IETF Logo Mail Archive

Re: [sipcore] [stir] draft-ietf-sipcore-callinfo-04 (call-reason)

Ranjit Avasarala <ranjitkav12@gmail.com> Tue, 12 April 2022 20:47 UTC

Return-Path: <ranjitkav12@gmail.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 998A63A1763; Tue, 12 Apr 2022 13:47:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.257
X-Spam-Level:
X-Spam-Status: No, score=-1.257 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, GB_ABOUTYOU=0.5, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WYrxQXQLBabf; Tue, 12 Apr 2022 13:47:13 -0700 (PDT)
Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D5763A179F; Tue, 12 Apr 2022 13:46:51 -0700 (PDT)
Received: by mail-ej1-x635.google.com with SMTP id i27so39676401ejd.9; Tue, 12 Apr 2022 13:46:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=UXdzH9bZa3eSWG6sAZRgNbs7a0CnwwLcCPVzPoYkJnk=; b=CbTVDQzseKvZ7naghjoSwohn7pO8UaaNDJougE6GsWjFp96qW5GLmqNFsyRwDwMbwu UOlUcQazkrB8JOpgGWMWLsqgAo+lnypfj7HWa+dkZqctKGOKHHrzEWmnM9YHyQH8NSVL Tnb8/LAUxxBvPaTJ9kRKk0g4tHk87Qj6Avq7bQAUL+jxC2s2AHlkIDLEqX2+57Khhscf 7EdBMYS+iei4Bb52RmiElqM9V6mU8snwS55YJIYh/Fhol9HWqV1c3keX+2Mmj9n18GPK cmxvkk7qW2YPoAiOtAjFXGttth7AaI1Q0ypAlB20y8DLfIRKX+J6CBJclMaNM5N7Te++ TUGQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=UXdzH9bZa3eSWG6sAZRgNbs7a0CnwwLcCPVzPoYkJnk=; b=WP+YnSG/MvpvsU9zklZ3tCwpweWo4dH5ThC+ZEWgOJ6V7prSmmssEuxXD5iwmr4Y82 zEwDXOeRe7sSMo8oMSyQ+WSVVVzB3S/gxKMCVxz+pHzyehWlYFzqMDVsJQkv9O0IuDaS fLoRCc/U7Kq8SwyzFSbkbuDG5eYU1SlYJzQnLXX7HA1F9ftljwnAP1y8i/WlJ1km2oTo +xY+uuRjtHsvHWK9bvXVRF/P1jwArYgIV2GAEWlaGt9O1BJ7gZlUvLH459vliLtRAiAc o3EYwCfHdLAcmDKeRC1v0qSwoUOSlGJ7mE342M6xafgr5VvZIAYvcfGmKHpgtG4AN+wl No9Q==
X-Gm-Message-State: AOAM532h3tm4YT/wezPYnn152TjiKFPd1XPQ1l81s7sXok+0zZqVwu9a Di/thnDNo41VF96wJIk39NtOhS4f0/2UxZWesm9DnYun
X-Google-Smtp-Source: ABdhPJxGJerkmzOVgvMpLGywP8Otoh/joII0Xc5HnHk+kDZ4j9L2fOrH9E1ekMk64Nnbsm4Byfh7dC7R5h/L9MEbDKU=
X-Received: by 2002:a17:906:c344:b0:6b4:c768:4a9a with SMTP id ci4-20020a170906c34400b006b4c7684a9amr36622401ejb.151.1649796409200; Tue, 12 Apr 2022 13:46:49 -0700 (PDT)
MIME-Version: 1.0
References: <CACgrgBbUASA4HTukPwZL9V=8XOMTx_keZcDh-pVc0eSJYtVS8w@mail.gmail.com> <86BE36F5-7CFE-48BE-B0A7-7458B67EB208@chriswendt.net> <CACgrgBYVi2rJv0BCFf3UxmjtSJHXRuFw+gbHsQm0Uo0Dr3J8Mw@mail.gmail.com> <51718867-9092-4423-B895-8069A8AF3D07@chriswendt.net> <CACgrgBZNXc0zcn7O9z2TS4_r5OGTsde7euMxcz_SqDO35pJASw@mail.gmail.com> <28766342-130D-4FED-AD38-7A817D4B525B@chriswendt.net> <97AB0ACC-011C-48F8-826A-2E7238485D30@nostrum.com> <BYAPR02MB4168AC85059C24E4D6186387D2ED9@BYAPR02MB4168.namprd02.prod.outlook.com>
In-Reply-To: <BYAPR02MB4168AC85059C24E4D6186387D2ED9@BYAPR02MB4168.namprd02.prod.outlook.com>
From: Ranjit Avasarala <ranjitkav12@gmail.com>
Date: Tue, 12 Apr 2022 15:46:38 -0500
Message-ID: <CAFXT-pvfDq-c6E=Ad+k7UDMOJUhKbK7n76Gq9wnzYPb5SvTiBg@mail.gmail.com>
To: "Gorman, Pierce" <Pierce.Gorman@t-mobile.com>
Cc: Ben Campbell <ben@nostrum.com>, Chris Wendt <chris-ietf@chriswendt.net>, IETF STIR Mail List <stir@ietf.org>, SIPCORE <sipcore@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ec17cb05dc7b286a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/cmx4LThrZa3EoXQoPYmNcx0qR2c>
Subject: Re: [sipcore] [stir] draft-ietf-sipcore-callinfo-04 (call-reason)
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Apr 2022 20:47:26 -0000

