Re: [sipcore] I-D Action: draft-ietf-sipcore-rejected-02.txt
Eric Burger <eburger@standardstrack.com> Wed, 02 January 2019 17:44 UTC
Return-Path: <eburger@standardstrack.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02700130934 for <sipcore@ietfa.amsl.com>; Wed, 2 Jan 2019 09:44:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.689
X-Spam-Level:
X-Spam-Status: No, score=-1.689 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, T_SPF_PERMERROR=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=standardstrack.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fjcKM_5-avVg for <sipcore@ietfa.amsl.com>; Wed, 2 Jan 2019 09:44:30 -0800 (PST)
Received: from biz221.inmotionhosting.com (biz221.inmotionhosting.com [198.46.93.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66761130EBB for <sipcore@ietf.org>; Wed, 2 Jan 2019 09:44:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=standardstrack.com; s=default; h=References:To:Cc:In-Reply-To:Date:Subject: Mime-Version:Content-Type:Message-Id:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=m0oFwI00iTwk/MGKeJXUcb3Q5/EU67iC2QZdlZVF/rc=; b=X5gLpcWgqzNRvyimpildRXbCt yd/+TJHjK9QENhQt9jHWk4jW/tO7chjrP6hqrgfpGWGiD5ZtzLOGwXxPqnYLqKttIF1U+/2nBd4TY XdlNLqP85gnd4+b2jL8u1n7E8TORm+NMsFwA6kxoaUC2uCHzcaL6Muy26579cTJsQrPvs=;
Received: from [174.204.22.174] (port=2612 helo=[192.168.43.104]) by biz221.inmotionhosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from <eburger@standardstrack.com>) id 1gekZ5-009Cla-KP; Wed, 02 Jan 2019 09:44:29 -0800
From: Eric Burger <eburger@standardstrack.com>
Message-Id: <FD63319A-2BDA-475F-9E2A-EC48784A1B1F@standardstrack.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_07AE83ED-A77F-4B31-8551-36C1702FB02B"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Wed, 02 Jan 2019 12:44:21 -0500
In-Reply-To: <BN6PR03MB280280F46028853890B4DC0CA5B10@BN6PR03MB2802.namprd03.prod.outlook.com>
Cc: "sipcore@ietf.org" <sipcore@ietf.org>
To: "Asveren, Tolga" <tasveren@rbbn.com>
References: <154603356727.21662.4937819323227360735@ietfa.amsl.com> <F46F2CA3-B71E-4CE5-8798-27B4CADD405B@standardstrack.com> <BN6PR03MB280280F46028853890B4DC0CA5B10@BN6PR03MB2802.namprd03.prod.outlook.com>
X-Mailer: Apple Mail (2.3273)
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - biz221.inmotionhosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - standardstrack.com
X-Get-Message-Sender-Via: biz221.inmotionhosting.com: authenticated_id: eburger+standardstrack.com/only user confirmed/virtual account not confirmed
X-Authenticated-Sender: biz221.inmotionhosting.com: eburger@standardstrack.com
X-Source:
X-Source-Args:
X-Source-Dir:
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/fjUao1TXrR69f-A2d-SEzgfNRWI>
Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-rejected-02.txt
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jan 2019 17:44:33 -0000
Tolga - As always, thanks for your review! Thoughts inline. > On Dec 30, 2018, at 9:26 AM, Asveren, Tolga <tasveren@rbbn.com> wrote: > > Looks good to me with a few comments: > > i- > 1. Introduction > > As > described below, we need a distinct indicator to differentiate > between a user rejection and an intermediary's rejection of a call. > In some jurisdictions, calls, even if unwanted by the user, may not > be blocked unless there is an explicit user request. > [TOLGA] I agree with the intend but the wording could be improved IMHO to clarify that 607 is not an “explicit user request”. Maybe by just adding “by other means” to the end of the last sentence? 