IETF Logo Mail Archive

Re: [sipcore] Review of draft-ietf-sipcore-callinfo-rcd-07

Paul Kyzivat <pkyzivat@alum.mit.edu> Tue, 29 August 2023 20:39 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC5A0C15256B for <sipcore@ietfa.amsl.com>; Tue, 29 Aug 2023 13:39:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.091, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JFhDLStsLU85 for <sipcore@ietfa.amsl.com>; Tue, 29 Aug 2023 13:39:46 -0700 (PDT)
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2044.outbound.protection.outlook.com [40.107.237.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E55AC14CF13 for <sipcore@ietf.org>; Tue, 29 Aug 2023 13:39:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=df1vY6mlCzFZVMHHfaoLmVi7Y4+0Bz1t4vOa6D532k0FZKae+YkcJthMs621OOyQe7aoq7rC4tWyyfZQTDYMgiMp2xuynvIcit/w8X1iW15abpKUgQn3KLLqiPnkkw2fA2BY4WZqFlIXl/TrwM7+7HlRuQbEEZZQ5lEJM1umIJ96ch2+vWTWBtUiUwfIqASNRH8c+gMa17ieTd5PmS/aa008aj67vKHkYzm29Gfz/m+9Lhvvw+HmypTHBZ2Zk6eSkgl7zLqnTUSXmB3yhxBfwoxYnTPWHHKIRnKHSdq9skU+EpJ3zWDouviYL7+pUWuDQvItnAtzf8/dYtMyL/h9RQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tdTmzdr/RL2zISEg4XYsxjBf2kxhqFus1v7pybPXNmk=; b=hVwXUZwobORcrM+Vqm9aC3xc22RtGuZCoAzjrqEFeZ93LtweeNPDE0hwqYaQGrint2SrSejd6OhDB1PyS2OuFFupW0vSACBruZBfd6KTL9Rau2TRzlRVNKB9m+fo6IkX9LG7SWC4t0IFzr9lNQKGybxYEUmHRV5XICSAQsJTBhD+WnkX5NcNa5JrOgBNY0Fj6sNnzctNHPaPe9BuJ31V+qEkDVNLW9vQAT7Z0/gk8PyJLvPyfptwZyx1So2x9cLWNXCByCEtiDE5rdcOSKymENfeLn8Pt9GKT2HoMbxRjPOONmizXko42cBd1J37mqb0l0P/F7INQyfro093f9U8fQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=ietf.org smtp.mailfrom=alum.mit.edu; dmarc=pass (p=none sp=none pct=100) action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tdTmzdr/RL2zISEg4XYsxjBf2kxhqFus1v7pybPXNmk=; b=YlUvrPUuIS+RzA0cw+YhUbVk8EPSWlf4CbGd64zMhVr56/pVzAt7Qyi1fLMhulJ9B8vfAPxiApOL/XB/5P+/aqTLJrDsTGv6QuWPtG1EPPb6sHdBxh2zpvzmDaGhwOzzcpnrSPXrJ1QbOF4Kjl2sGnFftRg1SLRpnKsv84hiy5Q=
Received: from BN9PR03CA0176.namprd03.prod.outlook.com (2603:10b6:408:f4::31) by CH2PR12MB4938.namprd12.prod.outlook.com (2603:10b6:610:34::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6745.18; Tue, 29 Aug 2023 20:39:43 +0000
Received: from BN1NAM02FT043.eop-nam02.prod.protection.outlook.com (2603:10b6:408:f4:cafe::c0) by BN9PR03CA0176.outlook.office365.com (2603:10b6:408:f4::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6699.35 via Frontend Transport; Tue, 29 Aug 2023 20:39:43 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=alum.mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu; pr=C
Received: from outgoing-alum.mit.edu (18.7.68.33) by BN1NAM02FT043.mail.protection.outlook.com (10.13.2.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6745.20 via Frontend Transport; Tue, 29 Aug 2023 20:39:42 +0000
Received: from [192.168.1.52] (c-73-143-251-114.hsd1.ct.comcast.net [73.143.251.114]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id 37TKdf04024667 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Tue, 29 Aug 2023 16:39:41 -0400
Message-ID: <96420a2a-f3ad-0561-2208-5c4b4b875419@alum.mit.edu>
Date: Tue, 29 Aug 2023 16:39:41 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.14.0
Content-Language: en-US
To: Chris Wendt <chris-ietf@chriswendt.net>
Cc: SIPCORE <sipcore@ietf.org>
References: <da9ba37b-52a0-c8db-252b-8a6977140581@nostrum.com> <088772af-222e-1fdd-0a00-e6c49edd3d3d@alum.mit.edu> <92c20b54-5492-435c-457d-990a6726d6d0@alum.mit.edu> <4664701E-D3DC-4C84-AE53-50D07E4C3AA6@chriswendt.net>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
In-Reply-To: <4664701E-D3DC-4C84-AE53-50D07E4C3AA6@chriswendt.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BN1NAM02FT043:EE_|CH2PR12MB4938:EE_
X-MS-Office365-Filtering-Correlation-Id: c2e2e71b-6831-43ee-1c6e-08dba8d01306
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: qBG5wmVGhE1E9c6j+gzc4Gacame0jT8nZnThc93nmtU8wsrY+LeEQqN+KTmdpEV3YodiH+ipqdqiaLOZp0nda64o8CppcwyM2xD/y3dURQWuwC2yJvvpzp/2kvKCx/GiL5tVRiiK9RrfWwtUk6gdCDH1AT8PR2FmjY7izuJ703DcH3K8iaQCSjdDLrVZEMRxlJE8NDrwgtzQrbPFgMeSUVYS6Rbn03lfcyvcJOgd4jFPHwjFc/zhb6ke2om/y0MysEBZD21IKkhPb3+8d/AbmfgdmQPVtuNfCt1v9uArskwl0CbXX5eJ/OXzsPL1zrjdlm8PCG8GmxCaq9e7FznjDtAqgkV3dyb/xHVRtDvj4PbIZkPvNPfWrVSpWF9hrT852y1IZ3FuqbDp1Ev4uVTbd3AYLdfTiChnRgTGRlgiwn0QJIpb33c3xfYdFakYVhJOxfBH6iwLBOzSUhfhl46xchF5E+KcjoBD91+7peYKFIwern8B1qLdYBvylu1Y6/A7aN4Yq6I0Kfi45+gjG7pMu9HxhcUCSM2rbgIejAAUJMTtg8Y+QDTB0mw7ceCpHSa/W0n8foMrhRWxxUs0tTv4HprfUenyFyicmK/QjP7vlu53faNBMg73YRgZbNfidLQCuRpV8hil+2kWZp5BrZVX3U0TW9sGaYgu1t8SbONaDt/kZif+XCnGi8Dx34yyB16aMqsR1Z14oxZf7/PjMLIlwbcvD2ajJIPrT5qXDivRCTciiVJoSSNYhpZnaK2V6yE9
X-Forefront-Antispam-Report: CIP:18.7.68.33; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:outgoing-alum.mit.edu; PTR:outgoing-alum.mit.edu; CAT:NONE; SFS:(13230031)(376002)(396003)(346002)(136003)(39860400002)(1800799009)(186009)(82310400011)(451199024)(46966006)(36840700001)(356005)(7596003)(82740400003)(8936002)(70206006)(53546011)(478600001)(70586007)(31686004)(6916009)(316002)(41300700001)(786003)(75432002)(26005)(8676002)(5660300002)(41320700001)(2906002)(31696002)(83380400001)(2616005)(956004)(47076005)(86362001)(36860700001)(40480700001)(336012)(4326008)(43740500002); DIR:OUT; SFP:1101;
X-OriginatorOrg: alum.mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Aug 2023 20:39:42.7638 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: c2e2e71b-6831-43ee-1c6e-08dba8d01306
X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu]
X-MS-Exchange-CrossTenant-AuthSource: BN1NAM02FT043.eop-nam02.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB4938
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/5JKYR2-Z8tp8wuwgI1H1-_AzMbQ>
Subject: Re: [sipcore] Review of draft-ietf-sipcore-callinfo-rcd-07
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Aug 2023 20:39:49 -0000

