Re: [sipcore] Doc Shepherd review of draft-ietf-sipcore-rejected-05
Eric Burger <eburger@standardstrack.com> Sun, 07 April 2019 19:36 UTC
Return-Path: <eburger@standardstrack.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF8D81204B0 for <sipcore@ietfa.amsl.com>; Sun, 7 Apr 2019 12:36:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.689
X-Spam-Level:
X-Spam-Status: No, score=-1.689 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=standardstrack.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HiEYw-eb3Qjk for <sipcore@ietfa.amsl.com>; Sun, 7 Apr 2019 12:35:59 -0700 (PDT)
Received: from biz221.inmotionhosting.com (biz221.inmotionhosting.com [198.46.93.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4466D12033D for <sipcore@ietf.org>; Sun, 7 Apr 2019 12:35:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=standardstrack.com; s=default; h=References:To:Cc:In-Reply-To:Date:Subject: Mime-Version:Content-Type:Message-Id:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=um8HzDiAxO5Qdb7rbywtYOd5WiMEF9tq7Wur1Qv805E=; b=IWGO+J2MBog9uk/y4Tfoexpfm c1uF3Kn0pHoE85xZM+grKocMGqK8PgsxMDF5NRRGcGCdS3e8rM8oV5jKXbyFnjW/FQq3FfMHSUCWw z2D7m7uGm+BhShFdxf34CcXGU81FmBF9WgVuFstXwWlDaDeGtVA2FUFrlU/AAbSMQZqIs=;
Received: from [68.100.196.217] (port=55730 helo=[192.168.10.26]) by biz221.inmotionhosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from <eburger@standardstrack.com>) id 1hDDZy-0000nm-Tt; Sun, 07 Apr 2019 12:35:58 -0700
From: Eric Burger <eburger@standardstrack.com>
Message-Id: <F08720C2-2DB7-4F45-BF5C-E253D5B84619@standardstrack.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_BE44B972-7488-48E7-B8CB-617F9A41EEAE"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\))
Date: Sun, 07 Apr 2019 15:35:45 -0400
In-Reply-To: <2508d59d-e270-cfa4-e79c-d9da0f3c589c@nostrum.com>
Cc: SIPCORE <sipcore@ietf.org>
To: "A. Jean Mahoney" <mahoney@nostrum.com>
References: <2508d59d-e270-cfa4-e79c-d9da0f3c589c@nostrum.com>
X-Mailer: Apple Mail (2.3445.104.8)
X-OutGoing-Spam-Status: No, score=0.3
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - biz221.inmotionhosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - standardstrack.com
X-Get-Message-Sender-Via: biz221.inmotionhosting.com: authenticated_id: eburger+standardstrack.com/only user confirmed/virtual account not confirmed
X-Authenticated-Sender: biz221.inmotionhosting.com: eburger@standardstrack.com
X-Source:
X-Source-Args:
X-Source-Dir:
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/XAYQpX_EQUhePszlvyagFbP3liI>
Subject: Re: [sipcore] Doc Shepherd review of draft-ietf-sipcore-rejected-05
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Apr 2019 19:36:01 -0000
Updates have been done. I could not tell you who did the updates because now it has been passivized ;-) The only update not applied is that while it is best to protect the key, it really needs to be protected at rest. > On Apr 2, 2019, at 5:39 PM, A. Jean Mahoney <mahoney@nostrum.com> wrote: > > Hi Eric and Bhavik, > > Thanks for addressing all of the feedback so far. In preparation for the Doc Shepherd Write-up, I have run idnits, gone through the ID Checklist, and made my own pass through the draft. I have the following feedback below (overwhelmingly nits) - > > Thanks! > > Jean > > > ------------------------------------------------------------------------ > Major issues: > ------------- > > None. > > > Minor issues: > ------------- > > The Terminology section still needs a bit of tweaking (idnits complains): > > In draft: > > This document uses the terms "MUST", "MUST NOT", "REQUIRED", "SHALL", > "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and > "OPTIONAL" as described in BCP14 [RFC2119][RFC8174] when, and only > when, they appear in all capitals, as shown here. > > > Current boilerplate: > > The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", > "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and > "OPTIONAL" in this document are to be interpreted as described in > BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all > capitals, as shown here. > > > Nits: > ----- > > Throughout the document, replace "Call-Info header" with "Call-Info header field". > > > 1. Introduction > > Expand the acronym UAC on first use. > > s/Figure 1 and Figure 2 shows/Figure 1 and Figure 2 show > > > Current: > > The problem here is that network elements downstream > from the intermediary might interpret the 607 as a user (human) > marking the call as unwanted, as opposed to a statistical, machine > learning, vulnerable to the base rate fallacy [BaseRate] algorithm > rejecting the call. In other words, those downstream entities should > not be relying on another entity 'deciding' the call is unwanted. > > > Suggested: > > The problem here is that network elements downstream > from the intermediary might interpret the 607 as coming from a user > (human) that has marked the call as unwanted, as opposed to coming > from an algorithm using statistics or machine learning to reject > the call. An algorithm can be vulnerable to the base rate fallacy > [BaseRate]. In other words, those downstream entities should not rely > on another entity 'deciding' the call is unwanted. > > > s/SIP header passed back/Call-Info header field passed back > > > > 3.3 UAC Operation > > s/feature capability tag in the INVITE request/feature capability indicator in the Feature-Caps header field of the INVITE request > > > > 3.4 Legacy Interoperation > > Current: > > One aspect of using a feature capability is only the network elements > that will consume (UAC) or play an announcement (media gateway, SBC, > or proxy) need understand the sip.608 feature capability. All other > (existing) infrastructure can remain without modification, assuming > they are conformant to Section 16.6 of [RFC3261], specifically they > will pass headers such as "Feature-Capability: sip.608" unmodified. > > Suggested: > > One aspect of using a feature capability is that only the network > elements that will either consume (UAC) or play an announcement > (media gateway, session border controller (SBC) [RFC7092], or proxy) > need to understand the sip.608 feature capability. The rest of the > infrastructure does not need to be modified, assuming that the other > network elements conform to Section 16.6 of [RFC3261], specifically > that they will pass header fields such as "Feature-Capability: > sip.608" unmodified. > > > > 3.5 Announcement Requirements > > s/that will be doing the announcement/that handles the announcement > > s/the modality for conveying/how to convey > > > > 4.1 Full Exchange > > In the examples, follow guidance from RFC2606, RFC3849, and RFC6890 on constructing example addresses, FQDNs, and TNs: > o Replace IPv4 addresses with addresses in the example space > [RFC6890]: 192.0.2.0/24 > Or better yet, use IPv6 examples [RFC3849]: 2001:DB8::/32 > o Use example FQDNs specified in [RFC2606]. > o Use example phone numbers in the following space: > +1<area code>555<0100-0199> > > > s/exemplary purposes/example purposes > > s/at rest/at best > > > > 5.4. Call-Info Purpose > > Current: > > This > modifies the registry header field parameters and parameter values by > adding this RFC as a reference to the line for the header field > "Call-Info" and parameter name "purpose": > > Suggested: > > This > modifies the "Header Field Parameters and Parameter Values" > subregistry of the "Session Initiation Protocol (SIP) Parameters" > registry by adding this RFC as a reference to the line for the > header field "Call-Info" and parameter name "purpose": > > > > 6. Security Considerations > > Current: > > Another risk is for an attacker to purposely not include the sip.608 > feature capability in a flood of INVITE requests, direct those > requests to proxies known to insert the sip.608 feature, and direct > the SDP to a victim device. > > Suggested: > > Another risk is for an attacker to flood a proxy that supports the > sip.608 feature with INVITE requests that lack the sip.608 feature > capability in order to direct the SDP to a victim's device. > > s/pharming/phishing (For more info on this edit, see RFC4949) > > s/lookup/look up > > s/dialled/dialed > > s/jourisdiction's/jurisdiction's > > > > 8.3 Informative References > > [BaseRate] s/ http://www.dtic.mil/get-tr-doc/pdf?AD=ADA045772 / > https://apps.dtic.mil/docs/citations/ADA045772 > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore
- [sipcore] Doc Shepherd review of draft-ietf-sipco… A. Jean Mahoney
- Re: [sipcore] Doc Shepherd review of draft-ietf-s… Eric Burger
- Re: [sipcore] Doc Shepherd review of draft-ietf-s… A. Jean Mahoney