Re: [Rucus] comments on draft-niccolini-sipping-spam-feedback-00
Hannes Tschofenig <Hannes.Tschofenig@gmx.net> Tue, 26 February 2008 11:08 UTC
Return-Path: <rucus-bounces@ietf.org>
X-Original-To: ietfarch-rucus-archive@core3.amsl.com
Delivered-To: ietfarch-rucus-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5BA1328C24C; Tue, 26 Feb 2008 03:08:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.558
X-Spam-Level:
X-Spam-Status: No, score=-0.558 tagged_above=-999 required=5 tests=[AWL=-0.121, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XHdZPU0KQHiF; Tue, 26 Feb 2008 03:08:09 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 57F3C28C1B7; Tue, 26 Feb 2008 03:08:09 -0800 (PST)
X-Original-To: rucus@core3.amsl.com
Delivered-To: rucus@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 99F4A3A6B77 for <rucus@core3.amsl.com>; Tue, 26 Feb 2008 03:08:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZLzRBcB4WhrE for <rucus@core3.amsl.com>; Tue, 26 Feb 2008 03:08:06 -0800 (PST)
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by core3.amsl.com (Postfix) with SMTP id D9D743A6BCA for <rucus@ietf.org>; Tue, 26 Feb 2008 03:08:05 -0800 (PST)
Received: (qmail invoked by alias); 26 Feb 2008 11:07:58 -0000
Received: from proxy1-nsn.nsn-inter.net (EHLO [217.115.75.229]) [217.115.75.229] by mail.gmx.net (mp001) with SMTP; 26 Feb 2008 12:07:58 +0100
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1/jNAlVxUjj+NQ3+l24hxOPw/nGUFiw2dA+nGFbAY q4j56pIbWbf9I5
Message-ID: <47C3F313.5000605@gmx.net>
Date: Tue, 26 Feb 2008 13:08:03 +0200
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
User-Agent: Thunderbird 2.0.0.12 (Windows/20080213)
MIME-Version: 1.0
To: Saverio Niccolini <Saverio.Niccolini@nw.neclab.eu>
References: <47C382AF.7060109@cisco.com> <47C3CAC4.6030604@gmx.net> <5F6519BF2DE0404D99B7C75607FF76FF53DD85@mx1.office>
In-Reply-To: <5F6519BF2DE0404D99B7C75607FF76FF53DD85@mx1.office>
X-Y-GMX-Trusted: 0
Cc: rucus@ietf.org
Subject: Re: [Rucus] comments on draft-niccolini-sipping-spam-feedback-00
X-BeenThere: rucus@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Hannes.Tschofenig@gmx.net
List-Id: <rucus.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/rucus>, <mailto:rucus-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/rucus>
List-Post: <mailto:rucus@ietf.org>
List-Help: <mailto:rucus-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/rucus>, <mailto:rucus-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: rucus-bounces@ietf.org
Errors-To: rucus-bounces@ietf.org
Hi Saverio, being wrong twice could be a post-submission deadline syndrome... Some comments inline: Saverio Niccolini wrote: > Hannes, > > >> You are right that this mechanism does not make a lot of >> sense if you consider an architecture that uses authorization >> policies and whitelists in particular. >> > > Wrong... > In the case a spammer will get through the "white list and authorization > policies" framework then you have an additional weapon to just report abuse > which is automatic and not manual (call my friend and tell him). > Hmmm. Might be. Certainly not my personal #1 choice. > Telling it to your proxy could be a way of updating your authorization > policies (maybe even update your personal black list at the domain) > and to share info on the caller with the domain (to get to a domain-wide > reputation system, with all pros and cons) > > regarding the updating of the authorization policies: but then this would be another mechanism for updating policies in additional to the already standardized and already implemented way of doing it. >> It makes some sense when you consider these statistical >> learning techniques that require "good" and "bad" examples to learn. >> > > Again wrong... > The feedback can be also linked to "binary" decisions like: > if I send a bad feedback for a caller "deny him from calling me > for today" or "next time challenge him with a CAPTCHA" > But this would be another way of modifying policies in addition to XCAP. > >> This is obviously a -00 draft and I believe we should end up >> with this work is more something along the lines of Peter's work >> >> http://www.xmpp.org/extensions/inbox/error-abuse.html >> where there is communication between proxies rather than >> between the end host and the proxy. >> > > I agree there must be many updates to the draft (proxy to proxy > communication is one of them) and I will take into account > the valuable point of Jonathan when submitting the next version. > > Ciao Hannes > Saverio > > >> Ciao >> Hannes >> >> >> >> Jonathan Rosenberg wrote: >> >>> Thanks for writing this, its a good topic to discuss. >>> >>> One thing that wasn't clear; what is the benefit of signaling >>> something as spam to my proxy, as opposed to just putting >>> >> the sender >> >>> on a black list. We have mechanisms defined already for that, for >>> example. I suspect its around sharing of the spam >>> >> classification with >> >>> other users in the domain. Its worth discussing this. >>> >>> Seems easier if you just send the entire sip message as >>> >> content rather >> >>> than picking apart pieces of it. >>> >>> The mechanism is clearly intended to be between a UA and a proxy in >>> its own domain; however I didn't find that stated till much >>> >> deeper in >> >>> the document. This should be clear up front. >>> >>> In terms of specific protocols, I think SUB/NOT is a very >>> >> poor choice. >> >>> The proxy will require a subscription to EVERY UA, and the >>> >> events will >> >>> be infrequent. This means a lot of overhead for little >>> >> data. I think >> >>> you are much better off with an asynchronous push, either >>> >> PUBLISH or >> >>> even non-sip. Maybe a REST interface or something. >>> >>> Thanks, >>> Jonathan R. >>> >>> >>> >>> >> _______________________________________________ >> Rucus mailing list >> Rucus@ietf.org >> http://www.ietf.org/mailman/listinfo/rucus >> >> > > > ============================================================ > Dr. Saverio Niccolini > Senior Researcher > NEC Laboratories Europe, Network Research Division > Kurfuerstenanlage 36, D-69115 Heidelberg > Tel. +49 (0)6221 4342-118 > Fax: +49 (0)6221 4342-155 > e-mail: saverio.niccolini@nw.neclab.eu <-- !!! NEW ADDRESS !!! > ============================================================ > NEC Europe Limited Registered Office: NEC House, 1 Victoria > Road, London W3 6BL Registered in England 283201 > _______________________________________________ > Rucus mailing list > Rucus@ietf.org > http://www.ietf.org/mailman/listinfo/rucus > _______________________________________________ Rucus mailing list Rucus@ietf.org http://www.ietf.org/mailman/listinfo/rucus
- [Rucus] comments on draft-niccolini-sipping-spam-… Jonathan Rosenberg
- Re: [Rucus] comments on draft-niccolini-sipping-s… Hannes Tschofenig
- Re: [Rucus] comments on draft-niccolini-sipping-s… Saverio Niccolini
- Re: [Rucus] comments on draft-niccolini-sipping-s… Martin Stiemerling
- Re: [Rucus] comments on draft-niccolini-sipping-s… Martin Stiemerling
- Re: [Rucus] comments on draft-niccolini-sipping-s… Hannes Tschofenig