Re: [sipcore] Updated 4244bis and new call flow document

Paul Kyzivat <pkyzivat@cisco.com> Fri, 23 July 2010 14:11 UTC

Return-Path: <pkyzivat@cisco.com>
X-Original-To: sipcore@core3.amsl.com
Delivered-To: sipcore@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6DFD93A683E for <sipcore@core3.amsl.com>; Fri, 23 Jul 2010 07:11:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.564
X-Spam-Level:
X-Spam-Status: No, score=-10.564 tagged_above=-999 required=5 tests=[AWL=0.035, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hXn6Ohl0HYmh for <sipcore@core3.amsl.com>; Fri, 23 Jul 2010 07:11:51 -0700 (PDT)
Received: from rtp-iport-2.cisco.com (rtp-iport-2.cisco.com [64.102.122.149]) by core3.amsl.com (Postfix) with ESMTP id 93C823A6876 for <sipcore@ietf.org>; Fri, 23 Jul 2010 07:11:50 -0700 (PDT)
Authentication-Results: rtp-iport-2.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvsEAA9ASUxAZnwN/2dsb2JhbACfanGmb5sBgm+CRwSIYA
Received: from rtp-core-2.cisco.com ([64.102.124.13]) by rtp-iport-2.cisco.com with ESMTP; 23 Jul 2010 14:12:08 +0000
Received: from [10.86.253.215] ([10.86.253.215]) by rtp-core-2.cisco.com (8.13.8/8.14.3) with ESMTP id o6NEC8C2028797; Fri, 23 Jul 2010 14:12:08 GMT
Message-ID: <4C49A337.3010503@cisco.com>
Date: Fri, 23 Jul 2010 10:12:07 -0400
From: Paul Kyzivat <pkyzivat@cisco.com>
User-Agent: Thunderbird 2.0.0.24 (Windows/20100228)
MIME-Version: 1.0
To: "DRAGE, Keith (Keith)" <keith.drage@alcatel-lucent.com>
References: <AANLkTim-f7vZ1IFS3WhVS9G8Mg1dhueN8tevLb_xDRR1@mail.gmail.com> <AANLkTilRRmWt30XOp3VKn2Xtzv71-EDUfyyUSOb0J3Bk@mail.gmail.com> <9886E5FCA6D76549A3011068483A4BD4065E732E@S4DE8PSAAQB.mitte.t-com.de> <4C49951C.8050202@cisco.com> <EDC0A1AE77C57744B664A310A0B23AE214925C62@FRMRSSXCHMBSC3.dc-m.alcatel-lucent.com>
In-Reply-To: <EDC0A1AE77C57744B664A310A0B23AE214925C62@FRMRSSXCHMBSC3.dc-m.alcatel-lucent.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "sipcore@ietf.org" <sipcore@ietf.org>, "R.Jesske@telekom.de" <R.Jesske@telekom.de>
Subject: Re: [sipcore] Updated 4244bis and new call flow document
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sipcore>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Jul 2010 14:11:52 -0000

Keith,

You raise a good point. It forced me to go back and review 3323 and 3325.

3323 defines a "privacy service" which the UAC can use to assist it in 
obtaining privacy. The UAC is expected to arrange for its requests to be 
routed through a privacy service.

The notion of trust domain is introduced in 3325. It introduces the "id" 
privacy value, which is to be removed at the boundary of the trust 
domain, but not before then. It doesn't say anything about where privacy 
services exist in the network. Its my assumption that there must be a 
privacy service on the boundary of the trust domain that acts on the 
"id" privacy type. But this is not explict. And even if this is implied, 
its hard to say if it would be a full privacy service that can be 
counted upon to act upon other privacy types in the request.

Hence, a UAC that wishes "header" or "session" privacy has nothing 
better to go on than 3323, which recommends that it route its outbound 
request directly to a privacy service. If that privacy service is 
compliant with 4244bis, it will anonymize what is in the H-I header at 
that time. But then any entries added downstream of that point will not 
be anonymized.

So I think there really is something wrong with the referenced text.
If the use of "domain" was intended to be "trust domain" then its 
dependent on 3325. If it was intended to mean "DNS domain", then its 
still implying there is a privacy service that will magically be 
traversed when leaving the DNS domain.

	Thanks,
	Paul

DRAGE, Keith (Keith) wrote:
> If we are going to talk about trust domains in the document, then you will have to say what they are.
> 
> For the RFC 3325 stuff there is most of a document that talks about that. Moreover, you need to say what to "trust" the next entity to do if you do not do it.
> 
> To give some idea of what I mean. Statements like "I will give you the identity if you do not reveal it to anyone outside our area of trust" are slightly different to "I trust you to implement the privacy that I otherwise would have done so if I did not trust you".
> 
> regards
> 
> Keith
> 
>> -----Original Message-----
>> From: sipcore-bounces@ietf.org 
>> [mailto:sipcore-bounces@ietf.org] On Behalf Of Paul Kyzivat
>> Sent: Friday, July 23, 2010 2:12 PM
>> To: R.Jesske@telekom.de
>> Cc: sipcore@ietf.org
>> Subject: Re: [sipcore] Updated 4244bis and new call flow document
>>
>>
>>
>> R.Jesske@telekom.de wrote:
>>> Hi Mary,
>>> With regard to your question for comments/review, I went 
>> thought the draft.
>>> For http://www.ietf.org/id/draft-ietf-sipcore-rfc4244bis-01.txt
>>>
>>> I have the following comments: 
>>>
>>>
>>> 6.3.2.  Privacy in the History-Info Header
>>>
>>> ...
>>> If the requestor has indicated a priv-
>>>    value of "session" or "header" in the request, all History-Info
>>>    entries MUST be anonymized when the request leaves a 
>> domain for which
>>>    the intermediary is responsible.
>>> ...
>>>
>>> In this section it is mentioned that the entries must be 
>> anonymized when leaving the domain. I thought that if a trust 
>> relationship between domains are existing and the following 
>> domain secures the "privacy" then the information could be 
>> forwarded and will then deleted by the succeeding domain 
>> before reaching the terminating user. 
>>> Some regulators are requesting to pass identities until the 
>> last domain where it is possible to execute the privacy 
>> regarding RFC3323. So I think this is a MAY based on domain 
>> policy. And it is a MUST when the succeeding network cannot 
>> guarantee the privacy.
>>> Or do I misunderstand the meaning of "domain for which the 
>> intermediary is responsible"
>>
>> I'm not an expert on this, but ISTM that in the case you 
>> describe the request is not leaving the *trust* domain.
>>
>> But that does point out ambiguity in the text you quote. That 
>> kind of wording "domain for which the intermediary is 
>> responsible" is usually talking about *DNS* domains, not 
>> *trust* domains. So maybe that should say:
>>
>>   ...
>>   If the requestor has indicated a priv-value of "session" or "header"
>>   in the request, all History-Info entries MUST be anonymized when the
>>   request leaves a *trust* domain for which the intermediary is
>>   responsible.
>>   ...
>>
>> 	Thanks,
>> 	Paul
>> _______________________________________________
>> sipcore mailing list
>> sipcore@ietf.org
>> https://www.ietf.org/mailman/listinfo/sipcore
>>