John, Thank you for the comments on ua-privacy draft.
See inline. > 1. I think there should be something pointing out the limitations of > GRUU for obtaining an anonymous contact URI. Will add the text to mention it. > A temporary GRUU will still > reveal the issuing domain, i.e., the domain with which the user > registers. For the From URI we specify sip:[EMAIL PROTECTED] > (except where SIP Identity is used), but I don't see the point in this > if Contact reveals the domain. That's true. There is no point to conceal the user's domain name in the From header if the same domain name appears in the Contact header. However, there is an option to use a third-party GRUU server to get a temp-gruu that doesn't reveal the use's domain name. Anyway, the user's domain name is not considered as critical privacy-sensitive information in this draft. So it should be concealed only if that doesn't ruin more important functions such as routing and authentication. Will fix the text to explain the above clearly. > > 2. In section 5.3, I think there should be a statement about sending the > SIP request to the relay server. Will add such a statement. > > 3. "A user agent generating an anonymous SIP message supporting this > specification SHOULD conceal host names in any SIP headers, such as > Call-ID and Warning headers, but it is not always regarded as > essential privacy-sensitive information." > I don't understand what is mean by "not always regarded as essential > privacy-sensitive information". Either a host name in such a header > field is privacy-sensitive or it is not, so the word "essential" seems > redundant. I mean that UA should conceal the user's host name if that doesn't cause a problem. Will fix the text. > > 4. In the Security Considerations section, should there be mention of > the fact that a STUN relay server can introduce addition security > considerations if the signalling and/or media are not appropriately > secured, e.g., using TLS or SRTP? Agree. Will fix the Security Considerations section. > > 5. I have a large number of editorial points, which I will submit > directly to the author. I got the editorial comments. Thank you very much! Will incorporate them to the next version. Mayumi > > John > _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
