[asterisk-bugs] [JIRA] (ASTERISK-27284) Status of RFC 3323 and PJSIP
dtryba (JIRA)
noreply at issues.asterisk.org
Thu Sep 21 08:48:08 CDT 2017
dtryba created ASTERISK-27284:
---------------------------------
Summary: Status of RFC 3323 and PJSIP
Key: ASTERISK-27284
URL: https://issues.asterisk.org/jira/browse/ASTERISK-27284
Project: Asterisk
Issue Type: Bug
Security Level: None
Components: Resources/res_pjsip_caller_id
Affects Versions: 13.14.1
Reporter: dtryba
Severity: Trivial
My upstream provider complained that Anonymous calls to our endusers got de-anonymized during transit in our platform. These incoming calls have the headers:
From: "Anonymous" <sip:anonymous at anonymous.invalid>
and
Privacy: id;user;critical
P-Asserted-Identity: "Example" <sip:0123456789 at example.org;user=phone>
After passing through Asterisk 13.14.x, the Privacy header is removed, PAI is unaffected and From is changed to:
From: "Example" <sip:0123456789 at example.org;user=phone>
All involved pjsip endpoints have send_pai, trust_id_inbound and trust_id_outbound set to yes.
This violates RFC 3233:
Privacy-hdr = "Privacy" HCOLON priv-value *(";" priv-value)
priv-value = "header" / "session" / "user" / "none" / "critical" / token
Where:
critical: The user asserts that the privacy services requested for
this message are critical, and that therefore, if these privacy
services cannot be provided by the network, this request should be
rejected. Criticality cannot be managed appropriately for
responses.
But is RFC still applicable to SIP?
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list