[sipcore] Re: Mohamed Boucadair's Discuss on draft-ietf-sipcore-callinfo-rcd-16: (with DISCUSS and COMMENT)

Chris Wendt <chris@appliedbits.com> Thu, 10 April 2025 16:07 UTC

Return-Path: <chris@appliedbits.com>
X-Original-To: sipcore@mail2.ietf.org
Delivered-To: sipcore@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id E869B1A42F61; Thu, 10 Apr 2025 09:07:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=appliedbits.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xvzrLjbJEZn9; Thu, 10 Apr 2025 09:07:30 -0700 (PDT)
Received: from silver.cherry.relay.mailchannels.net (silver.cherry.relay.mailchannels.net [23.83.223.166]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 707221A42F5B; Thu, 10 Apr 2025 09:07:29 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|chris@appliedbits.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 93BA41A2FF9; Thu, 10 Apr 2025 16:07:28 +0000 (UTC)
Received: from pdx1-sub0-mail-a242.dreamhost.com (trex-3.trex.outbound.svc.cluster.local [100.102.82.18]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 21A421A3FCE; Thu, 10 Apr 2025 16:07:28 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1744301248; a=rsa-sha256; cv=none; b=j57e4c6ZVK/ShwTArLOmGNuZfcF7DWZGlfnBXVK3sGCYgi2K8/3IcmOfDe0KmKcC+OAeaB n3Mb5OWBlxhoPu4gdidXNMCAa02zDsmO7//0A354GTNeKvvLD753F635et0wBeDiFXZx8k KztMdk9RAYZRkNzHqL2uPRknxSaVnYEr5TtFhOChL90lqx3GvM3csECKp7NLb5yuFki4EO KuBGyS66wo5O7TjpXVZB4Q3Vpvd3AANR5dJp6qXSVa/W2MIpr8Cw0WzdkUkj4hDUE8bV06 8jMT5HNLU4buAsFYqlTqcbfL9vw4t9nU270l1XEVS5P5kQxiRPCYS04rMGnDhw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1744301248; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=uZZwNGwi6898WBcsDVXevRyZsX+cwuIitmFFHuZ+I1k=; b=csTY7LBI67BBMpb0TioTKCVG6MwFn+/1t/C4dRFE5DmRq5zt/8NriLAtnww0PtYTCCuqrf R++4FsDfK9wV50Takjk07ayoX26EvIbscH0Bz0mU+qtm34NwgMq2n7mMxEBNvSeDBJSk3g F19r3IxWjZOfxf+ZUOEy/1cXreF4A86+GaqPE4Y8yTNohFL00wazomcyukh/3JHixRf1J/ /hV+08MHd0nFXTixzcep1YAy3A+6GIkmjaSHzZxUsdghYyYiysqbYxLGcX33CZ37adNDT+ M8xsNEgGIxGyxJ5uQoYosLpmhU/K0e+sVfB4mAOAmvpMOs5An81PY+xzKn3zcg==
ARC-Authentication-Results: i=1; rspamd-6ddf8c4bf5-n827r; auth=pass smtp.auth=dreamhost smtp.mailfrom=chris@appliedbits.com
X-Sender-Id: dreamhost|x-authsender|chris@appliedbits.com
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|chris@appliedbits.com
X-MailChannels-Auth-Id: dreamhost
X-Celery-Wipe: 4a96f2a52b704ffa_1744301248423_2798287916
