Re: [sipcore] [stir] draft-ietf-sipcore-callinfo-04 (call-reason)
Ranjit Avasarala <ranjitkav12@gmail.com> Tue, 12 April 2022 20:47 UTC
Return-Path: <ranjitkav12@gmail.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 998A63A1763; Tue, 12 Apr 2022 13:47:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.257
X-Spam-Level:
X-Spam-Status: No, score=-1.257 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, GB_ABOUTYOU=0.5, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WYrxQXQLBabf; Tue, 12 Apr 2022 13:47:13 -0700 (PDT)
Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D5763A179F; Tue, 12 Apr 2022 13:46:51 -0700 (PDT)
Received: by mail-ej1-x635.google.com with SMTP id i27so39676401ejd.9; Tue, 12 Apr 2022 13:46:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=UXdzH9bZa3eSWG6sAZRgNbs7a0CnwwLcCPVzPoYkJnk=; b=CbTVDQzseKvZ7naghjoSwohn7pO8UaaNDJougE6GsWjFp96qW5GLmqNFsyRwDwMbwu UOlUcQazkrB8JOpgGWMWLsqgAo+lnypfj7HWa+dkZqctKGOKHHrzEWmnM9YHyQH8NSVL Tnb8/LAUxxBvPaTJ9kRKk0g4tHk87Qj6Avq7bQAUL+jxC2s2AHlkIDLEqX2+57Khhscf 7EdBMYS+iei4Bb52RmiElqM9V6mU8snwS55YJIYh/Fhol9HWqV1c3keX+2Mmj9n18GPK cmxvkk7qW2YPoAiOtAjFXGttth7AaI1Q0ypAlB20y8DLfIRKX+J6CBJclMaNM5N7Te++ TUGQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=UXdzH9bZa3eSWG6sAZRgNbs7a0CnwwLcCPVzPoYkJnk=; b=WP+YnSG/MvpvsU9zklZ3tCwpweWo4dH5ThC+ZEWgOJ6V7prSmmssEuxXD5iwmr4Y82 zEwDXOeRe7sSMo8oMSyQ+WSVVVzB3S/gxKMCVxz+pHzyehWlYFzqMDVsJQkv9O0IuDaS fLoRCc/U7Kq8SwyzFSbkbuDG5eYU1SlYJzQnLXX7HA1F9ftljwnAP1y8i/WlJ1km2oTo +xY+uuRjtHsvHWK9bvXVRF/P1jwArYgIV2GAEWlaGt9O1BJ7gZlUvLH459vliLtRAiAc o3EYwCfHdLAcmDKeRC1v0qSwoUOSlGJ7mE342M6xafgr5VvZIAYvcfGmKHpgtG4AN+wl No9Q==
X-Gm-Message-State: AOAM532h3tm4YT/wezPYnn152TjiKFPd1XPQ1l81s7sXok+0zZqVwu9a Di/thnDNo41VF96wJIk39NtOhS4f0/2UxZWesm9DnYun
X-Google-Smtp-Source: ABdhPJxGJerkmzOVgvMpLGywP8Otoh/joII0Xc5HnHk+kDZ4j9L2fOrH9E1ekMk64Nnbsm4Byfh7dC7R5h/L9MEbDKU=
X-Received: by 2002:a17:906:c344:b0:6b4:c768:4a9a with SMTP id ci4-20020a170906c34400b006b4c7684a9amr36622401ejb.151.1649796409200; Tue, 12 Apr 2022 13:46:49 -0700 (PDT)
MIME-Version: 1.0
References: <CACgrgBbUASA4HTukPwZL9V=8XOMTx_keZcDh-pVc0eSJYtVS8w@mail.gmail.com> <86BE36F5-7CFE-48BE-B0A7-7458B67EB208@chriswendt.net> <CACgrgBYVi2rJv0BCFf3UxmjtSJHXRuFw+gbHsQm0Uo0Dr3J8Mw@mail.gmail.com> <51718867-9092-4423-B895-8069A8AF3D07@chriswendt.net> <CACgrgBZNXc0zcn7O9z2TS4_r5OGTsde7euMxcz_SqDO35pJASw@mail.gmail.com> <28766342-130D-4FED-AD38-7A817D4B525B@chriswendt.net> <97AB0ACC-011C-48F8-826A-2E7238485D30@nostrum.com> <BYAPR02MB4168AC85059C24E4D6186387D2ED9@BYAPR02MB4168.namprd02.prod.outlook.com>
In-Reply-To: <BYAPR02MB4168AC85059C24E4D6186387D2ED9@BYAPR02MB4168.namprd02.prod.outlook.com>
From: Ranjit Avasarala <ranjitkav12@gmail.com>
Date: Tue, 12 Apr 2022 15:46:38 -0500
Message-ID: <CAFXT-pvfDq-c6E=Ad+k7UDMOJUhKbK7n76Gq9wnzYPb5SvTiBg@mail.gmail.com>
To: "Gorman, Pierce" <Pierce.Gorman@t-mobile.com>
Cc: Ben Campbell <ben@nostrum.com>, Chris Wendt <chris-ietf@chriswendt.net>, IETF STIR Mail List <stir@ietf.org>, SIPCORE <sipcore@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ec17cb05dc7b286a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/cmx4LThrZa3EoXQoPYmNcx0qR2c>
Subject: Re: [sipcore] [stir] draft-ietf-sipcore-callinfo-04 (call-reason)
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Apr 2022 20:47:26 -0000
Depends on policy, but they could be passed thru to if needed Regards Ranjit On Tue, Apr 12, 2022 at 3:23 PM Gorman, Pierce <Pierce.Gorman@t-mobile.com> wrote: > I assume Call-Info or Subject are likely to be stripped by SBCs. > > > > > > *From:* stir <stir-bounces@ietf.org> *On Behalf Of * Ben Campbell > *Sent:* Tuesday, April 12, 2022 3:18 PM > *To:* Chris Wendt <chris-ietf@chriswendt.net> > *Cc:* IETF STIR Mail List <stir@ietf.org>; SIPCORE <sipcore@ietf.org>; > Henning Schulzrinne <hgs@cs.columbia.edu> > *Subject:* Re: [stir] [sipcore] draft-ietf-sipcore-callinfo-04 > (call-reason) > > > > *[External]* > > > > (as individual) > > > > (as individual) > > > > Apologies for coming to this thread late. > > > > I agree we should keep the crn claim for “rcd” passports at this point. I > also understand there to be some implementations that either use it or plan > to use it.. > > > > I don’t have a strong opinion on the Callinfo param vs Subject question, > as long as we have a consistent mapping. I guess there is the question of > whether SBCs will mess with either, but I don’t know if that is more likely > for one or the