There is a similar issue with the instance-id as used by outbound and GRUU as well. In a mobile, this uses the IMEI which is not necessarily meant to be revealed.
3GPP obfuscate the IMEI on generation of the GRUU. regards Keith > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Michael Procter > Sent: Tuesday, February 17, 2009 8:51 AM > To: [email protected]; [email protected] > Subject: [Sip] Comment on sip-ua-privacy-05.txt > > Just a minor point: Is it worth adding (either in section > 4.1 or 6) that a temp-gruu might not be as anonymous as you > might hope? An observer using RFC 3680 (reg-event) with gruu > extensions would be able to correlate temp-gruus with AoRs > and contacts, should they be so authorised. > > There is some text in RFC 3680 warning of the risks of > reg-event, but that is probably of more direct interest to > registrar authors. A reminder of the risk in this document > might highlight it for UA authors, so that they can consider > the wider implications. > > Best regards, > > Michael > _______________________________________________ > Sip mailing list https://www.ietf.org/mailman/listinfo/sip > This list is for NEW development of the core SIP Protocol Use > [email protected] for questions on current sip > Use [email protected] for new developments on the application of sip > _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [email protected] for questions on current sip Use [email protected] for new developments on the application of sip