X-MC-Loop-Signature: 1744301248422:3175605476
X-MC-Ingress-Time: 1744301248422
Received: from pdx1-sub0-mail-a242.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.102.82.18 (trex/7.0.3); Thu, 10 Apr 2025 16:07:28 +0000
Received: from smtpclient.apple (static-71-185-246-14.phlapa.fios.verizon.net [71.185.246.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: chris@appliedbits.com) by pdx1-sub0-mail-a242.dreamhost.com (Postfix) with ESMTPSA id 4ZYPpk5Yjzz46; Thu, 10 Apr 2025 09:07:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=appliedbits.com; s=dreamhost; t=1744301248; bh=uZZwNGwi6898WBcsDVXevRyZsX+cwuIitmFFHuZ+I1k=; h=Content-Type:Subject:From:Date:Cc:Content-Transfer-Encoding:To; b=F+QtVfzkjMBjnnThd2C7++kGH8EO54tTNEZZTpNe6nRhR9NOMckqmnbsCvJj8JjWk Awvd/XJFasoB1LalbIhDXtlPwAJj5opReYo6fVe4FASm7dhtj77x/sKKJOvq1PZs0V 66gCNCwARHF5QMRIt4ZvE4au1rlM2i1UF4lhhRoiZpK16GvVP+FsaYJHSIkdsnHYG9 U+tqqudNQLcERRmfWrfR9W/BWRqF8G9uPSpeJCPIk2MCG8w/Z9BG0t8xHT9MpKrb1z T9XAGS0eAJ+9lyuT4u9pIjM+ZOiuDqqGeL1/GQKOEh+fCx3+k5Rn8atIkoeoNjTF2l AauANsr312lHg==
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.500.181.1.5\))
From: Chris Wendt <chris@appliedbits.com>
In-Reply-To: <174383701715.153547.15320840735652398778@dt-datatracker-64c5c9b5f9-hz6qg>
Date: Thu, 10 Apr 2025 12:07:15 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <8BFA107F-8FD0-42BD-A5A3-DBBEFFFC5932@appliedbits.com>
References: <174383701715.153547.15320840735652398778@dt-datatracker-64c5c9b5f9-hz6qg>
To: Mohamed Boucadair <mohamed.boucadair@orange.com>
X-Mailer: Apple Mail (2.3826.500.181.1.5)
Message-ID-Hash: N7DFCCVK77JCRKGY4CBK4DQFR2LZRTRI
X-Message-ID-Hash: N7DFCCVK77JCRKGY4CBK4DQFR2LZRTRI
X-MailFrom: chris@appliedbits.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-sipcore.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, draft-ietf-sipcore-callinfo-rcd@ietf.org, sipcore-chairs@ietf.org, sipcore@ietf.org, shollenbeck@verisign.com
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [sipcore] Re: Mohamed Boucadair's Discuss on draft-ietf-sipcore-callinfo-rcd-16: (with DISCUSS and COMMENT)
List-Id: SIP Core Working Group <sipcore.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/2Nt9lVGfK5B84QOmAnpp7nGBCIQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Owner: <mailto:sipcore-owner@ietf.org>
List-Post: <mailto:sipcore@ietf.org>
List-Subscribe: <mailto:sipcore-join@ietf.org>
List-Unsubscribe: <mailto:sipcore-leave@ietf.org>