other. > > > > Thanks! > > > > Ben. > > > > On Mar 20, 2022, at 10:47 AM, Chris Wendt <chris-ietf@chriswendt.net> > wrote: > > > > Hi Henning, > > > > Just to focus on call-reason for passport-rcd at the moment, we do have > that, it is an independent claim “crn” explicitly separate from the “rcd” > claim. It is defined in same passport-rcd document, but that doesn’t change > how it’s defined or used. I think one hopefully simple fix is to maybe > reference Subject as a mapping for this claim and maybe point to > callinfo-rcd in a more generic way that we can further discuss subject vs > callinfo in the sipcore draft as we move that forward. As i understand it, > most implementations are focused on passport-rcd at the moment, so i don’t > want to hold that up if possible. > > > > To everyone, > > > > It would be great to get further input on this whether anyone has strong > feelings about using Subject vs callinfo parameter call-reason. I have the > sense that there isn’t yet much implementation if any at all (of > callinfo/call-reason, i believe there is implementation of passport-rcd > “crn”), and there won't strong feeling one way or the other, but if anyone > does have strong feelings please speak up. > > > > -Chris > > > > On Mar 19, 2022, at 3:25 PM, Henning Schulzrinne <hgs@cs.columbia.edu> > wrote: > > > > Hi Chris, > > > > tl;dr: My suggestions are: (1) leave call purpose out > of draft-ietf-stir-passport-rcd; (2) drop call-purpose > from draft-ietf-sipcore-call-info-rcd; (3) consider a new JWT claim > "subject" [or whatever] that encapsulates the signed call purpose in the > future. > > > > More details inline below. > > > > On Fri, Mar 18, 2022 at 5:17 PM Chris Wendt <chris-ietf@chriswendt.net> > wrote: > > Hi Henning, > > > > I understand what you are saying. I do however think there is reasons to > protect call-reason/Subject of call. I think these situations are mostly > in the context of delegation to perhaps a call center, where you have > authorized them to represent your company in particular ways, including not > only your identity, but for different context of calls that you have > authorized them to represent you. We all know there is some call centers > that use call identities with good reputation for customers that may > exploit that reputation for other customers. I would look at this as > similar situation. > > > > I think we generally agree - your example of a call center is probably, in > my view, the most likely case where some indication of call purpose will be > used, probably with explicit arrangement with the carrier. This may well > turn out to be similar to the current model for SMS, where (in the US and > some other countries) you'll have to register your "campaign" with the > carrier or designated third party. This may even take the notion of a > template ("This call is about your recent order from {date}") that can be > auto-enforced. It's clear that carriers seem quite concerned about their > individual customers messaging, in volume, to their subscribers, given the > abuse. > > > > > > There is also potential for future of Subject/call-reason to be more than > just a text string. > > > > I suspect that's best handled separately, once we have a clearer use case. > I don't think we can just stick this into call-reason without all kinds of > backwards-compatibility issues. > > > > > > I’m struggling a bit on your point that we should sign some data but not > other data because it is less likely to be manipulated. Is that the bar we > should be striving for here? Seems to conflict with my understanding of > some of the goals. > > > > Maybe this indicates that we should be clearer on the goals. My take on > the value of STIR "classic" (for TNs) is that the main purpose of signing > is to make it clear who is responsible for the information provided - thus, > the whole discussion of A/B/C attestation. Indeed, the experience seems to > indicate that C-level attestation is actually a signal for a robocall, > i.e,. C-level calls are *more* likely to be robocalls than unsigned calls. > A/B/C obviously have the same cryptographic strength and all prevent > modification by third parties. > > > > I don't think that carrier manipulation of the caller information (except > in various normalization ways) has ever been a major problem - it's > originator (OSP or end user) spoofing. This is rather different than the > typical threat model where the originator