IETF Logo Mail Archive

RE: R: R: [Sip] a question about IETF draft location conveyance 09

"James M. Polk" <jmpolk@cisco.com> Mon, 26 November 2007 21:02 UTC

Return-path: <sip-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Iwl6O-00079O-8d; Mon, 26 Nov 2007 16:02:48 -0500
Received: from sip by megatron.ietf.org with local (Exim 4.43) id 1Iwl6N-00079J-Kg for sip-confirm+ok@megatron.ietf.org; Mon, 26 Nov 2007 16:02:47 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Iwl6N-00079B-B9 for sip@ietf.org; Mon, 26 Nov 2007 16:02:47 -0500
Received: from sj-iport-3-in.cisco.com ([171.71.176.72] helo=sj-iport-3.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Iwl6J-0003Cm-7w for sip@ietf.org; Mon, 26 Nov 2007 16:02:47 -0500
Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-3.cisco.com with ESMTP; 26 Nov 2007 13:02:42 -0800
Received: from sj-core-3.cisco.com (sj-core-3.cisco.com [171.68.223.137]) by sj-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id lAQL2gDi031326; Mon, 26 Nov 2007 13:02:42 -0800
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-3.cisco.com (8.12.10/8.12.6) with ESMTP id lAQL2c0W010956; Mon, 26 Nov 2007 21:02:38 GMT
Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 26 Nov 2007 13:02:37 -0800
Received: from jmpolk-wxp.cisco.com ([10.21.113.135]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 26 Nov 2007 13:02:37 -0800
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Mon, 26 Nov 2007 15:02:35 -0600
To: "DRAGE, Keith (Keith)" <drage@alcatel-lucent.com>, daniel grotti <daniel.grotti@unibo.it>, Dean Willis <dean.willis@softarmor.com>
From: "James M. Polk" <jmpolk@cisco.com>
Subject: RE: R: R: [Sip] a question about IETF draft location conveyance 09
In-Reply-To: <5D1A7985295922448D5550C94DE2918001974BEC@DEEXC1U01.de.luce nt.com>
References: <4742BDF5.9040302@unibo.it> <XFE-SJC-212qXLFfJNw000012bf@xfe-sjc-212.amer.cisco.com> <p06240607c36a38613297@[67.169.50.136]> <XFE-SJC-211EAOeIiGX000013f8@xfe-sjc-211.amer.cisco.com> <p06240608c36a4849ecf3@[67.169.50.136]> <XFE-SJC-212AOmAfjuU000013bb@xfe-sjc-212.amer.cisco.com> <p0624060ac36a6ec4f1c2@[67.169.50.136]> <A30B7FF9263D5340AD5DECB88A243C42015FEE65@EXBK03.personale.dir.unibo.it> <4745BDC7.30003@gmx.net> <A30B7FF9263D5340AD5DECB88A243C42015FEE67@EXBK03.personale.dir.unibo.it> <A3636D5F-1B88-4C38-8091-F083AD517D47@softarmor.com> <A30B7FF9263D5340AD5DECB88A243C42015FEE69@EXBK03.personale.dir.unibo.it> <5D1A7985295922448D5550C94DE2918001974BEC@DEEXC1U01.de.lucent.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Message-ID: <XFE-SJC-212Ozyfyz5b00001699@xfe-sjc-212.amer.cisco.com>
X-OriginalArrivalTime: 26 Nov 2007 21:02:37.0376 (UTC) FILETIME=[AC81F400:01C8306F]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=4860; t=1196110962; x=1196974962; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jmpolk@cisco.com; z=From:=20=22James=20M.=20Polk=22=20<jmpolk@cisco.com> |Subject:=20RE=3A=20R=3A=20R=3A=20[Sip]=20a=20question=20about=20IETF=20d raft=20location=0A=20=20conveyance=2009 |Sender:=20; bh=K+eAVr0BSIGgZA2mWT7Yyw1efQV1zKunubCXp0jSZiM=; b=kl7O2qvLvOYmjB/Km/PxSp+2YwL1Ds4THGmPz/i9NjouNYjl6Y8rMtH6LQFYwOMJQoyNaUdD IzwjGVHAAdke23Ivv8nHqD0e67S9HkN3uSOm4xmeH3qV5xaicmM9mDG3uJYnhWNQ/5qvbS5QI1 BgsAOt56SKjeTWAH6nl5DTX6I=;
Authentication-Results: sj-dkim-1; header.From=jmpolk@cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; );
X-Spam-Score: -4.0 (----)
X-Scan-Signature: 8fbbaa16f9fd29df280814cb95ae2290
Cc: IETF SIP List <sip@ietf.org>
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Errors-To: sip-bounces@ietf.org

This also gets back to one of my original points, does SIP expect a 
UAC to understand the topology of a message's path to the ultimate destination?