Hi Mohammed,

Appreciate your very comprehensive review and suggestions, comments inline.  I am planning to submit a corresponding -17 with the agreed changes/fixed discussed below, if there is further discussion can update as well.

Note to the larger working group, i’m also including a nit fix in -17 from Scott Hollenbeck Artart review (cc’d) that i had noticed previously missed fixing. 

s/jCard is a comprehensive and extensible mechanism defined in the STIR RCD
framework./jCard is a comprehensive and extensible mechanism utilized as part of the STIR RCD framework.

-Chris

> On Apr 5, 2025, at 3:10 AM, Mohamed Boucadair via Datatracker <noreply@ietf.org> wrote:
> 
> Mohamed Boucadair has entered the following ballot position for
> draft-ietf-sipcore-callinfo-rcd-16: Discuss
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ 
> for more information about how to handle DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-sipcore-callinfo-rcd/
> 
> 
> 
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
> 
> Hi Chris/Jon,
> 
> Thank you for the effort put into this specification.
> 
> Thanks also to Giuseppe Fioccola for the OPSDIR review.
> 
> # Meta comment
> 
> Overall, I like the flow the document and like Giuseppe I found sections 9/10
> very useful. There are, however, many repetitions in the text. Some
> cleanup/simplification are worth.
> 
> I found it intriguing that the document reasons about “calls” while I think
> this can be used independent of the media session under establishment. Under
> there are subtle things I didn’t catch, I strongly suggest the text is
> refreshed with that change in mind. The mysterious “to answer the phone” in the
> abstract made be lough.
> 
> I have few DISCUSS points and COMMENTs (tagged with (*) main ones).
> 
> # DISCUSS
> 
> ## Co-existence
> 
> CURRENT:
>   [RFC7852] provides a means of carrying additional data about callers
>   for the purposes of emergency services (especially Section 4.4
>   (Owner/Subscriber Information) of [RFC7852]).  This specification
>   provides an overlapping functionality for non-emergency cases.
>   Rather than overloading its "EmergencyCallData" Call-Info 'purpose'
>   parameter value, this document defines a separate 'purpose' parameter
>   for the more generic delivery of information via jCard [RFC7095].
>   This document borrows from [RFC7852] the capability to carry a data
>   structure as a body, through the use of the "cid" URI scheme
>   [RFC2392].
> 
> Do we need to say something about co-existence? Any usage guidance we want to
> add here for the new parameters, especially for emergency sessions?

This was the working group recommended way of stating this, the purpose/URI mechanism of call-info is unfortunately problematic for many reasons, so this was the mechanism we settled on.  I don’t think co-existence is the issue, perhaps you are reading “defines a separate ‘purpose’ parameter” to mean something different than intended.

I could rephrase that “defines a separate ‘purpose’ parameter value ‘jcard’ for the more generic …"

> 
> ## How to enforce the recommendation on future documents?
> 
> CURRENT:
>   It may be that future specifications extend
>   information types and, similar to how this document extends the Call-
>   Info header field to provide corresponding functionality to STIR RCD,
>   it is RECOMMENDED that future specifications also provide
>   corresponding Call-Info extensions.
> 
> How we enforce this? Show we consider this specification be tagged to update
> other base spec on the matter?
> 
> Absent concrete means, I fail to see how we will ensure in the future that this
> will.
> 
> May be this is not a recommendation at the first place. I’m neutral on the
> outcome but I think this should be fixed.

I don’t think it’s hurts, but i also agree it’s not strictly enforceable.  I think this was a fragment of other text that was previously removed due to other comments, so i don’t mind removing it now because it’s less meaningful guidance.

> 
> ## I failed to find how misbehaving intermediate nodes are detected. Can we
> have some reference or expand on this?
> 
> CURRENT:
>   Any additional parties involved in the call path MUST NOT modify the
>   Call-Info header field or add additional Call-Info header fields
>   related to RCD.

This is what stir is intended to validate as explained in the proceeding sentences, but whether or not you use stir or this is part of the UNI interface that may not carry the stir protection, we want this guidance. I agree, this can’t be detected, but I think it’s important guidance for those that are building eco-system/implementation policies that can and likely will enforce this.  This was important property that only a single representation of RCD is received at the end-point (and touches on some of your other comments).

> 
> ## What is the behavior at the terminating side when more objects are present
> for the following:
> 
>   A call and its corresponding single RCD-related Call-Info header
>   field MUST only contain a single jCard object represented by an array
>   with two elements.

Following the theme of your last comment, I don’t think there is a lot of motivation to define a deterministic behavior here other than potentially ignoring the jcard information. I don’t think we should give explicit advice to create an error condition or just pick the first one rather let the implementation and local policy determine how to impact the call. 
It simply doesn’t make sense to use the capability of jcard to include multiple and was clarified and added based on other review comments which i think was correct.  
I could add a qualifier:  "Because the use and purpose of this specification is to provide a single presentation of rich call data information, a call and its corresponding …” 

> 
> ## Is there a chance that this can be a clickable text? If so, can we say that
> the display should not be clickable, by default?
> 
> CURRENT:
>   As a general guideline, this message SHOULD be no longer
>   than 64 characters; displays that support this specification may be
>   forced to truncate messages that cannot fit onto a screen.  This
>   message conveys the caller's intention in contacting the callee.  It
>   is an optional parameter, and the sender of a SIP request cannot
>   guarantee that its display will be supported by the terminating
>   endpoint
> 

That’s a valid comment, i can add that guidance.
"In general, use of strings that could be forms of URIs or other potential strings that could be used or interpreted as a 'clickable' action is discouraged."

> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> # Minor/nits
> 
> ## (general) I would change “calling parties” with “initiating parties”,
> “called parties” with “terminating parties”, and “incoming calls” with
> “incoming sessions”.

I do acknowledge this struggle, i do note that you’ve provided a lot of these corrections in your comments below, so i did fix those suggestions, but didn’t check for every case.  In general “calling/called party” is sort of a term of art where “initiating/terminating parties” is less used would be my argument.

> 
> ## (general) (*) there are many examples given with EN US, are other languages
> supported in such text parts (see the example below)? I hope as I’d like to
> have ⵎⵓⵃⵎⵎⴰⴷ ⴱⵓⵇⴷⴰⵢⵔ or محمد بوقداير supported :
> 
> CURRENT:
>  ["fn", {}, "text", "Mr. John Q. Public\, Esq."]

Sounds like a great goal which i agree with the sentiment, but I can’t commit to add unicode examples this at this stage and a tight turnaround.

> 
> ## Title: s/ SIP Call-Info Parameters for Rich Call Data/ SIP Call-Info
> Parameters for Rich Call Data (RCD)
> 
> ## Abstract: simplify + generalize “call” + fix the “answer the phone”
> 
> OLD:
>   This document describes a usage of the SIP Call-Info header field
>   that incorporates Rich Call Data (RCD) associated with the identity
>   of the calling party in order to provide to the called party a
>   description of the caller or details about the reason for the call.
>   RCD includes information about the caller beyond the telephone number
>   such as a calling name, or a logo, photo, or jCard object
>   representing the caller, which can help the called party decide
>   whether to answer the phone.  The elements defined for this purpose
>   are intended to be extensible in order to accommodate related
>   information about calls and to be compatible and complementary with
>   the STIR/PASSporT RCD framework.
> 
> NEW:
>   This document describes a usage of the SIP Call-Info header field
>   that incorporates Rich Call Data (RCD) associated with the identity
>   of the originating party in order to provide to the terminating party a
>   description of the caller (including details about the reason for the
>   session). RCD includes information about the caller beyond the telephone
>   number such as a calling name, a logo, photo, or jCard object representing
>   the caller, which can help the called party decide how to handle the session
>   request.

Fixed

> 
> ## Introduction
> 
> (1) As another new parameter is already introduced separately and given that
> the abstract says 3, consider:
> 
> s/this document defines two new/this document defines two other new
> 
> (2) s/the concept of successful verification/successful verification
> 
> (3) “SIP network or the SIP provider”: remind these concepts.


Fixed

> 
> # Section 3
> 
> (1) s/In this document, provide a/ This document provides a
> 
> (2) s/guided by two things/guided by two aspects
> 
> (3) “and manipulation of data on IP networks”: may be the scope of the claim is
> too wide :-) I personally don’t think the full sentence is needed to justify
> the use of JSON.
> 
> (4) s/ parameter 'call-reason' provides a string or other object that conveys/
> parameter 'call-reason' conveys
> 
> (5) s/[I-D.ietf-stir-passport-rcd] in Section 8.2/Section 8.2 of
> [I-D.ietf-stir-passport-rcd]
> 

Fixed

> # Section 4
> 
> (1) s/SIP-based call involves/SIP-based session involves
> 
> (2) s/[RFC3261], Section 20.9 defines/Section 20.9 of [RFC3261] defines

Fixed

> 
> # Section 5
> 
> (1)
> 
> CURRENT
>   Alternatively, the URI
>   MUST define the use HTTPS or a transport that can validate the
>   integrity of the source of the resource as well as the transport
>   channel through which the resource is retrieved.
> 
> I don’t parse what is meant in the first part of this sentence.

