RE: third alternative (was RE: [Sip] RE: Identity after reinvite)

["Peterson, Jon" <jon.peterson at neustar.biz>]

A few notes on the "Monica property": as RFC3323 suggests, I think that some
sort of anonymization service, which could be instantiated by a B2BUA, is an
appropriate way to conceal the identity of a called or calling party. What
scares me a little is the way people suggest that retargeting, as opposed to
redirection, can inherently be expected to provide privacy. When I register
a contact, I can't always guarantee that the location service in question
will be used exclusively for retargeting rather than redirection; moreover,
the revelation of the target Request-URI to the caller is not the only way
that the caller can learn who the connected-party is: contact headers of new
requests in the backwards direction of the dialog, SDP in a 200 OK, and so
on, are information leaks that are not addressed at all by retargeting, but
would be addressed by an anonymization service.

RFC3323 is about due for an update, I think, because the major functions
that it provides can be performed without a B2BUA, thanks to new SIP
mechanisms like GRUUs and session-policy. So while I agree that an
anonymization service is the right approach to this problem, these days I
think you can probably build an anonymization service without building a
B2BUA.

Finally, I think RFC3323 plays well with redirection. In fact, one can
redirect to a URI like "sip:anonymous0013 at anonymizer.com", and the caller
can be satisfied, when they see new requests in the backwards direction,
that they are talking to the entity that the original target domain wanted
them to talk to. On the other hand, if my request is just retargeted to that
anonymous URI without my knowledge, I'll always be left to wonder, when I
see new requests in the backwards direction, if this is the person I'm
supposed to be talking to...

Jon Peterson
NeuStar, Inc.

> -----Original Message-----
> From: David R Oran [mailto:oran at cisco.com]
> Sent: Friday, November 19, 2004 6:30 AM
> To: Peterson, Jon
> Cc: 'Cullen Jennings'; 'Paul Kyzivat'; 'sip at ietf.org'
> Subject: Re: third alternative (was RE: [Sip] RE: Identity after
> reinvite)
> 
> 
[snip]
>
> Redirection is generally cleaner than retargeting, but does not satisfy 
> the "Monica property". It may be that a B2BUA is inescapable in those 
> cases anyway.
> 
> > I really think that the problem of mid-call changes in 
> connected-party 
> > is a
> > very different case, and much more specialized than what we're 
> > concerned
> > with here. We're talking here about assuring the identity 
> of the first 
> > and
> > second parties to a dialog at the time of dialog establishment. I'd 
> > like to
> > think that the ultimate solutions to the mid-call 'identity update' 
> > sort of
> > problems are more along the transfer/replaces line of thinking.
> >
> I tend to agree. It would be much cleaner if all 
> identity/connected-party changes devolved to a flavor of transfer 
> (except the Monica cases I mention above).
> 
> Dave.
> > Jon Peterson
> > NeuStar, Inc.
> >
> >> 	Paul
> >>
> 

_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip