Re: [sipcore] Updated 4244bis and new call flow document
Mary Barnes <mary.ietf.barnes@gmail.com> Mon, 26 July 2010 06:37 UTC
Return-Path: <mary.ietf.barnes@gmail.com>
X-Original-To: sipcore@core3.amsl.com
Delivered-To: sipcore@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DA7FE3A69F6 for <sipcore@core3.amsl.com>; Sun, 25 Jul 2010 23:37:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.32
X-Spam-Level:
X-Spam-Status: No, score=-2.32 tagged_above=-999 required=5 tests=[AWL=0.278, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pKR4YujdBT85 for <sipcore@core3.amsl.com>; Sun, 25 Jul 2010 23:37:21 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by core3.amsl.com (Postfix) with ESMTP id CF8213A6A17 for <sipcore@ietf.org>; Sun, 25 Jul 2010 23:35:19 -0700 (PDT)
Received: by iwn38 with SMTP id 38so2717872iwn.31 for <sipcore@ietf.org>; Sun, 25 Jul 2010 23:34:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=Pa//1+yeuigPMFkLXFghfDO865jaFekClJgyKr+xFH0=; b=SbA9pJn0IeJ1BLoUaUN3EgIdyBhrYH/rDodOLlv5qu8MJLQkIB9oFdZFkyxmXzuniF Ka/H+r7pBmFQzUY/Jk+rtd8u6iL1GBBGmjy2aCxYFjrUSuWf6GgpAXfIdVnd52BFZG4J 1Oe7x7KNFyi5jkq9VdkiiKOr3oYo/LUVrvJ9Y=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=YVTFSOr0lKn8eqUF1LtLV2gaYoQTclDFtLV+dk641ofw8o9BIRHTa4MHXSAhORoMEo RzsN9gS17YXxQKrXyb4ukWW3s8kL7gI0VKtyOgxlvYjgWdgYovSbu8IP4U05Hql94Deh ErCgfAJ9uabdqoXR40n4BgxMs0N0BVgZ3u2ik=
MIME-Version: 1.0
Received: by 10.231.146.196 with SMTP id i4mr7505692ibv.110.1280126098642; Sun, 25 Jul 2010 23:34:58 -0700 (PDT)
Received: by 10.231.169.14 with HTTP; Sun, 25 Jul 2010 23:34:58 -0700 (PDT)
In-Reply-To: <EDC0A1AE77C57744B664A310A0B23AE214ADDBBD@FRMRSSXCHMBSC3.dc-m.alcatel-lucent.com>
References: <AANLkTim-f7vZ1IFS3WhVS9G8Mg1dhueN8tevLb_xDRR1@mail.gmail.com> <AANLkTilRRmWt30XOp3VKn2Xtzv71-EDUfyyUSOb0J3Bk@mail.gmail.com> <9886E5FCA6D76549A3011068483A4BD4065E732E@S4DE8PSAAQB.mitte.t-com.de> <4C49951C.8050202@cisco.com> <EDC0A1AE77C57744B664A310A0B23AE214925C62@FRMRSSXCHMBSC3.dc-m.alcatel-lucent.com> <4C49A337.3010503@cisco.com> <EDC0A1AE77C57744B664A310A0B23AE214ADDBBD@FRMRSSXCHMBSC3.dc-m.alcatel-lucent.com>
Date: Mon, 26 Jul 2010 01:34:58 -0500
Message-ID: <AANLkTikt8DLrnnoBcGFHj6RbWi3t-wJmnNJknJ8tR71A@mail.gmail.com>
From: Mary Barnes <mary.ietf.barnes@gmail.com>
To: "DRAGE, Keith (Keith)" <keith.drage@alcatel-lucent.com>
Content-Type: multipart/alternative; boundary="0016e64ec4cc6099c6048c449504"
Cc: "sipcore@ietf.org" <sipcore@ietf.org>, "R.Jesske@telekom.de" <R.Jesske@telekom.de>
Subject: Re: [sipcore] Updated 4244bis and new call flow document
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sipcore>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jul 2010 06:37:23 -0000
Yes - the use of trust domain in this document is intended to be that defined in RFC 3325. The use of the term "responsible domain" is based on core RFC 3261 - e.g., "....domains the proxy is configured to be responsible for" as noted in section 16.4. RFC 4244 did not introduce any new definitions or concepts wrt domains/trust domains and relies entirely on RFC3261 and RFC3325 for these concepts. I can't see that the text in RFC 4244bis contradicts with the usages of the terms defined in those RFCs. But, I might be too familiar with the doc to see that. Thanks, Mary. On Mon, Jul 26, 2010 at 1:22 AM, DRAGE, Keith (Keith) < keith.drage@alcatel-lucent.com> wrote: > I suspect the text was meant to mean trust domain as in RFC 3325. > > Note that it is not necessarily the RFC 3325 trust domain (different > headers can have different trust domains). But it does need to do a similar > job to RFC 3324/3325 in defining the concept of the trust domain. > > regards > > Keith > > > -----Original Message----- > > From: Paul Kyzivat [mailto:pkyzivat@cisco.com] > > Sent: Friday, July 23, 2010 3:12 PM > > To: DRAGE, Keith (Keith) > > Cc: R.Jesske@telekom.de; sipcore@ietf.org > > Subject: Re: [sipcore] Updated 4244bis and new call flow document > > > > Keith, > > > > You raise a good point. It forced me to go back and review > > 3323 and 3325. > > > > 3323 defines a "privacy service" which the UAC can use to > > assist it in obtaining privacy. The UAC is expected to > > arrange for its requests to be routed through a privacy service. > > > > The notion of trust domain is introduced in 3325. It > > introduces the "id" > > privacy value, which is to be removed at the boundary of the > > trust domain, but not before then. It doesn't say anything > > about where privacy services exist in the network. Its my > > assumption that there must be a privacy service on the > > boundary of the trust domain that acts on the "id" privacy > > type. But this is not explict. And even if this is implied, > > its hard to say if it would be a full privacy service that > > can be counted upon to act upon other privacy types in the request. > > > > Hence, a