Included the following alternative wording: "Alternatively, the Call-Info header field URI MUST use a transport that can validate the integrity of the source of the resource (e.g HTTPS tied to a specific validated domain)."

> 
> (2)
> 
> CURRENT:
>   A call and its corresponding single RCD-related Call-Info header
>   field MUST only contain a single jCard object represented by an array
>   with two elements.
> 
> What is the behavior at the terminating side when more are present? (*)

This is discussed above.

> 
> (3)
> 
> CURRENT:
>      Date: Fri, 25 Sep 2015 19:12:25 GMT
> 
> It smells like this was grabbed from other RFCs ?), but updating the date to
> match the publication date would make sense. Also, this would be consistent
> with the other examples. Thanks.

Fixed

> 
> # Section 6
> 
> Consider simplifying (there are other similar constructs)
> 
> OLD:
>   This specification defines a new parameter that extends the overall
>   content of the RCD-related Call-Info header field.  As other
>   parameters may be defined in the future, this
> 
> NEW:
>   This parameter

Fixed

> 
> # Section 7
> 
> (1) Already stated, please simplify
> 
> OLD: This specification defines an additional new parameter, the 'verified'
> parameter NEW: The 'verified' parameter
> 
> (2) simplify
> 
> OLD: This parameter is to be used to indicate
> NEW: This parameter indicates
> 
> (3) (several occurrences)
> 
> OLD: [I-D.ietf-stir-passport-rcd] Section 8
> NEW: Section 8 of [I-D.ietf-stir-passport-rcd]
> 
> (4) s/NNI network relationship to/NNI

Fixed

> 
> # Section 8
> 
> Consider simplifying:
> 
> OLD:
>   This specification defines an additional new parameter, the
>   'integrity' parameter, that extends and complements the integrity
>   information conveyed specifically by the 'rcdi' claim in the RCD-
>   related Call-Info header field.  This parameter is intended to be
> 
> NEW:
>   The 'integrity' parameter extends and complements the integrity
>   information conveyed specifically by the 'rcdi' claim in the RCD-
>   related Call-Info header field.  This parameter is

Fixed

> 
> # Section 9
> 
> (1) Is there any provisioning required to make use of the extensions? Are there
> logs for session that were rejected because the reason does not match, etc.? (*)

The management of Rich Call Data does require a lot of provisioning and validation of information upfront which the industry is currently building and offering commercial solutions for branded calling, so yes if i understand your question.
The mechanism i’m aware of is that a stir ‘rcd’ PASSporT is received and that is translated into the call-info header to transport the rich call data into the UNI toward the end user device.  Theoretically it’s the responsibility of the end customer provider to do that correctly and they should match, unless they have local policies that may change that, but there is no standards defined logging or anything currently.  Hopefully that is what you are asking.

> 
> (2) On the “generally” part, ere there cases where this is not followed?
> 
> CURRENT:
>   The procedures for the usage of URIs and 'purpose' parameter tokens
>   should generally follow the procedures defined in [RFC3261].

Removed the word generally :)

> 
> # Section 10
> 
> (1)
> 
> Please fix the following and add a reference for Base64 encoding:
> 
> OLD:
>   For the use of the 'purpose' token "icon" or for the cases where the
>   jCard either incorporates URIs or includes digital images and sounds
>   directly via Base64 encoding, we provide recommendations
> 
> NEW:
>   For the use of the 'purpose' token "icon" or for the cases where the
>   jCard either incorporates URIs or includes digital images and sounds
>   directly via Base64 encoding, this document provides

Fixed with a little more color

> 
> (2)
> 
> OLD: (e.g., 16 bit, 8 bit, or 1 bit)
> NEW: (e.g., 16-bit, 8-bit, or 1-bit),
> 
> (3) I don’t think the part with “future” is needed. I would keep only the first
> part:
> 
> CURRENT:
>   jCard is an extensible object;
>   therefore, there may be future specifications that extend the set of
>   properties relevant to the applications that implement this
>   specification.
> 
> 
> 
Fixed