Re: [Rucus] RUCUS Charter Text v1
Hannes Tschofenig <Hannes.Tschofenig@gmx.net> Sun, 10 August 2008 20:16 UTC
Return-Path: <rucus-bounces@ietf.org>
X-Original-To: rucus-archive@ietf.org
Delivered-To: ietfarch-rucus-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9EFA53A6E01; Sun, 10 Aug 2008 13:16:48 -0700 (PDT)
X-Original-To: rucus@core3.amsl.com
Delivered-To: rucus@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A24D63A6DFC for <rucus@core3.amsl.com>; Sun, 10 Aug 2008 13:16:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.139
X-Spam-Level:
X-Spam-Status: No, score=-0.139 tagged_above=-999 required=5 tests=[AWL=1.860, BAYES_00=-2.599, J_CHICKENPOX_62=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JxRmCIHqVkth for <rucus@core3.amsl.com>; Sun, 10 Aug 2008 13:16:46 -0700 (PDT)
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by core3.amsl.com (Postfix) with SMTP id 2A43B3A6E01 for <rucus@ietf.org>; Sun, 10 Aug 2008 13:16:43 -0700 (PDT)
Received: (qmail invoked by alias); 10 Aug 2008 20:10:04 -0000
Received: from a91-154-105-144.elisa-laajakaista.fi (EHLO [192.168.255.3]) [91.154.105.144] by mail.gmx.net (mp059) with SMTP; 10 Aug 2008 22:10:05 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1/270oiYI/2J/8i9Y1Je5nn2PfUB4ELuc5RAJxSGQ PRfIOMkpaBhNIa
Message-ID: <489F4B1E.1010102@gmx.net>
Date: Sun, 10 Aug 2008 23:10:06 +0300
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
User-Agent: Thunderbird 2.0.0.16 (Windows/20080708)
MIME-Version: 1.0
To: Thomas Froment <Thomas.Froment@alcatel-lucent.fr>
References: <C41BFCED3C088E40A8510B57B165C162469CD8@FIESEXC007.nsn-intra.net> <4899C9A0.3000509@alcatel-lucent.fr>
In-Reply-To: <4899C9A0.3000509@alcatel-lucent.fr>
X-Y-GMX-Trusted: 0
X-FuHaFi: 0.5600000000000001
Cc: rucus@ietf.org
Subject: Re: [Rucus] RUCUS Charter Text v1
X-BeenThere: rucus@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Reducing Unwanted Communication Using SIP \(RUCUS\)" <rucus.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/rucus>, <mailto:rucus-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/rucus>
List-Post: <mailto:rucus@ietf.org>
List-Help: <mailto:rucus-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rucus>, <mailto:rucus-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: rucus-bounces@ietf.org
Errors-To: rucus-bounces@ietf.org
Hi Thomas, thanks for your feedback. Thomas Froment wrote: > Thanks for putting this together, I fully support this charter, > > some minor comments inlines... > >> The Session Initiation Protocol (SIP) is an application-layer control >> (signaling) protocol for creating, modifying, and terminating sessions >> with one or more participants. These sessions include Internet >> telephone calls, multimedia distribution, and multimedia >> conferences. Like other communication protocols, SIP is susceptible to >> unwanted communication attempts. RFC 5039 analyzes the problem of >> spam in SIP and examines various possible solutions that have been >> discussed for email and considers their applicability to SIP. >> >> RFC 5039 gives good, high-level recommendations regarding future work, >> namely to provide >> >> * Strong Identity >> * White Lists >> >> > Should say probably: > namely to: > * Provide strong Identity > * Provide White Lists > * Solve the Introduction Problem > * Don't Wait Until It's Too Late > > Done >> Among the many individual mechanisms that are discussed in RFC >> 5039 (including content filtering, black lists, white lists, >> consent-based communication, reputation systems, address obfuscation, >> limited use addresses, turing tests, computational puzzles, payments >> at risk, circles of trust, and many others) there is no clear guidance >> on whether one of the mechanisms listed - or something else entirely - >> is subject of additional standards work. >> >> Furthermore, since the publication of RFC 5039, many documents have >> been submitted to IETF which define frameworks, propose protocol >> headers, or document additional guidelines on techniques in RFC >> 5039. These documents include: >> >> * draft-wing-sipping-spam-score >> * draft-jennings-sip-hashcash >> * draft-tschofenig-sipping-spit-policy >> > should'nt we mention draft-froment-sipping-spit-requirements since it > comes with spit-policy? These are just examples -- not the complete list. >> * draft-tschofenig-sipping-captcha >> * draft-niccolini-sipping-feedback-spit >> >> Despite the plethora of documents, there is debate in the community >> over whether there would be any value in pursuing any or all of >> these. >> >> The purpose of this exploratory group is to determine whether there >> are one or more mechanisms for mitigation of unsoicited communication, >> > unsoicited --> unsolicited Done. >> which would be reasonable subjects for standardization within the IETF. >> Reasonableness entails meeting the following criteria: >> >> * requires standardization to be effective, >> * there is some evidence that it would, in fact, have a demonstrable >> impact on the spit problem based on a plausibility threshold >> given certain assumptions >> * has a scope of applicability that is sufficiently broad to be >> useful >> >> To that end, this exploratory group is chartered with determining >> whether there are one or more mechanisms for preventing SPIT which >> would be reasonable subjects for standardization within the IETF, and >> if there are, to produce a charter for a working group to develop >> standards for such mechanisms. >> >> To achieve these goals, the working group will solicit inputs (in the >> form of individual Internet Drafts) which do the following: >> >> 1. describe the proposed mechanism in terms of information flow, >> information semantics, and how that information is used, at >> sufficient levels of detail to achieve the rest of the objectives >> below. Protocol machinery - such as headers, syntax, and so