A Privacy Mechanism for the Session Initiation Protocol (SIP)
RFC 3323
Document | Type | RFC - Proposed Standard (December 2002; Errata) | |
---|---|---|---|
Author | Jon Peterson | ||
Last updated | 2017-11-16 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 3323 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Allison Mankin | ||
Send notices to | <rohan@cisco.com> |
Network Working Group J. Peterson Request for Comments: 3323 Neustar Category: Standards Track November 2002 A Privacy Mechanism for the Session Initiation Protocol (SIP) Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2002). All Rights Reserved. Abstract This document defines new mechanisms for the Session Initiation Protocol (SIP) in support of privacy. Specifically, guidelines are provided for the creation of messages that do not divulge personal identity information. A new "privacy service" logical role for intermediaries is defined to answer some privacy requirements that user agents cannot satisfy themselves. Finally, means are presented by which a user can request particular functions from a privacy service. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 3. Varieties of Privacy . . . . . . . . . . . . . . . . . . . 4 3.1 When is Privacy Necessary? . . . . . . . . . . . . . . . . 5 3.2 User-Provided Privacy . . . . . . . . . . . . . . . . . . 6 3.3 Network-Provided Privacy . . . . . . . . . . . . . . . . . 7 4. User Agent Behavior . . . . . . . . . . . . . . . . . . . 7 4.1 Constructing Private Messages . . . . . . . . . . . . . . 8 4.1.1 URIs, Display-Names and Privacy . . . . . . . . . . . . . 8 4.1.1.1 Display-Names . . . . . . . . . . . . . . . . . . . . . . 9 4.1.1.2 URI Usernames . . . . . . . . . . . . . . . . . . . . . . 9 4.1.1.3 URI Hostnames and IP Addresses . . . . . . . . . . . . . . 9 4.2 Expressing Privacy Preferences . . . . . . . . . . . . . . 11 4.3 Routing Requests to Privacy Services . . . . . . . . . . . 12 4.4 Routing Responses to Privacy Services . . . . . . . . . . 13 5. Privacy Service Behavior . . . . . . . . . . . . . . . . . 14 Peterson Standards Track [Page 1] RFC 3323 Privacy Mechanism for SIP November 2002 5.1 Header Privacy . . . . . . . . . . . . . . . . . . . . . . 16 5.2 Session Privacy . . . . . . . . . . . . . . . . . . . . . 17 5.3 Applying User-Level Privacy Functions. . . . . . . . . . . 18 6. Security Considerations . . . . . . . . . . . . . . . . . 19 7. IANA Considerations . . . . . . . . . . . . . . . . . . . 19 Normative References . . . . . . . . . . . . . . . . . . . 20 Informative References . . . . . . . . . . . . . . . . . . 20 Author's Address . . . . . . . . . . . . . . . . . . . . . 21 Acknowledgments . . . . . . . . . . . . . . . . . . . . . 21 Full Copyright Statement . . . . . . . . . . . . . . . . . 22 1. Introduction This document provides privacy requirements and mechanisms for the Session Initiation Protocol (SIP). Privacy is defined in this document as the withholding of the identity of a person (and related personal information) from one or more parties in an exchange of communications, specifically a SIP dialog. These parties potentially include the intended destination(s) of messages and/or any intermediaries handling these messages. As identity is defined in this document, withholding the identity of a user will, among other things, render the other parties in the dialog unable to send new SIP requests to the user outside of the context of the current dialog. In SIP, identity is most commonly carried in the form of a SIP URI and an optional display-name. A SIP address-of-record has a form similar to an email address with a SIP URI scheme (for example, sip:alice@atlanta.com). A display-name is a string containing a name for the identified user (for example, "Alice"). SIP identities of this form commonly appear in the To and From header fields of SIP requests and responses. A user may have many identities that they use in different contexts. There are numerous other places in SIP messages in which identity- related information can be revealed. For example, the Contact header field contains a SIP URI, one that is commonly as revealing as the address-of-record in the From. In some headers, the originating user agent can conceal identity information as a matter of local policy without affecting the operation of the SIP protocol. However, certain headers are used in the routing of subsequent messages in aShow full document text