Chris,

On 8/29/23 12:16 PM, Chris Wendt wrote:
> Hi Paul,
> 
> I fixed the issues you brought up and have a recommended fix for your last comment inline below.  Let me know if you think that addresses it appropriately and I will put out a -08.

I'm happy. More below.

[snip]

>> * Validation of remotely retrieved jcards
>>
>> (This isn't new with this version, but I just now noticed it)
>>
>> Section 5 says:
>>
>>   A jCard also MAY be carried ... Alternatively, the URI MUST define the
>>   use HTTPS or a transport that can validate the integrity of the source
>>   of the resource as well as the transport channel through which the
>>   resource is retrieved.
>>
>> In this case the callee must decide whether to trust the jcard. This source is presumably the intermediary that is in a position to validate the caller. How does the callee know to trust this source?
>>
>> This seems closely linked to the trust in the rcd itself. I haven't followed the rcd work closely so I don't know how that has been resolved. Can you say something about how all this is to work?
> 
> I added the following sentence to the end of the paragraph above: “As discussed in Section 1, if in the specific deployment environment of SIP, the source or integrity of the Rich Call Data information can not be trusted, than the use of the STIR RCD framework defined in {{I-D.ietf-stir-passport-rcd}} should be considered.”
> 
> 
> The Section 1 text referred to is as follows:
> "Used on its own, this specification assumes that the called party user agent can trust the SIP network or the SIP provider to assign, deliver and protect the correct rich call data (RCD) information as an end-to-end security policy.  However, as is true in many interconnected communications services, this end-to-end trust can not be guaranteed and therefore as the recommended approach, the entity inserting the Call-Info header field should also sign the caller information via STIR {{RFC7340}} defined protocol tools for SIP {{RFC8224}} and specifically through the use of Rich Call Data (RCD) or the "rcd" PASSporT defined in {{I-D.ietf-stir-passport-rcd}}.
> 
> Alternatively, this specification can be utilized in conjunction with the protocols defined in {{I-D.ietf-stir-passport-rcd}} as part of the communications signaling path, but specifically in the trusted UNI device interface at the terminating side of the communications as part of an authenticated network to device trusted signaling where a device may not have the ability to verify the "rcd" PASSporT, but can receive the RCD information using Call-Info as defined in this specification.”

I was generating my comments based mostly on the diff. I didn't read the 
whole thing again, and so didn't remember the stuff you reference above. 
If I had I wouldn't have raised the issue at all. Sorry!

> Let me know if this addresses your concern.

Yes, I'm good.

	Thanks,
	Paul

v2.23.0 | Report a Bug | By Email