IETF Logo Mail Archive

Re: [sipcore] AD Evaluation of draft-ietf-sipcore-reason-q850-loc-04

Ben Campbell <ben@nostrum.com> Wed, 30 January 2019 23:07 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9940130EBD; Wed, 30 Jan 2019 15:07:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.678
X-Spam-Level:
X-Spam-Status: No, score=-1.678 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8ujvemtovoVa; Wed, 30 Jan 2019 15:07:49 -0800 (PST)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F1F3130DE3; Wed, 30 Jan 2019 15:07:49 -0800 (PST)
Received: from [10.0.1.29] (cpe-70-122-203-106.tx.res.rr.com [70.122.203.106]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id x0UN7jK9040398 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 30 Jan 2019 17:07:47 -0600 (CST) (envelope-from ben@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1548889669; bh=qS/PG7ZfmUV77/HL4Cu+5BddL9IEEFnxiiQeE705SaQ=; h=From:Subject:Date:In-Reply-To:Cc:To:References; b=gNVetbgBxyh3xdV4I+X3lUc/Bt92ZakpWmSiX4rLr8UPFQfADIOV2GCUZbBR5dHk8 SM+iBkkLbU2+bOAcklEL3bll2kUTKwRzFM9I8w7OoAnqsopqCZZ0Xbc0PKy4/H2Uu1 XhjzO0JfvA3TS5bW2F9MbyHipJ6nT1zqHK1eFy8g=
X-Authentication-Warning: raven.nostrum.com: Host cpe-70-122-203-106.tx.res.rr.com [70.122.203.106] claimed to be [10.0.1.29]
From: Ben Campbell <ben@nostrum.com>
Message-Id: <9ADAF2A2-FA6F-493A-A1A3-E9386C8150D1@nostrum.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_6E4300E6-171C-4913-8BFA-D1345B49DD9F"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
Date: Wed, 30 Jan 2019 17:07:43 -0600
In-Reply-To: <B25E5FC2-948A-4138-B111-CFA8F13CF1F2@nostrum.com>
Cc: sipcore-chairs@ietf.org, sipcore@ietf.org, draft-ietf-sipcore-reason-q850-loc.all@ietf.org
To: "<R.Jesske@telekom.de>" <R.Jesske@telekom.de>
References: <34AC90DD-12D6-4F34-B2A0-A1BB4D66A701@nostrum.com> <FRXPR01MB01355ED302E1EBC466EA8EE9F9D30@FRXPR01MB0135.DEUPRD01.PROD.OUTLOOK.DE> <39984F53-5EA4-475C-B060-C2E16CF37FB3@nostrum.com> <B25E5FC2-948A-4138-B111-CFA8F13CF1F2@nostrum.com>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/LZxe-l-3tWsYz0LJbpsYBqTKnAY>
Subject: Re: [sipcore] AD Evaluation of draft-ietf-sipcore-reason-q850-loc-04
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jan 2019 23:07:51 -0000

Oops, I forgot two more minor editorial comments. This does not change the last call status.

- Abstract: The abstract should not contain citations. It’s okay to mention an RFC number, but don’t put it in brackets like a citation would be in the body.

- It needs a normative reverence to RFC 8174.

Thanks!

Ben.

> On Jan 30, 2019, at 5:02 PM, Ben Campbell <ben@nostrum.com> wrote:
> 
> Hi Roland,
> 
> I think this version is ready for IETF Last Call. I will request that shortly.
> 
> I still have some minor editorial comments below. These can be addressed along with any IETF LC feedback.
> 
> Thanks!
> 
> Ben.
> 
>> On Jan 14, 2019, at 5:29 PM, Ben Campbell <ben@nostrum.com <mailto:ben@nostrum.com>> wrote:
>> 
>> Signed PGP part
>> Apologies for the late response. I somehow missed seeing your response until now. Comments inline. I removed sections that seem resolved.
>> 
>> Please submit a new revision as soon as you are ready.
>> 
>> Thanks!
>> 
>> Ben.
>> 
>>> On Nov 30, 2018, at 4:38 AM, R.Jesske@telekom.de wrote:
>>> 
>>>> 
>> 
>> [...]
>> 
>>>> *** Substantive Comments ***
>>>> 
>>>> §3: “open to be used by any other network”
>>>> That would really mean “any other network that includes ISUP interworking
>>>> gateways and uses Q.850 reason codes”, right?
>>>> 
>>> [RJ] Yes
> 
> I think it would be worth mentioning that in the draft.
> 
> […]
> 
>> 
>>>> 
>>>> §6 and §7:
>>>> 
>>>> Unfortunately, RFC 3326 contains no privacy considerations at all, so we really
>>>> can’t say that this doesn’t change them. The expectation for privacy
>>>> considerations has changed since that RFC was published. I think this
>>>> document does need to describe any privacy considerations that  the
>>>> combination of a Q.850 reason code and location might have.
>>> 
>>> [RJ] I would propose to delete then the first sentence.
>>> Thus the considerations would state:
>>> While the addition of the location parameter
>>>  does provide an indicator of the entity that added the location in
>>>  the signaling path this provides little more exposure than the
>>>  [Q.850] cause itself.
>>> 
>>> I could add:
>>> When applying privacy according to RFC 3323 the location value will not give any hint to the identity originating or terminating party of the call. It shows only the location of the release of the call which maybe the end device itself (location user) or any other network part.
>>> The location is even not showing from which city or town the call is coming from.
>>> 
>>> Would this be enough?
>> 
>> If the call was released by the end device, does that not let people infer information about the original callee, if that device can be associated with the callee?
> 
> I think we’ve resolved that part, but looking at the new language:
> 
> "When applying privacy according to [RFC3323] the location value will not give any hint to the identity originating or terminating party of the call. It shows only the location of the release of the call which maybe the end device itself (location user) or any other network part. The location is even not showing from which city or town the call is coming from."
> 
> I think readers will still get confused by the use of “location” to describe something that’s not a “physical” location. I think it would help in this sentence to clarify that we are talking about “ISUP location”. Also, the is the use of RFC 3323 really relevant? That is, I don’t think the ISUP location reveals the identity one way or another, right? It’s not up to this draft to worry about whether some other part of the SIP message does.
> 
> Finally, there are some minor grammar issues. I propose the following simplification:
> 
> “The ISUP location value itself will not reveal the identity of the originating or terminating party of the call.  It shows only the ISUP network location of the device that released the call. The ISUP location does not show show the physical location of the caller or callee.”
> 
> (Nit) §7, new text: I propose the following edit:
> 
> OLD:
> "[RFC3398] does an extensive security consideration due to
>   interworking between ISUP and SIP.”
> NEW:
> "[RFC3398] describes detailed security consideration due to
>   interworking between ISUP and SIP."

v2.23.0 | Report a Bug | By Email