worries about evil Mallory > changing their data, e.g., by redirecting a money transfer to them. > > > > But for call-purpose, this is less relevant - this is clearly (mostly) > useful if inserted by the originating caller, and unlike for A-level > attestation, the carrier can't really validate that the message is > truthful. How would it know that "You have won a cruise!" in the > call-purpose/Subject was correct or a scam? Indeed, as mentioned, if I were > a carrier, I'd never want to attest to that purpose, as somebody could > reasonably claim that the carrier should have known that the recipients > hadn't won anything. > > > > This is the main reason that I think this should be a separate claim - if > anybody should sign/attest this, it's the enterprise call center and only > that call center. > > > > > > Why not have the framework that we can do that. You are free to protect > or not protect data depending on your own policy. > > > > Nothing wrong as such. My argument is that RCD and call-purpose/Subject > are very different, so they shouldn't be in the *same* framework. If we > need Subject/call-purpose, they should be in separate claims, for the > operational reasons mentioned. > > > > > > I guess i want to be sure whether you are reacting to us not using Subject > vs call-info as a common container for “rich call data” related info or > that we have both call-info and ‘rcd’ as a container for Rich Call Data > more generally? I think there is many reasons why we landed there, we can > re-hash that in the context of call-info vs subject. I would be less > excited about re-hashing it for passport/rcd. > > > > For the reasons above, I think this is a bad idea for both cases, in > my view. It's worse for Call-Info, because of the duplication of existing > functionality. > > > > To use an analogy: The RCD is mostly like a business card. We don't > typically write our contracts and messages on business cards - we might > staple our business card to a note. > > > > My constructive suggestion is to create a separate claim if needed. (My > understanding is that rcd-14 does not contain the call purpose, so this is > the current state.) > > > > > > I do believe both of these frameworks need to be extensible, i don’t think > we are finished. We can define more passport extensions, but at the same > time, do we want to redefine “rcd” and “rcdi” for new passport extensions? > > > > No, we should create, in my view, a separate document that focuses on > signing the call purpose, expressed either as Subject (as the compact form) > or an explicit JWT claim, such as "subject". > > > > > > -Chris > > > > > > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsipcore&data=04%7C01%7Cpierce.gorman%40t-mobile.com%7C8f7f691977104a02c56e08da1cc1a356%7Cbe0f980bdd994b19bd7bbc71a09b026c%7C0%7C0%7C637853915250872762%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=7vp%2Fn9jfcrDCenYXJ6w9ePzAHCGBriNtxv4MqYlrAAM%3D&reserved=0> > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore >
- [sipcore] draft-ietf-sipcore-callinfo-04 (call-re… Henning Schulzrinne
- Re: [sipcore] draft-ietf-sipcore-callinfo-04 (cal… Chris Wendt
- Re: [sipcore] draft-ietf-sipcore-callinfo-04 (cal… Henning Schulzrinne
- Re: [sipcore] draft-ietf-sipcore-callinfo-04 (cal… Henning Schulzrinne
- Re: [sipcore] [stir] draft-ietf-sipcore-callinfo-… Holmes, David
- Re: [sipcore] draft-ietf-sipcore-callinfo-04 (cal… Chris Wendt
- Re: [sipcore] draft-ietf-sipcore-callinfo-04 (cal… Henning Schulzrinne
- Re: [sipcore] draft-ietf-sipcore-callinfo-04 (cal… Chris Wendt
- Re: [sipcore] draft-ietf-sipcore-callinfo-04 (cal… Richard Shockey
- Re: [sipcore] draft-ietf-sipcore-callinfo-04 (cal… Ben Campbell
- Re: [sipcore] [stir] draft-ietf-sipcore-callinfo-… Gorman, Pierce
- Re: [sipcore] [stir] draft-ietf-sipcore-callinfo-… Ranjit Avasarala
- Re: [sipcore] [stir] draft-ietf-sipcore-callinfo-… Gorman, Pierce
- Re: [sipcore] [stir] draft-ietf-sipcore-callinfo-… Ranjit Avasarala
- Re: [sipcore] [stir] draft-ietf-sipcore-callinfo-… Gorman, Pierce
- Re: [sipcore] [stir] draft-ietf-sipcore-callinfo-… DOLLY, MARTIN C
- Re: [sipcore] [stir] draft-ietf-sipcore-callinfo-… Asveren, Tolga
- Re: [sipcore] [stir] draft-ietf-sipcore-callinfo-… Ranjit Avasarala
- Re: [sipcore] [stir] draft-ietf-sipcore-callinfo-… Ben Campbell
- Re: [sipcore] [EXTERNAL] Re: [stir] draft-ietf-si… Asveren, Tolga
- Re: [sipcore] [stir] draft-ietf-sipcore-callinfo-… Chris Wendt