IETF Logo Mail Archive

Re: [sipcore] privacy handling

"Elwell, John" <john.elwell@siemens-enterprise.com> Wed, 01 September 2010 08:36 UTC

Return-Path: <john.elwell@siemens-enterprise.com>
X-Original-To: sipcore@core3.amsl.com
Delivered-To: sipcore@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 468263A67FA for <sipcore@core3.amsl.com>; Wed, 1 Sep 2010 01:36:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.713
X-Spam-Level:
X-Spam-Status: No, score=-102.713 tagged_above=-999 required=5 tests=[AWL=-0.114, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7gOSAQvj85Vo for <sipcore@core3.amsl.com>; Wed, 1 Sep 2010 01:36:03 -0700 (PDT)
Received: from ms03.m0019.fra.mmp.de.bt.com (m0019.fra.mmp.de.bt.com [62.180.227.30]) by core3.amsl.com (Postfix) with ESMTP id ECB4B3A67B7 for <sipcore@ietf.org>; Wed, 1 Sep 2010 01:36:00 -0700 (PDT)
Received: from senmx12-mx ([62.134.46.10] [62.134.46.10]) by ms03.m0020.fra.mmp.de.bt.com with ESMTP id BT-MMP-1351847; Wed, 1 Sep 2010 10:36:30 +0200
Received: from MCHP063A.global-ad.net (unknown [172.29.37.61]) by senmx12-mx (Server) with ESMTP id 14FA923F028E; Wed, 1 Sep 2010 10:36:30 +0200 (CEST)
Received: from MCHP058A.global-ad.net ([172.29.37.55]) by MCHP063A.global-ad.net ([172.29.37.61]) with mapi; Wed, 1 Sep 2010 10:36:30 +0200
From: "Elwell, John" <john.elwell@siemens-enterprise.com>
To: Paul Kyzivat <pkyzivat@cisco.com>, "Worley, Dale R (Dale)" <dworley@avaya.com>
Date: Wed, 01 Sep 2010 10:36:29 +0200
Thread-Topic: [sipcore] privacy handling
Thread-Index: ActJMKdU3bzOenbETla+wED98nKe7wAfuohA
Message-ID: <A444A0F8084434499206E78C106220CA01C48DAF7E@MCHP058A.global-ad.net>
References: <CD5674C3CD99574EBA7432465FC13C1B21FFC79C01@DC-US1MBEX4.global.avaya.com> <4C7D3990.5010205@cisco.com>
In-Reply-To: <4C7D3990.5010205@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "SIPCORE (Session Initiation Protocol Core) WG" <sipcore@ietf.org>
Subject: Re: [sipcore] privacy handling
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sipcore>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Sep 2010 08:36:11 -0000

 

> -----Original Message-----
> From: sipcore-bounces@ietf.org 
> [mailto:sipcore-bounces@ietf.org] On Behalf Of Paul Kyzivat
> Sent: 31 August 2010 18:19
> To: Worley, Dale R (Dale)
> Cc: SIPCORE (Session Initiation Protocol Core) WG
> Subject: Re: [sipcore] privacy handling
> 
> What Dale says would help.
> 
> But I'm still concerned with which entities this requirement 
> applies to.
> RFC 3323 is being cited for Privacy header processing. But it assigns 
> responsibility for that to a privacy service, and makes the UAC/UAS 
> responsible for ensuring that the request passes through such 
> a service.
> IIUC 42444bis is assuming that every server that supports 4244bis is 
> potentially a privacy service.
> 
> I'll be happy to learn that I'm entirely wrong in that 
> assumption. I'd 
> like to understand how privacy of H-I is intended to work in real use 
> cases, and where the privacy service(s) are located to make 
> that happen.
[JRE] Paul has put into words what I was wrestling with during my review of the draft (and failed to capture in my comments). It does seem that an H-I-supporting proxy has to also provide a privacy service. Rather than referring to RFC 3323 on what to do under conditions where an hi-entry is subject to privacy and cannot be forwarded (in a request or in a response), it would be better to specify exactly what the proxy must do. The possibilities seem to be to remove the hi-entry or to substitute an anonymous value. The latter does not seem very useful , except that the History-Info header field would still indicate the number of retargets that have occurred (possibly of some use). In the case of an anonymous hi-entry in a request, the proxy could change it back to the original value when passing back the response.

