzivat ha scritto:
>> Why would you want sip-identity for an anonymous From address?
>>
>> IMO it is perfectly fine to provide an address with no identity.
>>
>> Paul
>>
>> Mayumi Munakata wrote:
>>> All;
>>>
>>> I have just submitted a new version of ua-privacy draft.
>>> http://www.ietf.org/internet-drafts/draft-ietf-sip-ua-privacy-01.txt
>>>
>>> Thanks to John Elwell for his comprehensive review,
>>> we managed to make a lot of editorial corrections
>>> and some technical.
>>>
>>> One profound open issue we have is on how to get an
>>> anonymous URI for a From header. While we can use a
>>> temp-gruu for a Contact header, there is no mechanism
>>> to obtain a functional anonymous URI for the From
>>> header or any other headers that houses URIs.
>>>
>>> RFC3323 recommends to use "[EMAIL PROTECTED]"
>>> for an anonymous URI in a From header. However, this
>>> impedes the use of SIP-Identity, as SIP-Identity
>>> mandates the domain portion of the "From" URI and
>>> that of "Identity-Info" to match.
>>>
>>> One of the expired draft written by Jonathan, attempted
>>> to use the GRUU to get this functional yet anonymous URI
>>> to address this issue.
>>> http://ietfreport.isoc.org/idref/draft-rosenberg-sip-identity-privacy/
>>>
>>> I can see few ways forward.
>>>
>>> 1. Suggest the use of [EMAIL PROTECTED]'s domain name}, which
>>> verifier then can verify the signature's validity as
>>> domain portion of the URI and that of Identity-Info matches.
>>> >> If SIP-Identity is used, the domain is given away anyhow
>>> in the Identity-Info, so what is the point of hiding the
>>> domain in the From header?
>>>
>>> 2. Make a note that SIP-Identity will not function when
>>> [EMAIL PROTECTED] is used.
>>> >> Describe the caveat that verifier is likely to fail the
>>> request or suggest that Authentication Service does not
>>> add Identity-Info/signature.
>>>
>>> 3. Extend GRUU to support mechanism that Rosenberg suggested.
>>>
>>> Does anybody has any preferences or any other suggestions?
>>>
>>> Regards,
>>> Mayumi
>>>
>>> _______________________________________________
>>> Sip mailing list http://www.ietf.org/mailman/listinfo/sip
>>> This list is for NEW development of the core SIP Protocol
>>> Use [EMAIL PROTECTED] for questions on current sip
>>> Use [EMAIL PROTECTED] for new developments on the application of sip
>>>
>> _______________________________________________
>> Sip mailing list http://www.ietf.org/mailman/listinfo/sip
>> This list is for NEW development of the core SIP Protocol
>> Use [EMAIL PROTECTED] for questions on current sip
>> Use [EMAIL PROTECTED] for new developments on the application of sip
>
_______________________________________________
Sip mailing list http://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