Depends on policy, but they could be passed thru to if needed

Regards
Ranjit

On Tue, Apr 12, 2022 at 3:23 PM Gorman, Pierce <Pierce.Gorman@t-mobile.com>
wrote:

> I assume Call-Info or Subject are likely to be stripped by SBCs.
>
>
>
>
>
> *From:* stir <stir-bounces@ietf.org> *On Behalf Of * Ben Campbell
> *Sent:* Tuesday, April 12, 2022 3:18 PM
> *To:* Chris Wendt <chris-ietf@chriswendt.net>
> *Cc:* IETF STIR Mail List <stir@ietf.org>; SIPCORE <sipcore@ietf.org>;
> Henning Schulzrinne <hgs@cs.columbia.edu>
> *Subject:* Re: [stir] [sipcore] draft-ietf-sipcore-callinfo-04
> (call-reason)
>
>
>
> *[External]*
>
>
>
> (as individual)
>
>
>
> (as individual)
>
>
>
> Apologies for coming to this thread late.
>
>
>
> I agree we should keep the crn claim for “rcd” passports at this point. I
> also understand there to be some implementations that either use it or plan
> to use it..
>
>
>
> I don’t have a strong opinion on the Callinfo param vs Subject question,
> as long as we have a consistent mapping. I guess there is the question of
> whether SBCs will mess with either, but I don’t know if that is more likely
> for one or the other.
>
>
>
> Thanks!
>
>
>
> Ben.
>
>
>
> On Mar 20, 2022, at 10:47 AM, Chris Wendt <chris-ietf@chriswendt.net>
> wrote:
>
>
>
> Hi Henning,
>
>
>
> Just to focus on call-reason for passport-rcd at the moment, we do have
> that, it is an independent claim “crn” explicitly separate from the “rcd”
> claim. It is defined in same passport-rcd document, but that doesn’t change
> how it’s defined or used. I think one hopefully simple fix is to maybe
> reference Subject as a mapping for this claim and maybe point to
> callinfo-rcd in a more generic way that we can further discuss subject vs
> callinfo in the sipcore draft as we move that forward.  As i understand it,
> most implementations are focused on passport-rcd at the moment, so i don’t
> want to hold that up if possible.
>
>
>
> To everyone,
>
>
>
> It would be great to get further input on this whether anyone has strong
> feelings about using Subject vs callinfo parameter call-reason.  I have the
> sense that there isn’t yet much implementation if any at all (of
> callinfo/call-reason, i believe there is implementation of passport-rcd
> “crn”), and there won't strong feeling one way or the other, but if anyone
> does have strong feelings please speak up.
>
>
>
> -Chris
>
>
>
> On Mar 19, 2022, at 3:25 PM, Henning Schulzrinne <hgs@cs.columbia.edu>
> wrote:
>
>
>
> Hi Chris,
>
>
>
> tl;dr: My suggestions are: (1) leave call purpose out
> of draft-ietf-stir-passport-rcd; (2) drop call-purpose
> from draft-ietf-sipcore-call-info-rcd; (3) consider a new JWT claim
> "subject" [or whatever] that encapsulates the signed call purpose in the
> future.
>
>
>
> More details inline below.
>
>
>
> On Fri, Mar 18, 2022 at 5:17 PM Chris Wendt <chris-ietf@chriswendt.net>
> wrote:
>
> Hi Henning,
>
>
>
> I understand what you are saying.  I do however think there is reasons to
> protect call-reason/Subject of call.  I think these situations are mostly
> in the context of delegation to perhaps a call center, where you have
> authorized them to represent your company in particular ways, including not
> only your identity, but for different context of calls that you have
> authorized them to represent you.  We all know there is some call centers
> that use call identities with good reputation for customers that may
> exploit that reputation for other customers.  I would look at this as
> similar situation.
>
>
>
> I think we generally agree - your example of a call center is probably, in
> my view, the most likely case where some indication of call purpose will be
> used, probably with explicit arrangement with the carrier. This may well
> turn out to be similar to the current model for SMS, where (in the US and
> some other countries) you'll have to register your "campaign" with the
> carrier or designated third party. This may even take the notion of a
> template ("This call is about your recent order from {date}") that can be
> auto-enforced. It's clear that carriers seem quite concerned about their
> individual customers messaging, in volume, to their subscribers, given the
> abuse.
>
>
>
>
>
> There is also potential for future of Subject/call-reason to be more than
> just a text string.
>
>
>
> I suspect that's best handled separately, once we have a clearer use case.
> I don't think we can just stick this into call-reason without all kinds of
