IETF Logo Mail Archive

Re: [sipcore] Review of draft-ietf-sipcore-callinfo-rcd-07

Chris Wendt <chris-ietf@chriswendt.net> Tue, 29 August 2023 21:02 UTC

Return-Path: <chris-ietf@chriswendt.net>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A5BDC15257C for <sipcore@ietfa.amsl.com>; Tue, 29 Aug 2023 14:02:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=chriswendt.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cToQ6LKn24ve for <sipcore@ietfa.amsl.com>; Tue, 29 Aug 2023 14:02:26 -0700 (PDT)
Received: from quail.birch.relay.mailchannels.net (quail.birch.relay.mailchannels.net [23.83.209.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88D96C151522 for <sipcore@ietf.org>; Tue, 29 Aug 2023 14:02:26 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|chris-ietf@chriswendt.net
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 8C567540885; Tue, 29 Aug 2023 21:02:25 +0000 (UTC)
Received: from pdx1-sub0-mail-a206.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id AF725540448; Tue, 29 Aug 2023 21:02:24 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1693342944; a=rsa-sha256; cv=none; b=ov3Z36QcOc8GaVUtvlpTBEAJYhXNTZv/gIXiCUhEJowu/+SIEtdfZ8iCieATcX9HEEyobT NRZPP+RmZNwGZICBlTzEIGU+zPIH9QIImvtD0aiW42jpOWQT5DoCi/ehw3DPaIuUFZvBao iCBfv5iTfUS3SS8dW0frbbM7JN5XCH7NEz2ydHjIXnF1nSWoTSDA97pETHOFHiPtWcvsmj Fj2ZoUInO2L+82z8GDrRtdhJHYBaTyLplS/+shzwxoghcOUdl/ZaqmdhkH5qkrTUs+F50P knYNfta7vW2kfUhGRSjENOypQ0qmnpJP8cxc/SifGQIWoulHGxx3Z4AKwzITyA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1693342944; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=wdq+1uN+an6b+9FHpQ1ZzaC61GvHslU9J7QDYgRaRH8=; b=tctAgh7wv6gb8vq+UBtzcdWbRoIS5a00DLeJZ5DDxRnl1KjMlGOxcxA7nF3pPOrzE4fyUt 4lkg1OpwJApV99//gV36dATUutJMh2DIKo9J5xGNgas3YQNMYDIFZu/dmzuN6c9TAs2k30 ihSw0g026wWEVF+PaSw/NYqIu+Dx2yHwiIYp87UcrNPSdZBQsxvErnCAzukQa3spsnsq3w rxu08iSSDhqhpDVD4vgE6xcSa1SZiDXiYUhKCaoWmRPuAMyUGM5xS+XRqG6gsNvQrNUi+h 5SBjrcHy//BGZh7igLOEDLEsnPmSuflsUEFSYMVpVNpZW/eN/flAlaE4FnkHQg==
ARC-Authentication-Results: i=1; rspamd-bfd6864c7-bhpck; auth=pass smtp.auth=dreamhost smtp.mailfrom=chris-ietf@chriswendt.net
X-Sender-Id: dreamhost|x-authsender|chris-ietf@chriswendt.net
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|chris-ietf@chriswendt.net
X-MailChannels-Auth-Id: dreamhost
X-Desert-Oafish: 116e64f053182c9f_1693342945389_787306601
X-MC-Loop-Signature: 1693342945389:3849082803
X-MC-Ingress-Time: 1693342945389
Received: from pdx1-sub0-mail-a206.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.115.61.195 (trex/6.9.1); Tue, 29 Aug 2023 21:02:25 +0000
Received: from smtpclient.apple (c-68-82-121-63.hsd1.pa.comcast.net [68.82.121.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: chris-ietf@chriswendt.net) by pdx1-sub0-mail-a206.dreamhost.com (Postfix) with ESMTPSA id 4Rb0HN0xPJzBV; Tue, 29 Aug 2023 14:02:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chriswendt.net; s=dreamhost; t=1693342944; bh=wdq+1uN+an6b+9FHpQ1ZzaC61GvHslU9J7QDYgRaRH8=; h=Content-Type:Subject:From:Date:Cc:Content-Transfer-Encoding:To; b=ZRDV1rHW0grKTw2M+FnjUjh/OFB0eNwh+oh2IUwussFZGAO1uS6oLBfgGPrnvhYsS i7V5PMnE8TXXZ2/upCHt7ACzG9mWOyMCZfAlxaUCusQ8WV4POBj6DoFxMD3djPokBR kEwKn0MjcgB6LMVX9N4T1toZn5viPlzGD/F16+SMXk1f9oJmhvkCRgiIAqviMQP2MD Dd+W9b/+mjD9W79RXFdD44au2SEEZxGsPFfaO2tDUQY0udAEdUy6w3neE1/AkfiMnJ Zbmvqeoqtq8mIl/EjaQQhWgvqBlE9+M2wCx8OTqrnvJEa0YRpC0LGPYOUY+ihUuf+/ jCqHsUW/WhZSg==
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.100.2.1.2\))
From: Chris Wendt <chris-ietf@chriswendt.net>
In-Reply-To: <96420a2a-f3ad-0561-2208-5c4b4b875419@alum.mit.edu>
Date: Tue, 29 Aug 2023 17:02:12 -0400
Cc: SIPCORE <sipcore@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <7E56A606-C43D-4245-811B-E26F789FB4EC@chriswendt.net>
References: <da9ba37b-52a0-c8db-252b-8a6977140581@nostrum.com> <088772af-222e-1fdd-0a00-e6c49edd3d3d@alum.mit.edu> <92c20b54-5492-435c-457d-990a6726d6d0@alum.mit.edu> <4664701E-D3DC-4C84-AE53-50D07E4C3AA6@chriswendt.net> <96420a2a-f3ad-0561-2208-5c4b4b875419@alum.mit.edu>
To: Paul Kyzivat <pkyzivat@alum.mit.edu>
X-Mailer: Apple Mail (2.3774.100.2.1.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/VyLCEOXmhLcWBm2KF6p4bhXZbo8>
Subject: Re: [sipcore] Review of draft-ietf-sipcore-callinfo-rcd-07
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Aug 2023 21:02:30 -0000

