Re: [dispatch] Charter Proposal: Verification Involving PSTN Reachability (VIPR)

[Marc Petit-Huguenin <petithug@acm.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/01/2010 09:55 AM, Cullen Jennings wrote:
> 
> I've been talking to a lot of people about the VIPR drafts  - here is a first cut of a proposal for a WG that could do this. I'm sure the charter proposal needs a bunch of work but I wanted to get the discussion rolling on the list. 
> 
> Thanks, Cullen 
> 
> (PS - this is sent in my individual contributor role. Take all my posts about VIPR to be in my individual role not my co-chair role)
> 
> -------------------------------------------------------
> 
> ViPR Charter Proposal (Version 0)
> 
> WG Name:  Verification Involving PSTN Reachability (VIPR)
> 
> There are two globally deployed address spaces for communications that more than a billion people use on a daily basis. They are phone numbers and DNS rooted address such as web servers and email addresses. The federation design of SIP is primarily designed for email style addresses yet a large percentage of SIP deployments primarily use phone numbers for identifying users. The goal of this working group is to allows people to use SIP to federate over the the internet while still using phone numbers to identify the person they wish to communicate with. 
> 
> The VIPR WG will address this problem by developing a peer to peer based approach to finding SIP domains that claim to be responsible for a given phone number and the WG will design validation protocols to ensure a reasonable likelihood that a given domain actually is responsible for the phone number. One initial validation protocol will be based on a domain being able to prove it received a particular phone call over the PSTN based on both sides knowing the start and stop times of that call. Other validation schemes, such as examining fingerprints or watermarking of PSTN media, to show that a domain received a particular PSTN phone call may be considered by the working group. To help mitigate SPAM over SIP issues, the WG will define an token based authorization scheme so that domain using SIP to federate can choose to check that incoming SIP calls are from a domain that successfully validated a phone number. 
> 
> The problem statement and some possible starting points for solutions are further desired in the following internet drafts which shall form the bases of the WG documents:
> draft-rosenberg-dispatch-vipr-overview
> draft-rosenberg-dispatch-vipr-reload-usage
> draft-rosenberg-dispatch-vipr-pvp
> draft-rosenberg-dispatch-vipr-sip-antispam

VAP is not listed here.  Is it an oversight or is it because the WG will work
only on interoperability between ViPR servers?

> 
> The working group will carefully coordinate with the security area, O&M area, as well as the appropriate RAI WG including sipcore and p2psip. 

I think something should said about the fact that ViPR requires SIP over (D)TLS
and SRTP, as it is, IMO, an important characteristic of ViPR.

Also there is perhaps a need to define a minimal subset of SIP extensions and
media capabilities for ViPR.

Thanks.

- -- 
Marc Petit-Huguenin
Personal email: marc@petit-huguenin.org
Professional email: petithug@acm.org
Blog: http://blog.marc.petit-huguenin.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkwGo2cACgkQ9RoMZyVa61dVxQCfXy3+nrcwUg3oEhvr4+m93ZoK
hvcAmwUEVsRUJIcbisrNQt0tg2mAEwkC
=GSeb
-----END PGP SIGNATURE-----