[asterisk-bugs] [JIRA] (ASTERISK-27284) Status of RFC 3323 and PJSIP

Asterisk Team (JIRA) noreply at issues.asterisk.org
Thu Sep 21 08:48:08 CDT 2017 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-27284?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=238805#comment-238805 ] 

Asterisk Team commented on ASTERISK-27284:
------------------------------------------

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].

> Status of RFC 3323 and PJSIP
> ----------------------------
>
>                 Key: ASTERISK-27284
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27284
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip_caller_id
>    Affects Versions: 13.14.1
>            Reporter: dtryba
>            Severity: Trivial
>
> My upstream provider complained that Anonymous calls to our endusers got de-anonymized during transit in our platform. These incoming calls have the headers:
> From: "Anonymous" <sip:anonymous at anonymous.invalid>
> and
> Privacy: id;user;critical
> P-Asserted-Identity: "Example" <sip:0123456789 at example.org;user=phone>
> After passing through Asterisk 13.14.x, the Privacy header is removed, PAI is unaffected and From is changed to:
> From: "Example" <sip:0123456789 at example.org;user=phone>
> All involved pjsip endpoints have send_pai, trust_id_inbound and trust_id_outbound set to yes.
> This violates RFC 3233:
> Privacy-hdr  =  "Privacy" HCOLON priv-value *(";" priv-value)
>    priv-value   =   "header" / "session" / "user" / "none" / "critical" / token
> Where:
> critical: The user asserts that the privacy services requested for
> this message are critical, and that therefore, if these privacy
> services cannot be provided by the network, this request should be
> rejected.  Criticality cannot be managed appropriately for
> responses.
> But is RFC still applicable to SIP?



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list