All,
Firstly, apologies if this has all been discussed before - I couldn't find a searchable version of the archive to check.
RFC3261 describes the use of S/MIME to provide selective anonymity in Section 23.4.3. This is the case where I wish to establish a session and remain anonymous to all but the intended recipient of the session (and any proxies I authenticate with, of course).
The UAC puts 'anonymous' in the From: field and includes an encrypted message/sip MIME body containing the real From value.
The text then seems to recommend that the result is signed by the UAC:
"In order to provide end-to-end integrity, encrypted "message/sip"
MIME bodies SHOULD be signed by the sender. This creates a
"multipart/signed" MIME body that contains an encrypted body and a
signature, both of type "application/pkcs7-mime".
[BTW, this last bit seems to be in error since the signature part should be "application/pkcs7-signature", unless I have missed something.]
But now it appears to be possible to identify the sender based on the SignerIdentifier in the signerInfo of the CMS SignedData message or the subjectAltName of the certificate, which according to 23.2 MUST be included.
Have I missed something here ?
Wouldn't it be better for the UAC to sign the message/sip MIME body first, and then encrypt ? I understand that an S/MIME compliant receiver should accept this, but should this be described in the SIP context ?
Even if it were hard to identify a user based just on the SignerIdentifier, it would at least be possible to recognise multiple requests from the same user as indeed being from the same user, which is also a privacy breach.
Regards...Mark