IETF Logo Mail Archive

Re: [dispatch] FW: New Version Notification for draft-kinamdar-dispatch-sip-auto-peer-00.txt

"Kaustubh Inamdar (kinamdar)" <kinamdar@cisco.com> Thu, 19 September 2019 01:14 UTC

Return-Path: <kinamdar@cisco.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8779A1200EC for <dispatch@ietfa.amsl.com>; Wed, 18 Sep 2019 18:14:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.499
X-Spam-Level:
X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=DxrU3T05; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=eMgLHNZ0
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BeN8cFR-ATbN for <dispatch@ietfa.amsl.com>; Wed, 18 Sep 2019 18:14:07 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CD5F1200B2 for <dispatch@ietf.org>; Wed, 18 Sep 2019 18:14:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=27341; q=dns/txt; s=iport; t=1568855647; x=1570065247; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=FqHyjwXXaeGipzez3gnbjKefZioTNYBFHUVbR/4Dd+U=; b=DxrU3T05PG1sfNfNcsYtkt1mCG1SJFDX1ryEDxG+Day4g6xw4abbO9va dkE+f7gapQWtNKgB0O6LHyD08SXfADEFeuX68B7Qo8ZbVz8peV19e2fDI cNsjoK7m/m+zuGcgNo0BbW0bvI2SIOsVKkFCH8fmw72V/g6S7K5KL6cKe c=;
IronPort-PHdr: 9a23:ocnkBhyO0fi7aS7XCy+N+z0EezQntrPoPwUc9psgjfdUf7+++4j5YhWN/u1j2VnOW4iTq+lJjebbqejBYSQB+t7A1RJKa5lQT1kAgMQSkRYnBZuGCEvyKfLjdQQxHd9JUxlu+HToeUU=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AvAADP1YJd/4cNJK1lGgEBAQEBAgEBAQEHAgEBAQGBVgIBAQEBCwGBFS8kBScDbVYgBAsqhCKDRwOKeoI3JZdzglIDVAkBAQEMAQEYAQwIAgEBg3pFAheCbCM3Bg4CAwkBAQQBAQECAQUEbYUtDIVKAQEBBAEBEBEdAQEpAwQFAgEPAgEIDgMDAQIZDwMCAgIlCxQJCAIEDgUigwABgR1NAx0BAgykCAKBOIhhc4Eygn0BAQWBNwIOQYMEGIIXCYE0AYt5DxiBQD+BEScME4JMPoJhAQECAQGBRzYNCQgRgjwygiaPV4UoJJZzbgqCIocFhROIbRuCNnKGWY8gliKQewIEAgQFAg4BAQWBPykigVhwFRohKgGCQQlHEBSBTjhvAQiCQoUUhT9zAYEojR2CMAEB
X-IronPort-AV: E=Sophos;i="5.64,522,1559520000"; d="scan'208,217";a="341050579"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 19 Sep 2019 01:14:06 +0000
Received: from XCH-ALN-018.cisco.com (xch-aln-018.cisco.com [173.36.7.28]) by alln-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id x8J1E6Fu026492 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 19 Sep 2019 01:14:06 GMT
Received: from xhs-aln-001.cisco.com (173.37.135.118) by XCH-ALN-018.cisco.com (173.36.7.28) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 18 Sep 2019 20:14:05 -0500
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 18 Sep 2019 20:14:05 -0500
Received: from NAM05-CO1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 18 Sep 2019 21:14:05 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eyf1YuQhvE6X1uqMqjOwmxyseGrSck0evUolHP04UXqaFG2pUnZd2r/lzqFxWhMeTZjz1ULmzGepya+L1Tn1MOnoQgKl80f5jz0l/PVLWR3+pZmksHGf3b7o3tAsG8eLaBNjcpQm7EmV6aIJCFp6G9bwW2nn20IUW0zMCLRR4VbwEF/eEGkQZacSFhtpjTCk2WuDRj55EgfKUou82TlosqtvSF2Nv+JflsKe5PWaeAI/zHUv5KO3gOfF4CViY3rRekTT6c4ixP+FR1tYMAXtTEQeb2samCCQbw0QX1TfFC80HuNYC0f69/7XpHoBFCqs/V5Wqx2itKDcVl7oetarsQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FqHyjwXXaeGipzez3gnbjKefZioTNYBFHUVbR/4Dd+U=; b=cPAJu9qH2UzCIHSKVv/gFvZMS4/hQNqIpHPR4O2XRWMw9j1KqZuEfnEHDta6DKv73fM1+ScGvF3DrNw6BpnKOaJJWWR4kjO6Sb83ZCsU3nLQ5VRHj2B6bS/2VJU2WYY2d7sIoBDsAhiNViyCOM9jLO3q1UClZzExWgnq6XMAvwwXcLZtK00eE81D+7IGVD7y8PT1Ns1CmgYIcEZFl6Yw0mJe5hFZAaJQIXxGXU6OyeWC0jOSFzLLlmo1pKT7ltKR1XKquLxWorjVZHrwp59dsN1XmzdsFBT76Pgvit+YuVoQJ00cdgn1Mf/waUo5jpxOfPtAeQq7vdXI6W5Dl8ISpA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FqHyjwXXaeGipzez3gnbjKefZioTNYBFHUVbR/4Dd+U=; b=eMgLHNZ0e0kXL8r7weMCZqiZ+McvveSDBl6TxFLrbXF2XumX1UbMsiV7ViA+exVVkwwkoWioU8j4EOgnM7DgoQ/VJMjVIDpsJ3welCOrTD96DmwcggYs1HGYG8trhhGXJMsOAw+H4TOG6eXccTEtVAvOBIhtzIz0FHY1MOzY9ac=
