datatracker.ietf.org
Sign in
Version 5.6.4.p1, 2014-10-20
Report a bug

A Privacy Mechanism for the Session Initiation Protocol (SIP)
RFC 3323

Document type: RFC - Proposed Standard (December 2002; No errata)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 3323 (Proposed Standard)
Responsible AD: Allison Mankin
Send notices to: <dean.willis@softarmor.com>, <rohan@cisco.com>

Network Working Group                                        J. Peterson
Request for Comments: 3323                                       Neustar
Category: Standards Track                                  November 2002

     A Privacy Mechanism for the Session Initiation Protocol (SIP)

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

Abstract

   This document defines new mechanisms for the Session Initiation
   Protocol (SIP) in support of privacy.  Specifically, guidelines are
   provided for the creation of messages that do not divulge personal
   identity information.  A new "privacy service" logical role for
   intermediaries is defined to answer some privacy requirements that
   user agents cannot satisfy themselves.  Finally, means are presented
   by which a user can request particular functions from a privacy
   service.

Table of Contents

   1.      Introduction . . . . . . . . . . . . . . . . . . . . . . .  2
   2.      Terminology  . . . . . . . . . . . . . . . . . . . . . . .  3
   3.      Varieties of Privacy . . . . . . . . . . . . . . . . . . .  4
   3.1     When is Privacy Necessary? . . . . . . . . . . . . . . . .  5
   3.2     User-Provided Privacy  . . . . . . . . . . . . . . . . . .  6
   3.3     Network-Provided Privacy . . . . . . . . . . . . . . . . .  7
   4.      User Agent Behavior  . . . . . . . . . . . . . . . . . . .  7
   4.1     Constructing Private Messages  . . . . . . . . . . . . . .  8
   4.1.1   URIs, Display-Names and Privacy  . . . . . . . . . . . . .  8
   4.1.1.1 Display-Names  . . . . . . . . . . . . . . . . . . . . . .  9
   4.1.1.2 URI Usernames  . . . . . . . . . . . . . . . . . . . . . .  9
   4.1.1.3 URI Hostnames and IP Addresses . . . . . . . . . . . . . .  9
   4.2     Expressing Privacy Preferences . . . . . . . . . . . . . . 11
   4.3     Routing Requests to Privacy Services . . . . . . . . . . . 12
   4.4     Routing Responses to Privacy Services  . . . . . . . . . . 13
   5.      Privacy Service Behavior . . . . . . . . . . . . . . . . . 14

Peterson                    Standards Track                     [Page 1]
RFC 3323               Privacy Mechanism for SIP           November 2002

   5.1     Header Privacy . . . . . . . . . . . . . . . . . . . . . . 16
   5.2     Session Privacy  . . . . . . . . . . . . . . . . . . . . . 17
   5.3     Applying User-Level Privacy Functions. . . . . . . . . . . 18
   6.      Security Considerations  . . . . . . . . . . . . . . . . . 19
   7.      IANA Considerations  . . . . . . . . . . . . . . . . . . . 19
           Normative References . . . . . . . . . . . . . . . . . . . 20
           Informative References . . . . . . . . . . . . . . . . . . 20
           Author's Address . . . . . . . . . . . . . . . . . . . . . 21
           Acknowledgments  . . . . . . . . . . . . . . . . . . . . . 21
           Full Copyright Statement . . . . . . . . . . . . . . . . . 22

1.  Introduction

   This document provides privacy requirements and mechanisms for the
   Session Initiation Protocol (SIP).

   Privacy is defined in this document as the withholding of the
   identity of a person (and related personal information) from one or
   more parties in an exchange of communications, specifically a SIP
   dialog.  These parties potentially include the intended
   destination(s) of messages and/or any intermediaries handling these
   messages.  As identity is defined in this document, withholding the
   identity of a user will, among other things, render the other parties
   in the dialog unable to send new SIP requests to the user outside of
   the context of the current dialog.

   In SIP, identity is most commonly carried in the form of a SIP URI
   and an optional display-name.  A SIP address-of-record has a form
   similar to an email address with a SIP URI scheme (for example,
   sip:alice@atlanta.com).  A display-name is a string containing a name
   for the identified user (for example, "Alice").  SIP identities of
   this form commonly appear in the To and From header fields of SIP
   requests and responses.  A user may have many identities that they
   use in different contexts.

   There are numerous other places in SIP messages in which identity-
   related information can be revealed.  For example, the Contact header
   field contains a SIP URI, one that is commonly as revealing as the
   address-of-record in the From.  In some headers, the originating user

[include full document text]