Is Ted's intent of the "recipient=endpoint" parameter to prevent 
proxies from reading location in a message *and* a "recipient=server" 
parameter to prevent endpoints from reading location in a message?

Does the UAC always know that there are only proxies between it and 
the destination UAS?

Does the UAC always understand a particular message does or does not 
need to be routed based on the location within the request?

Emergency services is an example of, always allow proxy routing when 
the UAC knows this is an emergency request.  But will this be true 
for all applications of location conveyance in the (relatively 
near-term) future?  I'm not so sure.

The UAC has a mechanism for making location not readable by proxies 
if it doesn't want them to, use encryption e2e.  But this has 
interesting properties in at least one case, the a user calls the 
nearest Pizza Hut.

A UAC can encrypt its location in the first INVITE, but if Pizza Hut 
has a national or regional number, that routes on the location of the 
caller, the message will probably return a 493 (undecipherable).

Does the UAC then send location to PizzaHut.com unencrypted, knowing 
this is required to get the INVITE to the right store?

There are other usages of this, other than Pizza Hut.

Does anyone have a suggestion for informative text that can address 
each of these two (or more) situations?

At the moment, all text around "recipient=" is suggestive, and not 
definitive, because of what Dean says below.

That said, I could put something in like "unless a future standards 
track RFC says otherwise, the use of "recipient=" parameter within 
any locationValue is informative in nature", thus leaving the door 
open for ECRIT's phoneBCP doc to refine usage in the emergency 
context, as well as any other service defining document to do the 
same type of refinement.

James

At 08:28 AM 11/26/2007, DRAGE, Keith \(Keith\) wrote:
>This just seems to me to be an inappropriate change of RFC 2119 language.
>
>If we really mean either of these, then we should be specifying that 
>the message is encrypted in the first place.
>
>What we probably mean is something informative (because we cannot 
>make a normative statement on what applications do with the data), 
>stating that usage of the message so tagged is inappropriate because 
>the sender did not intend it to be used for this purpose.
>
>Regards
>
>Keith
>
> > -----Original Message-----
> > From: daniel grotti [mailto:daniel.grotti@unibo.it]
> > Sent: Saturday, November 24, 2007 11:38 AM
> > To: Dean Willis
> > Cc: IETF SIP List; James M. Polk
> > Subject: R: R: R: [Sip] a question about IETF draft location
> > conveyance 09
> >
> > I know.
> > May be SHOULD NOT instead MUST NOT could be better.
> >
> > daniel
> >
> >
> > ----------------------------------
> >        Daniel  Grotti
> > D.E.I.S. - University of Bologna
> > ----------------------------------
> >        Via Venezia, 52
> >   47023 Cesena (FC) - ITALY
> > ----------------------------------
> > e-mail: daniel.grotti@unibo.it
> > ----------------------------------
> >
> >
> >
> > -----Messaggio originale-----
> > Da: Dean Willis [mailto:dean.willis@softarmor.com]
> > Inviato: sab 24/11/2007 2.32
> > A: daniel grotti
> > Cc: Hannes Tschofenig; IETF SIP List; James M. Polk
> > Oggetto: Re: R: R: [Sip] a question about IETF draft location
> > conveyance 09
> >
> >
> > On Nov 22, 2007, at 12:08 PM, daniel grotti wrote:
> >
> > > Hi all,
> > > so why don't emphasize this point in the next draft, saying :
> > > "Proxy server MUST not read messages with "recipient=endpoint"
> > > paramenter setted".
> > > This is my point of you.
> > >
> > >
> >
> >
> > because from a security standpoint, this prohibition is meaningless.
> > Intermediate nodes can and will read anything that's in
> > plaintext, and SOMEBODY will come up with a rationale, in
> > some context or another, for doing so.
> >
> > And has been pointed out, doing so does not appear to create
> > a compatibility problem. It doesn't break the protocol. It
> > might defeat security-through-obscurity. It might be rude, or
> > otherwise socially unacceptable. But those don't qualify for
> > a MUST level protocol prohibition.
> >
> > --
> > Dean
> >
> >
> >
> >
> > _______________________________________________
> > Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
> > This list is for NEW development of the core SIP Protocol Use
> > sip-implementors@cs.columbia.edu for questions on current sip
> > Use sipping@ietf.org for new developments on the application of sip
> >


_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip

v2.23.0 | Report a Bug | By Email