Received: from SN6PR11MB2928.namprd11.prod.outlook.com (52.135.124.19) by SN6PR11MB2749.namprd11.prod.outlook.com (52.135.92.28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.15; Thu, 19 Sep 2019 01:14:03 +0000
Received: from SN6PR11MB2928.namprd11.prod.outlook.com ([fe80::6819:73eb:c1d6:4e9f]) by SN6PR11MB2928.namprd11.prod.outlook.com ([fe80::6819:73eb:c1d6:4e9f%7]) with mapi id 15.20.2263.023; Thu, 19 Sep 2019 01:14:03 +0000
From: "Kaustubh Inamdar (kinamdar)" <kinamdar@cisco.com>
To: Richard Barnes <rlb@ipv.sx>
CC: "dispatch@ietf.org" <dispatch@ietf.org>
Thread-Topic: [dispatch] FW: New Version Notification for draft-kinamdar-dispatch-sip-auto-peer-00.txt
Thread-Index: AQHVaRyi0fBHq8Wtl0KFwomJG16+yqcveTyAgACQN4CAAo+RgA==
Date: Thu, 19 Sep 2019 01:14:03 +0000
Message-ID: <CD6C0B7E-EAA5-4118-8A27-EAF6AECE0089@cisco.com>
References: <156825995534.13361.10232150689686123584.idtracker@ietfa.amsl.com> <DB05AE1C-7CD4-4BC6-BABB-2E8070CA29FB@cisco.com> <CAL02cgR94hQOD-iiAdHe+Xr9+LZWcTDJv7RoxsjmNDZnwgbO-w@mail.gmail.com>
In-Reply-To: <CAL02cgR94hQOD-iiAdHe+Xr9+LZWcTDJv7RoxsjmNDZnwgbO-w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1d.0.190908
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kinamdar@cisco.com;
x-originating-ip: [2001:420:5443:1256:d81b:73c4:beb1:cfdb]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 8198e48a-e007-4bc3-7fa3-08d73c9ea92a
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600167)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:SN6PR11MB2749;
x-ms-traffictypediagnostic: SN6PR11MB2749:
x-ms-exchange-purlcount: 7
x-microsoft-antispam-prvs: <SN6PR11MB274913D733409B935972E1A7D7890@SN6PR11MB2749.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 016572D96D
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(39860400002)(136003)(366004)(376002)(396003)(53754006)(199004)(189003)(186003)(4326008)(7736002)(6306002)(54896002)(66476007)(64756008)(606006)(14444005)(66574012)(71200400001)(66556008)(6506007)(66946007)(256004)(71190400001)(14454004)(7110500001)(25786009)(229853002)(476003)(66446008)(102836004)(76176011)(11346002)(33656002)(53546011)(58126008)(486006)(99286004)(36756003)(478600001)(9326002)(5660300002)(966005)(76116006)(6486002)(2906002)(91956017)(46003)(6916009)(6116002)(316002)(2616005)(86362001)(6436002)(15650500001)(8936002)(446003)(6246003)(236005)(81156014)(8676002)(81166006)(6512007)(2420400007); DIR:OUT; SFP:1101; SCL:1; SRVR:SN6PR11MB2749; H:SN6PR11MB2928.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: U0O8VHIDL3H0y4FnMgLBxrp+BD5u6zoPGNcpj8+48mLqH237d1V7wj5uom9Q4P2vqceclRNe+wAQ4n+9yB4hfm04GxMh8c6rlpwExgEe6lESuDZna1nn1j8dZGOLRO5TFfnK+AEWzqkCGpwJEjX8V8lDckExvuzAzGlkYueM0omZYcBII/BtDx6tX+PWnTmPe2RMpqPF+GdGFXp8Q0WC6pIcagf6siJpvHKjwm2Za4eKr7STjzqdzlMN5R7RmeZ1mag1qVkRN9maw+OxDznfaGpAf8qXpI5nRsgekctEZg/SwRRYNId2Io7RRnqCqxmJW615sz1FPQVKvlk59UQzxmWfXQiVxNVMje3hXzbifGfR4K784v8JfrMVK66RgsMuRNyIeoMsCwvSGsdUofgZf66aFpBTWq4Ed7nnMgg3krc=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_CD6C0B7EEAA541188A27EAF6AECE0089ciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 8198e48a-e007-4bc3-7fa3-08d73c9ea92a
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Sep 2019 01:14:03.5869 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: s1JNydGk2SK0sIeUUsFBnuK1gKm2oAoVV48OzB03SLSD9krmtM+SET+mCRa/hOH5AbGIct3Xfscc/+IG9kRE9w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB2749
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.28, xch-aln-018.cisco.com
X-Outbound-Node: alln-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/XWQpOR5gLhw-SCfai-Bt_cO5cDU>
Subject: Re: [dispatch] FW: New Version Notification for draft-kinamdar-dispatch-sip-auto-peer-00.txt
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Sep 2019 01:14:12 -0000