607 is explicit user request, vs. 608 which is only a guess as to the user’s desire. In many jurisdictions, carriers have an obligation to complete (not block) calls, unless they are obviously illegal or the user explicitly requests blocking the call. What if we put this into active voice? This document describes a new SIP response code, 608, which allows calling parties to learn an intermediary rejected their call. As described below, we need a distinct indicator to differentiate between a user rejection and an intermediary's rejection of a call. In some jurisdictions, an intermediary can only block calls calls if there is an explicit user request. By giving legitimate callers the ability to correct blocks in error, some jurisdictions may decide to allow for intermediaries to block calls with implicit user request. > Specifically, this code informs the UAC an > intermediary blocked the call and provide a redress mechanism, > specifically how to contact the operator of the intermediary. > [TOLGA] Couldn’t blocking be done also by the terminating SP and 608 still would be applicable AFAICS. “Intermediary” may cause confusion. It could be an idea to replace it with “an operator on the call path including intermediary operators”. > However, things get more complicated if an intermediary, such as a > third-party provider of call management services that classify calls > based on the relative likelihood the call is unwanted, misidentifies > the call as unwanted. > [TOLGA] Similar comment as the previous one. I was thinking ‘intermediary’ in the SIP sense. I was struggling what to call it. Technically, it’s just the UAS, because that’s where the INVITE terminates. However, that is too easy to confuse with the UAS of the INVITE target. I didn’t want to use ‘Proxy’ or B2BUA, because who knows if that’s what it will be. Do you (or anyone else) have a better term? > ii- > 3.3. UAC Operation > A UAC conforming to this specification MUST include the sip.608 > feature capability tag in the INVITE request. > [TOLGA]What about other requests? > What about a registering end point indicating support in REGISTER Contact? I think the idea is that it still adds sip.608 to the request as well. It could be good to add a clarification about this case. > I think sip.608 means support for jCard as well. That IMHO is a taller order than just supporting a new response code. IMHO it could be good that always “Your calling number is blocked. Please contact the blocking organization based on the following information. Please contact your Originating SP if you don’t see any additional information” is displayed on the UAC upon receipt of 608. Well… If you write code to explicitly deal with sip.608, as opposed to just generically handling 6xx), you get to support a JWT encoding of a jCard, including all the PKI support that implies. I.e., the jCard part is the least of your worries. Saying “contact your Originating SP” will be as useful as “Configure your STUN server [to electrocute yourself].” I.e., that will be meaningless information to Joe Average User. That’s also why I didn’t bother to include a multipart/alternate with a text version of the jCard. Either you understand sip.608 or you don’t. Am I being too strict here? > iii- > 3.4. Legacy Interoperation > [TOLGA] A malicious UAC may drain Operator announcement resources by placing many calls with a blocked calling-Id and not signaling sip.608. This can be remedied by playing announcement only once for each blocked calling-Id, or for every nth call, or only when announcement resources are idle. Granted, this could cause some hiccups if the same calling-Id is used by many UACs but still worth mentioning IMHO. I like the idea. If it is a legal caller, then it’s likely a call center, and one announcement should be enough. If it is a spammer reusing the same calling-id, then who cares if they don’t get the message? > > > Thanks, > Tolga > > > > [Cross-posted to IP-NNI, NNI, and STIR lists; please keep any discussion on the SIPCORE list] > > > What do we have here? This version is resistant to replay attacks. It also lets us trace jCards, if we wish. > > I think it’s done, but I’m sure there are glaring holes that could be filled. > > Please review. > > Thanks, and Happy New Year.
- [sipcore] I-D Action: draft-ietf-sipcore-rejected… internet-drafts
- Re: [sipcore] I-D Action: draft-ietf-sipcore-reje… Eric Burger
- Re: [sipcore] I-D Action: draft-ietf-sipcore-reje… Asveren, Tolga
- Re: [sipcore] I-D Action: draft-ietf-sipcore-reje… Eric Burger
- Re: [sipcore] I-D Action: draft-ietf-sipcore-reje… Asveren, Tolga