> backwards-compatibility issues.
>
>
>
>
>
> I’m struggling a bit on your point that we should sign some data but not
> other data because it is less likely to be manipulated.  Is that the bar we
> should be striving for here? Seems to conflict with my understanding of
> some of the goals.
>
>
>
> Maybe this indicates that we should be clearer on the goals. My take on
> the value of STIR "classic" (for TNs) is that the main purpose of signing
> is to make it clear who is responsible for the information provided - thus,
> the whole discussion of A/B/C attestation. Indeed, the experience seems to
> indicate that C-level attestation is actually a signal for a robocall,
> i.e,. C-level calls are *more* likely to be robocalls than unsigned calls.
> A/B/C obviously have the same cryptographic strength and all prevent
> modification by third parties.
>
>
>
> I don't think that carrier manipulation of the caller information (except
> in various normalization ways) has ever been a major problem - it's
> originator (OSP or end user) spoofing. This is rather different than the
> typical threat model where the originator worries about evil Mallory
> changing their data, e.g., by redirecting a money transfer to them.
>
>
>
> But for call-purpose, this is less relevant - this is clearly (mostly)
> useful if inserted by the originating caller, and unlike for A-level
> attestation, the carrier can't really validate that the message is
> truthful. How would it know that "You have won a cruise!" in the
> call-purpose/Subject was correct or a scam? Indeed, as mentioned, if I were
> a carrier, I'd never want to attest to that purpose, as somebody could
> reasonably claim that the carrier should have known that the recipients
> hadn't won anything.
>
>
>
> This is the main reason that I think this should be a separate claim - if
> anybody should sign/attest this, it's the enterprise call center and only
> that call center.
>
>
>
>
>
> Why not have the framework that we can do that.  You are free to protect
> or not protect data depending on your own policy.
>
>
>
> Nothing wrong as such. My argument is that RCD and call-purpose/Subject
> are very different, so they shouldn't be in the *same* framework. If we
> need Subject/call-purpose, they should be in separate claims, for the
> operational reasons mentioned.
>
>
>
>
>
> I guess i want to be sure whether you are reacting to us not using Subject
> vs call-info as a common container for “rich call data” related info or
> that we have both call-info and ‘rcd’ as a container for Rich Call Data
> more generally?  I think there is many reasons why we landed there, we can
> re-hash that in the context of call-info vs subject.  I would be less
> excited about re-hashing it for passport/rcd.
>
>
>
> For the reasons above, I think this is a bad idea for both cases, in
> my view. It's worse for Call-Info, because of the duplication of existing
> functionality.
>
>
>
> To use an analogy: The RCD is mostly like a business card. We don't
> typically write our contracts and messages on business cards - we might
> staple our business card to a note.
>
>
>
> My constructive suggestion is to create a separate claim if needed. (My
> understanding is that rcd-14 does not contain the call purpose, so this is
> the current state.)
>
>
>
>
>
> I do believe both of these frameworks need to be extensible, i don’t think
> we are finished.  We can define more passport extensions, but at the same
> time, do we want to redefine “rcd” and “rcdi” for new passport extensions?
>
>
>
> No, we should create, in my view, a separate document that focuses on
> signing the call purpose, expressed either as Subject (as the compact form)
> or an explicit JWT claim, such as "subject".
>
>
>
>
>
> -Chris
>
>
>
>
>
>
>
> _______________________________________________
> sipcore mailing list
> sipcore@ietf.org
> https://www.ietf.org/mailman/listinfo/sipcore
> <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsipcore&data=04%7C01%7Cpierce.gorman%40t-mobile.com%7C8f7f691977104a02c56e08da1cc1a356%7Cbe0f980bdd994b19bd7bbc71a09b026c%7C0%7C0%7C637853915250872762%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=7vp%2Fn9jfcrDCenYXJ6w9ePzAHCGBriNtxv4MqYlrAAM%3D&reserved=0>
>
>
> _______________________________________________
> sipcore mailing list
> sipcore@ietf.org
> https://www.ietf.org/mailman/listinfo/sipcore
>

v2.23.0 | Report a Bug | By Email