Hi Richard,

Thanks for going over the draft, please find my responses inline:


From: Richard Barnes <rlb@ipv.sx>
Date: Tuesday, 17 September 2019 at 9:08 PM
To: Kaustubh Inamdar <kinamdar@cisco.com>
Cc: "dispatch@ietf.org" <dispatch@ietf.org>
Subject: Re: [dispatch] FW: New Version Notification for draft-kinamdar-dispatch-sip-auto-peer-00.txt

I gave this draft a quick skim, and it seems sensible.  I'm not an expert in the configuration / setup of SIP trunks, but I do love automating manual processes (cf. ACME), and this draft seems like a plausible approach to automating things about SIP trunk configuration that are currently manual.

Couple of things that jumped out to me on a quick skim, in no particular order:

1. It would be good to have a tighter requirement for HTTPS in here.  For example, on the one hand, you have "it is required to secure HTTP using Transport Layer Security", but on the other hand, "MUST support the use of the https uri scheme" (not MUST use).  There is no reason to support unencrypted HTTP.  You can probably borrow some language from RFC 8555 https://tools.ietf.org/html/rfc8555#section-6

Kaustubh: Noted, will go over that section and make the appropriate changes.

2. "Capability set documents MUST be formatted in XML or JSON" -- Why do you need both?