John


> 
> 	Thanks,
> 	Paul
> 
> Worley, Dale R (Dale) wrote:
> > Mary Barnes writes (in the middle of a long exchange quoted below):
> >> That sentence is written within the context of core RFC 3261.  We
> >> really didn't get into the RFC 3325 trust domain concept 
> in RFC 4244 -
> >> in particular because RFC 3325 is informational.  However, 
> there is an
> >> UNLESS later in that section:
> >>
> >>     "...,unless the processing entity knows a priori that 
> it can rely on a
> >>     downstream processing entity within its domain to 
> apply the requested
> >>     privacy or local policy allows the forwarding."
> > 
> > I think the problem can be fixed by deleting the phrase 
> "within its domain" (and also
> > "a priori", which doesn't add anything):
> > 
> > "..., unless the processing entity knows that it can rely 
> on a downstream processing
> > entity to apply the requested privacy ..."
> > 
> > The crucial fact is "entity A knows that entity B will do 
> it", not whether or how the
> > two entities are related to each other.  And in practice, 
> whether or not "entity A knows ..."
> > is clearer than whether or not "entity A is in the same 
> trust domain as entity B",
> > and possibly clearer than "entity A is in the same SIP 
> domain as entity B" --
> > the latter two questions are fraught with definitional 
> problems, whereas the first
> > question is purely functional.
> > 
> > Dale
> > ________________________________________
> > From: sipcore-bounces@ietf.org [sipcore-bounces@ietf.org] 
> On Behalf Of Mary Barnes [mary.ietf.barnes@gmail.com]
> > Sent: Wednesday, August 25, 2010 2:18 PM
> > To: Paul Kyzivat
> > Cc: SIPCORE (Session Initiation Protocol Core) WG
> > Subject: Re: [sipcore] REMINDER: Re: WGLC: 
> draft-ietf-sipcore-rfc4244bis
> > 
> > Paul,
> > 
> > In the context of 4244/-bis, the term domain is a DNS 
> domain (per RFC 3261) and not a SPEC-T Trust Domain per RFC 
> 3325.  However, the specific terminology we are referring to 
> is also in RFC 3261 in that a SIP entity can be responsible 
> for multiple domains, which is not a Trust domain, but is 
> something that can be configured.  That's the context meant 
> in RFC 4244/-bis.  It is outside the scope of RFC 3261 (and 
> thus RFC 4244/-bis) as to how those relationships are 
> configured. It could certainly be done using the Trust domain 
> model, but again, that's out of scope.
> > 
> > If it helps, I can add in the terminology section that 
> domain (and the terminology around the domains for which an 
> entity is responsible, etc. ) is used in the same context as 
> RFC 3261, but I personally don't think that should be necessary.
> > 
> > Mary.
> > On Wed, Aug 25, 2010 at 1:01 PM, Paul Kyzivat 
> <pkyzivat@cisco.com<mailto:pkyzivat@cisco.com>> wrote:
> > 
> > 
> > Mary Barnes wrote:
> > Actually, I did respond to that message, per the following:
> > http://www.ietf.org/mail-archive/web/sipcore/current/msg03088.html
> > 
> > (threading in the email archives is no better than my 
> archiving method for emails).
> > 
> > Hmm. I cannot find that one anywhere in my own archives, 
> and I don't recall seeing it. Don't know why. :-(
> > 
> > That sentence is written within the context of core RFC 
> 3261.  We really didn't get into the RFC 3325 trust domain 
> concept in RFC 4244 - in particular because RFC 3325 is 
> informational.  However, there is an UNLESS later in that section:
> > 
> > "...,unless the processing entity knows a priori that it 
> can rely on a downstream processing entity within its domain 
> to apply the requested privacy or local policy allows the forwarding."
> > 
> > So, I will include that same clause in the sentence you are 
