I previously commented on the last sentence of the following text in
5.1.1 (Contact header field) of draft-ietf-sip-ua-privacy-05:
" When using this header field in a dialog-forming request or response
or in a mid-dialog request or response, the user agent MUST anonymize
the Contact header field using an anonymous URI ("temp-gruu")
obtained through the GRUU mechanism, unless an equivalent functional
anonymous URI is provided by some other means. For out-of-dialog
request, anonymous URI MAY be set when anonymization is required."
The reason for my comment was that I wasn't certain where the last
sentence would apply.
Of course, a REGISTER request or 200 response is "out of dialog", but
clearly an anonymized Contact URI is inappropriate.
In addition I have identified the following requests:
- OPTIONS - Contact MAY be included.
- PUBLISH - Contact, if present, doesn't have any meaning in the context
of event publication.
- MESSAGE - Contact not allowed.
Furthermore, non-dialog-forming responses to things like INVITE and
SUBSCRIBE do not require Contact, with the exception of 3xx where the
URI clearly cannot be anonymized.
So how to cover this concisely? I would propose replacing the last
sentence above with the following:
"For other requests and responses, with the exception of 3xx responses,
REGISTER requests and REGISTER 200 responses, the UA MUST either omit
the Contact header field or use an anonymous URI."
Would this be acceptable? Have I captured all exceptions?
John
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implement...@cs.columbia.edu for questions on current sip
Use sipp...@ietf.org for new developments on the application of sip
