Lotus Sametime Unified Telephony provides SIP privacy capabilities according to IETF RFC 3323, A Privacy Mechanism for SIP
The following features are supported:
Guidelines for the creation of messages that do not divulge personal identity information
A privacy service logical role for intermediaries to handle some privacy requirements that user agents cannot satisfy themselves
Means by which a user can request particular functions from a privacy service
Digest authentication is used to permit a user to hide identity and related personal information when issuing requests. Correspondingly, intermediaries and designated recipients of requests can reject requests whose originator cannot be identified.
In SIP, identity is most commonly carried in the form of a SIP URI and an optional display-name. A SIP AOR (Address of Record) has a form similar to an E-mail address with a SIP URI scheme (for example, sip:firstname.lastname@example.org). A display-name is a string that contains a name for the identified user (for example, "Alice"). SIP identities of this form commonly appear in the To and From header fields of SIP requests and responses. Users can have many identities that they use in different contexts.
There are numerous other places in SIP messages in which identity-related information can be revealed. For example, the Contact header field contains a SIP URI, one that is commonly as revealing as the address-of-record in the From. In some headers, the originating user agent can conceal identity information as a matter of local policy without affecting the operation of the SIP. However, certain headers are used in the routing of subsequent messages in a dialog, and must therefore be populated with functional data.
The privacy problem is further complicated by proxy servers (also known as intermediaries or, generically, the network) that add headers of their own, such as the Record-Route and Via headers. Information in these headers might inadvertently reveal something about the originator of a message — for example, a Via header might reveal the service provider through whom the user sends requests, which might in turn strongly hint at the user's identity to some recipients. For these reasons, the participation of intermediaries is also crucial to providing privacy in SIP.
SDP (Session Description Protocol) Backward Compatibility for Best Effort SRTP (Secure Real-Time Transport Protocol)Parent topic: Security topics
Lotus Sametime Unified Telephony supports securing of RTP (Real Time Transport Protocol) calls via SRTP (Secure Real-Time Transport Protocol) using MIKEY (Multimedia Internet Keying) Option 0. The mechanism defined, follows a standards based approach and allows for backward compatibility. There are defined provisions for a SIP end point to reject the SRTP offer if it does not support this mechanism. But certain 3rd party end points fail in the SDP (Session Description Protocol) negotiation and as a result the call setup fails. This feature provides a solution to identify such cases and support a mechanism that will allow for the call setup to succeed between an end point that originates an SRTP offer and an end point that does not comply with the provisions for rejecting such an offer.