[Sip] Comments on draft-ietf-sip-ua-privacy-02

["Elwell, John" <john.elwell at siemens.com>]

1. I think there should be something pointing out the limitations of
GRUU for obtaining an anonymous contact URI. A temporary GRUU will still
reveal the issuing domain, i.e., the domain with which the user
registers. For the From URI we specify sip:anonymous at anonymous.invalid
(except where SIP Identity is used), but I don't see the point in this
if Contact reveals the domain.

2. In section 5.3, I think there should be a statement about sending the
SIP request to the relay server.

3. "A user agent generating an anonymous SIP message supporting this
   specification SHOULD conceal host names in any SIP headers, such as
   Call-ID and Warning headers, but it is not always regarded as
   essential privacy-sensitive information."
I don't understand what is mean by "not always regarded as essential
privacy-sensitive information". Either a host name in such a header
field is privacy-sensitive or it is not, so the word "essential" seems
redundant.

4. In the Security Considerations section, should there be mention of
the fact that a STUN relay server can introduce addition security
considerations if the signalling and/or media are not appropriately
secured, e.g., using TLS or SRTP?

5. I have a large number of editorial points, which I will submit
directly to the author.

John
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip