[asterisk-dev] [Code Review]: P-Asserted-Identity Privacy - fixed behaviour

Mark Michelson reviewboard at asterisk.org
Wed Mar 7 13:14:37 CST 2012



> On March 7, 2012, 1:14 p.m., Mark Michelson wrote:
> > This change introduces new functionality and so it needs to be done against Asterisk trunk instead of 1.8.
> > 
> > One of the claims made both on the bug report and on this patch is slightly wrong:
> > "According to RFC 3325 when using privacy, FROM header should be set to anonymous at anonymous.invalid and PAI header should be set to caller num and name..."
> > This is not exactly correct. RFC 3325 makes no mention of what should go in the From header when a Privacy header is present. The Privacy header simply indicates a request for a P-Asserted-Identity to be removed by a proxy if a request should be transmitted to an untrusted domain. RFC 3261 mentions that the "Anonymous" name should be used when the identity of a client is to remain hidden. These are not the same thing. The examples in RFC 3325 use the "Anonymous" From header because once the P-Asserted-Identity is removed, then the From header still indicates that the user's identity is hidden. Now, having said that, in most cases when Privacy is requested, it is a good idea to set the "Anonymous" From header, but it is not strictly mandated by RFC 3325.

Sorry for the double post. Review board decided to vomit at a crucial moment...


- Mark


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/1803/#review5756
-----------------------------------------------------------


On March 7, 2012, 10:15 a.m., jamicque wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/1803/
> -----------------------------------------------------------
> 
> (Updated March 7, 2012, 10:15 a.m.)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Summary
> -------
> 
> It seams that in Asterisk privacy with PAI is not implemented correctly.
> 
> According to RFC 3325 when using privacy, FROM header should be set to anonymous at anonymous.invalid and PAI header should be set to caller num and name. The privacy is implemented by adding privacy: id header.
> Now when we use pai and callpres=prohib in P-Asserted-Identity header we have something which is not correct to any rfc.
> P-Asserted-Identity: "Anonymous" <sip:anonymous at anonymous.invalid>
> 
> What my patch does:
> 1) it adds Privacy header when PAI is used (values "none" or "id" depending on callpres)
> 2)
> 3) "sendrpid" configuration option have been expanded:
> now it can have those values:
> 
>     no - nothing changed
>     yes - rpid header is added, when call PRES=prohi, FROM header is not changed
>     rpid - the same as yes
>     pai - pai header is added, when call PRES=prohi, FROM header is not changed
> 
> NEW VALUES:
> 
>     rpid,trusted (NEW) - the same as yes
>     rpid,untrusted (NEW) - rpid header is added, when call PRES=prohi, FROM header is changed to anonymous at anonymous.invalid and rpid header is srtiped.
>     pai,trusted (NEW) - the same as pai
>     pai,untrusted (NEW) - pai header is added, when call PRES=prohi, FROM header is chenged to anonymous at anonymous.invalid and pai header is srtiped. - as in RFC 3325
> 
> When we are using PAI or RPID ,fromname is defined and CLIR, we do not set anonymous at anonymous.invalid - coz this from in this situation is usually used for authentication.
> 
> 
> This addresses bug ASTERISK-19465.
>     https://issues.asterisk.org/jira/browse/ASTERISK-19465
> 
> 
> Diffs
> -----
> 
>   /branches/1.8/channels/chan_sip.c 358481 
>   /branches/1.8/channels/sip/include/sip.h 358481 
>   /branches/1.8/configs/sip.conf.sample 358481 
> 
> Diff: https://reviewboard.asterisk.org/r/1803/diff
> 
> 
> Testing
> -------
> 
> I've done some basing test with outgoing calls and everything seems to wroks fine.
> 
> 
> Thanks,
> 
> jamicque
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20120307/bc000612/attachment-0001.htm>


More information about the asterisk-dev mailing list