on - are >> irrelevant and distracting. However, sufficient detail must be given >> so that implementing the mechanism is a matter of engineering and >> design, and not 'research'. For example, a proposal which relies on >> consultation of an 'oracle', without describing at least one >> mechanism by which an oracle might answer a question, is not >> sufficient. As another example, a proposal which proposes that >> metrics be passed around without describing example metrics and how >> they are computed, is not sufficient. >> >> As an example, a proposal on 'spam scoring' might propose: "The >> originating domain of a call look at the caller's profile, and then >> compute the number of calls per day for that caller, and compare it >> to average. It then considers the ratio of these two as an indicator >> of a potential spammer. This ratio is then sent in the signaling >> from the calling to called domain. The called domain has a >> configured threshold, and if the ratio is above it, the call is >> discarded." This is the kind of level of detail that is needed. >> >> 2. describe the scope of applicability for the mechanism. Does it >> work within a domain only? Inter-domain? Require trust federations? >> Work in an environment where only some of the systems support it? >> Require changes in clients? In servers? Require centralized trust >> anchors? Work with human-generated or botnet-generated (recorded) >> spam? And so on. >> >> 3. clearly indicate why the author of the proposal believes the >> mechanism would, in fact, have a demonstrable impact on reducing >> spit. "Demonstrable" means that, an engineering argument could be >> made that, within the scope of applicability, there is a qualitative >> or quantitative analysis that shows that the volume of spit could be >> reduced. The proposal should pre-emptively capture arguments that >> could be made against the proposal. For example, a hashcash proposal >> needs to discuss the differences in computational capabilities >> between legitimate endpoints and how those differ from spammers. It >> is acceptable if the proposal doesn't work that well in the face of >> botnets, though this topic should be discussed. >> >> 4. clearly indicate why standardization is needed to make the >> mechanism work. Any mechanism which relies only on local computation >> within a host (for example, looking for malformed SIP requests) does >> not require standardization. >> >> >> At minimum the EG is going to discuss: >> >> * spam scoring >> * reputation systems >> * Turing tests >> >> There are proposals on the table around these mechanisms that at least >> some portion of the community believes would benefit from >> standardization. Authors of those proposals will turn them into the >> documentation described above. The group will additionally issue an >> open call for additional documentation. >> >> With proposals on the table, the EG will discuss the contents. The one >> and only purpose of that discussion is to make an assessment on >> whether there are one or more mechanisms which could plausibly have an >> impact on reducing unsolicited communications, and for which IETF >> standardization would be an appropriate action. Discussions on SIP >> details, headers vs. bodies, extensibility models, frameworks, >> terminology, and so on, would be out of scope for the EG discussion. >> Those discussions would be appropriate for a WG, should the EG >> decide to form one. >> >> >> Goals and Milestones: >> >> Aug 2008 Formation of an exploratory working group >> Sep 2008 Initial versions of high-level mechanism proposals meeting >> the criteria above, submitted as individual I-Ds >> > The deadline of Sep 2008 seems to be very short to submit these > individual IDs, but well... We try to be ambigous. >> Oct/Nov 2008 Periodic (weekly or biweekly) telecons to discuss >> Nov 2008 Continue discussions at the IETF meeting >> Feb 2009 Agree on whether there should be an IETF WG, and if so, >> agree on a charter >> Mar 2009 Close EG > Ciao Hannes > Tschofenig, Hannes (NSN - FI/Espoo) wrote: >> Hi all, >> >> As you might have noticed, we got stuck a bit with the charter >> discussions on the list. Hence, a few of us, namely Mary Barnes, >> Jonathan Rosenberg, Jon Peterson, Henning Schulzrinne, Cullen Jennings >> and Jan Seedorf, used the IETF 72 meeting to chat about the RUCUS >> charter. >> >> Jonathan, Henning and I came up with a first text proposal based on the >> discussion we had during the meeting. Please find it in the attachment. >> >> Please let us know whether you find the current charter text acceptable. >> >> >> Ciao >> Hannes >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Rucus mailing list >> Rucus@ietf.org >> https://www.ietf.org/mailman/listinfo/rucus > > ------------------------------------------------------------------------ > > _______________________________________________ > Rucus mailing list > Rucus@ietf.org > https://www.ietf.org/mailman/listinfo/rucus > _______________________________________________ Rucus mailing list Rucus@ietf.org https://www.ietf.org/mailman/listinfo/rucus
- [Rucus] RUCUS Charter Text v1 Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [Rucus] RUCUS Charter Text v1 Saverio Niccolini
- Re: [Rucus] RUCUS Charter Text v1 Thomas Froment
- Re: [Rucus] RUCUS Charter Text v1 Michael Liljenstam
- Re: [Rucus] RUCUS Charter Text v1 Saverio Niccolini
- Re: [Rucus] RUCUS Charter Text v1 Hannes Tschofenig
- Re: [Rucus] RUCUS Charter Text v1 Hannes Tschofenig
- Re: [Rucus] RUCUS Charter Text v1 Sanjay Sinha (sanjsinh)
- Re: [Rucus] RUCUS Charter Text v1 Jonathan Rosenberg
- Re: [Rucus] RUCUS Charter Text v1 Hannes Tschofenig
- [Rucus] RUCUS Charter Text v2 Hannes Tschofenig
- Re: [Rucus] RUCUS Charter Text v1 Hannes Tschofenig
- Re: [Rucus] RUCUS Charter Text v1 Dan York
- Re: [Rucus] RUCUS Charter Text v1 Tschofenig, Hannes (NSN - FI/Espoo)