Kaustubh:  JSON and XML were included to provide flexibility. If however, the larger group favours the use of a single format, we are okay to make the appropriate changes.

3. OAuth2 seems like overkill for this application.  OAuth2 is designed for a 3-party flow where authorization is being delegated; there are only two entities here.  It would be much simpler to just use some point-to-point authentication technique, such as TLS client certificates or even HTTP/SIP Digest authentication.


Kaustubh: Digest authentication is certainly the easiest client authentication technique. There is/has been little evidence of SIP service providers using client certificates for authentication. The main reason OAuth was chosen was to allow client authentication to be in line with what modern cloud based platforms use.


4. The WebFinger utilization here also seems like overkill.  Once you take out the OAuth2, you're just discovering a single URL -- at which point you might as well configure that directly!  In general, this document needs to specify (1) what configuration the client is presumed to start out with, and (2) how that information is used to auto-configure the trunk.  Cf. in ACME, "Each function is listed in a directory along with its corresponding URL, so clients only need to be configured with the directory URL."  It seems like all you really need here is a capability server URL and a certificate / password.


Kaustubh: Each enterprise network or site within an enterprise is assumed to start off with one of two possible scenarios -



1. The enterprise is provided with the URL of the capability server hosted in the service provider network - this information could be provided by the service provider along with other relevant trunking information such as the username and password combination to use be used while constructing SIP digest responses for 401/407 responses.



2. The enterprise is required to discover the URL of the capability server hosted in the service provider domain. In terms of discovery, the options considered were U-NAPTR and WebFinger. Given the significant deployment trail of WebFinger, it seems to be the best option. Not sure, if there is discovery mechanism embedded in RFC 8555.



In essence, the draft also requires the enterprise to have two fundamental information units to set this framework into motion:



 1. The URL of the capability server

 2. A mechanism for the ITSP to authenticate the enterprise (if at all).


5. The relation types defined using "https://sipserviceprovider/" need to be changed to something else.  While that's syntactically a URL, it isn't actually.  If you need a URI that isn't dereferenceable, please provide some URNs here.


Kaustubh: Will look into this one…

--RLB







On Mon, Sep 16, 2019 at 9:31 PM Kaustubh Inamdar (kinamdar) <kinamdar@cisco.com<mailto:kinamdar@cisco.com>> wrote:
Hi All,
The following draft has been posted to dispatch. The draft aims to simplify peering between enterprise and service provider SIP networks. Discussions/comments are welcome.

-Kaustubh






    A new version of I-D, draft-kinamdar-dispatch-sip-auto-peer-00.txt
    has been successfully submitted by Cullen Jennings and posted to the
    IETF repository.

    Name:               draft-kinamdar-dispatch-sip-auto-peer
    Revision:   00
    Title:              Automatic Peering for SIP Trunks
    Document date:      2019-09-10
    Group:              Individual Submission
    Pages:              35
    URL:            https://www.ietf.org/internet-drafts/draft-kinamdar-dispatch-sip-auto-peer-00.txt
    Status:         https://datatracker.ietf.org/doc/draft-kinamdar-dispatch-sip-auto-peer/
    Htmlized:       https://tools.ietf.org/html/draft-kinamdar-dispatch-sip-auto-peer-00
    Htmlized:       https://datatracker.ietf.org/doc/html/draft-kinamdar-dispatch-sip-auto-peer



    Abstract:
       This draft specifies a configuration workflow to enable enterprise
       Session Initiation Protocol (SIP) networks to solicit the capability
       set of a SIP service provider network.  The capability set can
       subsequently be used to configure features and services on the
       enterprise edge element, such as a Session Border Controller (SBC),
       to ensure smooth peering between enterprise and service provider
       networks.




    Please note that it may take a couple of minutes from the time of submission
    until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>.

    The IETF Secretariat



_______________________________________________
dispatch mailing list
dispatch@ietf.org<mailto:dispatch@ietf.org>
https://www.ietf.org/mailman/listinfo/dispatch

v2.23.0 | Report a Bug | By Email