Hi Paul,

No worries, appreciate the comprehensive review and suggestions!!  I will upload -08 very soon.

-Chris

> On Aug 29, 2023, at 4:39 PM, Paul Kyzivat <pkyzivat@alum.mit.edu> wrote:
> 
> Chris,
> 
> On 8/29/23 12:16 PM, Chris Wendt wrote:
>> Hi Paul,
>> I fixed the issues you brought up and have a recommended fix for your last comment inline below.  Let me know if you think that addresses it appropriately and I will put out a -08.
> 
> I'm happy. More below.
> 
> [snip]
> 
>>> * Validation of remotely retrieved jcards
>>> 
>>> (This isn't new with this version, but I just now noticed it)
>>> 
>>> Section 5 says:
>>> 
>>>  A jCard also MAY be carried ... Alternatively, the URI MUST define the
>>>  use HTTPS or a transport that can validate the integrity of the source
>>>  of the resource as well as the transport channel through which the
>>>  resource is retrieved.
>>> 
>>> In this case the callee must decide whether to trust the jcard. This source is presumably the intermediary that is in a position to validate the caller. How does the callee know to trust this source?
>>> 
>>> This seems closely linked to the trust in the rcd itself. I haven't followed the rcd work closely so I don't know how that has been resolved. Can you say something about how all this is to work?
>> I added the following sentence to the end of the paragraph above: “As discussed in Section 1, if in the specific deployment environment of SIP, the source or integrity of the Rich Call Data information can not be trusted, than the use of the STIR RCD framework defined in {{I-D.ietf-stir-passport-rcd}} should be considered.”
>> The Section 1 text referred to is as follows:
>> "Used on its own, this specification assumes that the called party user agent can trust the SIP network or the SIP provider to assign, deliver and protect the correct rich call data (RCD) information as an end-to-end security policy.  However, as is true in many interconnected communications services, this end-to-end trust can not be guaranteed and therefore as the recommended approach, the entity inserting the Call-Info header field should also sign the caller information via STIR {{RFC7340}} defined protocol tools for SIP {{RFC8224}} and specifically through the use of Rich Call Data (RCD) or the "rcd" PASSporT defined in {{I-D.ietf-stir-passport-rcd}}.
>> Alternatively, this specification can be utilized in conjunction with the protocols defined in {{I-D.ietf-stir-passport-rcd}} as part of the communications signaling path, but specifically in the trusted UNI device interface at the terminating side of the communications as part of an authenticated network to device trusted signaling where a device may not have the ability to verify the "rcd" PASSporT, but can receive the RCD information using Call-Info as defined in this specification.”
> 
> I was generating my comments based mostly on the diff. I didn't read the whole thing again, and so didn't remember the stuff you reference above. If I had I wouldn't have raised the issue at all. Sorry!
> 
>> Let me know if this addresses your concern.
> 
> Yes, I'm good.
> 
> 	Thanks,
> 	Paul
> 
> 
> _______________________________________________
> sipcore mailing list
> sipcore@ietf.org
> https://www.ietf.org/mailman/listinfo/sipcore

v2.23.0 | Report a Bug | By Email