Re: [sipcore] Last Call: <draft-ietf-sipcore-status-unwanted-04.txt> (A SIP Response Code for Unwanted Calls) to Proposed Standard

["Asveren, Tolga" <tasveren@sonusnet.com>]

FWIW (and considering that we may end up with a “rough consensus”), I agree with Adam’s analysis below.

So, overall I do not think any changes are needed in the draft and it can proceed to become a RFC.

Thanks,
Tolga

From: sipcore [mailto:sipcore-bounces@ietf.org] On Behalf Of Adam Roach
Sent: Tuesday, March 21, 2017 12:59 PM
To: Pete Resnick <presnick@qti.qualcomm.com>; ietf@ietf.org
Cc: ben@nostrum.com; sipcore-chairs@ietf.org; sipcore@ietf.org; draft-ietf-sipcore-status-unwanted@ietf.org
Subject: Re: [sipcore] Last Call: <draft-ietf-sipcore-status-unwanted-04.txt> (A SIP Response Code for Unwanted Calls) to Proposed Standard

On 3/21/17 10:49, Pete Resnick wrote:

  1.  The 666 mechanism leaves the decision of what is meant by "unwanted" to the provider, which will inevitably cause data loss through the use of heuristics. Adding a header to the 603 response is an extensible mechanism that could capture the single semantic bit of 666 and any future semantics that one wishes to add, without requiring the provider to guess. The provider gets definitive information that it can act on.

The problem is that the semantics of 666 are backwards from the semantics of 603.

603 means "there is an issue with the disposition of the *called* party that prevents completing the call."

666 means "there is an issue with the disposition of the *calling* party that prevents completing the call."

You're proposing conflating the two semantics, which necessarily introduces more ambiguity, not less.

Carrier determination of how to handle these codes is, as with any nuisance communication mitigation, going to necessarily be based on heuristics to avoid accidental blacklisting, intentional blowback, and the inevitable gaming of the system by bad actors. You imply that the application of heuristics is an unwanted side effect of the system, when it in fact the primary goal.

In terms of being able to provide gradation between types of unwanted calls, the application of a header -- as you propose -- to provide such indication seems like a fine idea. I will point out one caveat and make one observation. The caveat is that it would be harmful to add this header in a way that reverses the sense of a response code, such as making 603 bear on the calling party rather than the called party; so such an indication would need to be on a new response code, such as the one currently proposed in draft-ietf-sipcore-status-unwanted. The observation is that this mechanism can be added to this new status at a later date, in a modular fashion and in a backwards compatible way. In other words: your proposed enhancement is *nice*, but it does not preclude publishing the mechanism currently described.



  1.  The 666 mechanism limits the implementation of the mechanism to a 1-button choice and requires additional standardization work to use a different UI. Clearly 666 was designed around something akin to a "SPAM" button in the UI. But what if I want a field in my address book that says, "Permanently block this particular caller" (say, my ex-boyfriend or my annoying neighbor)? I don't want to indicate that these are spam calls because I don't want my provider applying heuristics to them. I want to send back a 603 with a header that says, "Block these whenever you see them, but only for me." I can think of all sorts of other-than-one-button UIs that someone might want to implement. 666 is tied to a particular UI. 603 with a header is extensible.

That kind of persistent, hard-state user account configuration *really* isn't a reasonable kind of thing to do with a SIP status code (not least of all because you would need some mechanism for reviewing and managing such a list; and whatever that mechanism is could just as readily be used for adding entries). If you feel the need to pursue the somewhat related problem space of a network-assisted blocklist, we have a variety of tools we could bring to bear, such as XCAP. That's a separable problem, though, and I think that tangling it up with spam mitigation is a huge mistake.

I'll also point out that devices are perfectly capable of handling this feature locally without any assistance from the network, so I'm not sure how much value would be added by defining a network-hosted version of the service. The overarching point, though, is that a SIP response code is absolutely the wrong approach for doing so.



  1.  The 666 mechanism will be treated as a 600 "Busy" error by un-upgraded callers and/or providers. That might imply to some implementations that they should try to re-dial (e.g., the provider using the auto-redial feature) or to engage in other poor behavior. 603 with no Retry-After header already has a semantic of "The call was rejected and I'm not telling you when a good time to call back is", so there is some hope that an un-upgraded caller is more likely to do the right thing.



This is really reaching, and I think is based on a misperception of how SIP clients actually work when they receive 6xx responses. Taken to its logical conclusion, if we accept your assertion then we can't ever define a new 6xx-class SIP response code for fear that such codes "might imply to some implementations that they should try to re-dial (e.g., the provider using the auto-redial feature) or to engage in other poor behavior."



/a