Mayumi, > -----Original Message----- > From: Mayumi Munakata [mailto:[EMAIL PROTECTED] > Sent: 31 July 2008 13:28 > To: Elwell, John > Cc: SIP IETF > Subject: Re: Comments on draft-ietf-sip-ua-privacy-02 > > John, > > Thank you for the comments on ua-privacy draft. > > See inline. > > > 1. I think there should be something pointing out the > limitations of > > GRUU for obtaining an anonymous contact URI. > > Will add the text to mention it. > > > A temporary GRUU will still > > reveal the issuing domain, i.e., the domain with which the user > > registers. For the From URI we specify > sip:[EMAIL PROTECTED] > > (except where SIP Identity is used), but I don't see the > point in this > > if Contact reveals the domain. > > That's true. There is no point to conceal the user's > domain name in the From header if the same domain name > appears in the Contact header. > > However, there is an option to use a third-party GRUU server > to get a temp-gruu that doesn't reveal the use's domain name. > > Anyway, the user's domain name is not considered as > critical privacy-sensitive information in this draft. > So it should be concealed only if that doesn't ruin more > important functions such as routing and authentication. [JRE] As discussed at the meeting, for a small enterprise the domain name is almost certainly critical. Somebody might guess the particular caller, or maybe just knowing the name of the enterprise is information you don't want to disclose. Even for a large enterprise, the caller might be guessed if the callee only knows one person or a small number of people from that enterprise. I would say that for an enterprise the domain name is very likely to be critical privacy-sensitive information. I agree that for a sizeable service provider it might not be critical.
John _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