UAC that wishes "header" or "session" privacy has > > nothing better to go on than 3323, which recommends that it > > route its outbound request directly to a privacy service. If > > that privacy service is compliant with 4244bis, it will > > anonymize what is in the H-I header at that time. But then > > any entries added downstream of that point will not be anonymized. > > > > So I think there really is something wrong with the referenced text. > > If the use of "domain" was intended to be "trust domain" then > > its dependent on 3325. If it was intended to mean "DNS > > domain", then its still implying there is a privacy service > > that will magically be traversed when leaving the DNS domain. > > > > Thanks, > > Paul > > > > DRAGE, Keith (Keith) wrote: > > > If we are going to talk about trust domains in the > > document, then you will have to say what they are. > > > > > > For the RFC 3325 stuff there is most of a document that > > talks about that. Moreover, you need to say what to "trust" > > the next entity to do if you do not do it. > > > > > > To give some idea of what I mean. Statements like "I will > > give you the identity if you do not reveal it to anyone > > outside our area of trust" are slightly different to "I trust > > you to implement the privacy that I otherwise would have done > > so if I did not trust you". > > > > > > regards > > > > > > Keith > > > > > >> -----Original Message----- > > >> From: sipcore-bounces@ietf.org > > >> [mailto:sipcore-bounces@ietf.org] On Behalf Of Paul Kyzivat > > >> Sent: Friday, July 23, 2010 2:12 PM > > >> To: R.Jesske@telekom.de > > >> Cc: sipcore@ietf.org > > >> Subject: Re: [sipcore] Updated 4244bis and new call flow document > > >> > > >> > > >> > > >> R.Jesske@telekom.de wrote: > > >>> Hi Mary, > > >>> With regard to your question for comments/review, I went > > >> thought the draft. > > >>> For http://www.ietf.org/id/draft-ietf-sipcore-rfc4244bis-01.txt > > >>> > > >>> I have the following comments: > > >>> > > >>> > > >>> 6.3.2. Privacy in the History-Info Header > > >>> > > >>> ... > > >>> If the requestor has indicated a priv- > > >>> value of "session" or "header" in the request, all History-Info > > >>> entries MUST be anonymized when the request leaves a > > >> domain for which > > >>> the intermediary is responsible. > > >>> ... > > >>> > > >>> In this section it is mentioned that the entries must be > > >> anonymized when leaving the domain. I thought that if a trust > > >> relationship between domains are existing and the following domain > > >> secures the "privacy" then the information could be forwarded and > > >> will then deleted by the succeeding domain before reaching the > > >> terminating user. > > >>> Some regulators are requesting to pass identities until the > > >> last domain where it is possible to execute the privacy regarding > > >> RFC3323. So I think this is a MAY based on domain policy. > > And it is a > > >> MUST when the succeeding network cannot guarantee the privacy. > > >>> Or do I misunderstand the meaning of "domain for which the > > >> intermediary is responsible" > > >> > > >> I'm not an expert on this, but ISTM that in the case you > > describe the > > >> request is not leaving the *trust* domain. > > >> > > >> But that does point out ambiguity in the text you quote. > > That kind of > > >> wording "domain for which the intermediary is responsible" > > is usually > > >> talking about *DNS* domains, not > > >> *trust* domains. So maybe that should say: > > >> > > >> ... > > >> If the requestor has indicated a priv-value of "session" > > or "header" > > >> in the request, all History-Info entries MUST be > > anonymized when the > > >> request leaves a *trust* domain for which the intermediary is > > >> responsible. > > >> ... > > >> > > >> Thanks, > > >> Paul > > >> _______________________________________________ > > >> sipcore mailing list > > >> sipcore@ietf.org > > >> https://www.ietf.org/mailman/listinfo/sipcore > > >> > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore >
- [sipcore] Updated 4244bis and new call flow docum… Mary Barnes
- Re: [sipcore] Updated 4244bis and new call flow d… Mary Barnes
- Re: [sipcore] Updated 4244bis and new call flow d… R.Jesske
- Re: [sipcore] Updated 4244bis and new call flow d… Paul Kyzivat
- Re: [sipcore] Updated 4244bis and new call flow d… DRAGE, Keith (Keith)
- Re: [sipcore] Updated 4244bis and new call flow d… Paul Kyzivat
- Re: [sipcore] Updated 4244bis and new call flow d… marianne.mohali
- Re: [sipcore] Updated 4244bis and new call flow d… Mary Barnes
- Re: [sipcore] Updated 4244bis and new call flow d… Shida Schubert
- Re: [sipcore] Updated 4244bis and new call flow d… DRAGE, Keith (Keith)
- Re: [sipcore] Updated 4244bis and new call flow d… Mary Barnes
- Re: [sipcore] Updated 4244bis and new call flow d… Mary Barnes