> concerned about.
> > 
> > That doesn't do it for me. I think one way or another you 
> need to address whether "domain" means "DNS domain" or "trust 
> domain". And if it means "trust domain" then of course we 
> need a ref to 3325.
> > 
> > You seem to mean DNS domain, but the kinds of actions you 
> are discussing seem more related to 3323 and 3325. ISTM that 
> if you mean DNS domain then you mean it based on an 
> assumption that "DNS domain" = "trust domain".
> > 
> >        Thanks,
> >        Paul
> > 
> > Thanks,
> > Mary.
> > On Wed, Aug 25, 2010 at 11:51 AM, Mary Barnes 
> <mary.ietf.barnes@gmail.com<mailto:mary.ietf.barnes@gmail.com>
>  
> <mailto:mary.ietf.barnes@gmail.com<mailto:mary.ietf.barnes@gma
> il.com>>> wrote:
> > 
> >    Sorry, I should have replied to that thread, but I didn't think
> >    there was a change necessary.  I'll reply now.
> > 
> >    Mary.
> > 
> >    On Wed, Aug 25, 2010 at 11:45 AM, Paul Kyzivat 
> <pkyzivat@cisco.com<mailto:pkyzivat@cisco.com>
> >    <mailto:pkyzivat@cisco.com<mailto:pkyzivat@cisco.com>>> wrote:
> > 
> >        [as individual]
> > 
> >        There was some discussion on the -00 version back in 
> July that
> >        was not, AFAICT, addressed in the -01 version. There 
> is a thread
> >        emanating from mary's announcement of the -00 version. The
> >        following is a hook into that thread:
> > 
> >        
> http://www.ietf.org/mail-archive/web/sipcore/current/msg03056.html
> > 
> >        It has to do with when privacy should be applied.
> > 
> >               Thanks,
> >               Paul
> > 
> > 
> >        Adam Roach wrote:
> > 
> > 
> >             [as chair]
> > 
> >            As a reminder, we're just over halfway through this WGLC,
> >            and have not yet seen any comments. Please take 
> some time to
> >            review this draft.
> > 
> >            /a
> > 
> >            On 8/16/10 4:29 PM, Adam Roach - SIPCORE Chair wrote:
> > 
> > 
> >                [as chair]
> > 
> >                A major author of draft-ietf-sipcore-rfc4244bis-01
> >                believes that the document has no remaining 
> open issues,
> >                and is ready for evaluation. Today, we are starting a
> >                two-week working group last call period. 
> This last call
> >                period ends on Tuesday, August 31st.
> > 
> >                The latest version of the document can be 
> retrieved here:
> > 
> >                
> http://tools.ietf.org/html/draft-ietf-sipcore-rfc4244bis
> > 
> >                Any comments on the document should be sent to the
> >                SIPCORE mailing list.
> > 
> >                /a
> > 
> >                _______________________________________________
> >                sipcore mailing list
> >                sipcore@ietf.org<mailto:sipcore@ietf.org> 
> <mailto:sipcore@ietf.org<mailto:sipcore@ietf.org>>
> > 
> >                https://www.ietf.org/mailman/listinfo/sipcore
> > 
> > 
> >            _______________________________________________
> >            sipcore mailing list
> >            sipcore@ietf.org<mailto:sipcore@ietf.org> 
> <mailto:sipcore@ietf.org<mailto:sipcore@ietf.org>>
> > 
> >            https://www.ietf.org/mailman/listinfo/sipcore
> > 
> >        _______________________________________________
> >        sipcore mailing list
> >        sipcore@ietf.org<mailto:sipcore@ietf.org> 
> <mailto:sipcore@ietf.org<mailto:sipcore@ietf.org>>
> > 
> >        https://www.ietf.org/mailman/listinfo/sipcore
> > 
> > 
> > 
> > 
> > 
> _______________________________________________
> sipcore mailing list
> sipcore@ietf.org
> https://www.ietf.org/mailman/listinfo/sipcore
>

v2.23.0 | Report a Bug | By Email