Re: [sipcore] privacy handling
"Elwell, John" <john.elwell@siemens-enterprise.com> Wed, 01 September 2010 08:36 UTC
Return-Path: <john.elwell@siemens-enterprise.com>
X-Original-To: sipcore@core3.amsl.com
Delivered-To: sipcore@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 468263A67FA for <sipcore@core3.amsl.com>; Wed, 1 Sep 2010 01:36:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.713
X-Spam-Level:
X-Spam-Status: No, score=-102.713 tagged_above=-999 required=5 tests=[AWL=-0.114, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7gOSAQvj85Vo for <sipcore@core3.amsl.com>; Wed, 1 Sep 2010 01:36:03 -0700 (PDT)
Received: from ms03.m0019.fra.mmp.de.bt.com (m0019.fra.mmp.de.bt.com [62.180.227.30]) by core3.amsl.com (Postfix) with ESMTP id ECB4B3A67B7 for <sipcore@ietf.org>; Wed, 1 Sep 2010 01:36:00 -0700 (PDT)
Received: from senmx12-mx ([62.134.46.10] [62.134.46.10]) by ms03.m0020.fra.mmp.de.bt.com with ESMTP id BT-MMP-1351847; Wed, 1 Sep 2010 10:36:30 +0200
Received: from MCHP063A.global-ad.net (unknown [172.29.37.61]) by senmx12-mx (Server) with ESMTP id 14FA923F028E; Wed, 1 Sep 2010 10:36:30 +0200 (CEST)
Received: from MCHP058A.global-ad.net ([172.29.37.55]) by MCHP063A.global-ad.net ([172.29.37.61]) with mapi; Wed, 1 Sep 2010 10:36:30 +0200
From: "Elwell, John" <john.elwell@siemens-enterprise.com>
To: Paul Kyzivat <pkyzivat@cisco.com>, "Worley, Dale R (Dale)" <dworley@avaya.com>
Date: Wed, 01 Sep 2010 10:36:29 +0200
Thread-Topic: [sipcore] privacy handling
Thread-Index: ActJMKdU3bzOenbETla+wED98nKe7wAfuohA
Message-ID: <A444A0F8084434499206E78C106220CA01C48DAF7E@MCHP058A.global-ad.net>
References: <CD5674C3CD99574EBA7432465FC13C1B21FFC79C01@DC-US1MBEX4.global.avaya.com> <4C7D3990.5010205@cisco.com>
In-Reply-To: <4C7D3990.5010205@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "SIPCORE (Session Initiation Protocol Core) WG" <sipcore@ietf.org>
Subject: Re: [sipcore] privacy handling
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sipcore>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Sep 2010 08:36:11 -0000
> -----Original Message----- > From: sipcore-bounces@ietf.org > [mailto:sipcore-bounces@ietf.org] On Behalf Of Paul Kyzivat > Sent: 31 August 2010 18:19 > To: Worley, Dale R (Dale) > Cc: SIPCORE (Session Initiation Protocol Core) WG > Subject: Re: [sipcore] privacy handling > > What Dale says would help. > > But I'm still concerned with which entities this requirement > applies to. > RFC 3323 is being cited for Privacy header processing. But it assigns > responsibility for that to a privacy service, and makes the UAC/UAS > responsible for ensuring that the request passes through such > a service. > IIUC 42444bis is assuming that every server that supports 4244bis is > potentially a privacy service. > > I'll be happy to learn that I'm entirely wrong in that > assumption. I'd > like to understand how privacy of H-I is intended to work in real use > cases, and where the privacy service(s) are located to make > that happen. [JRE] Paul has put into words what I was wrestling with during my review of the draft (and failed to capture in my comments). It does seem that an H-I-supporting proxy has to also provide a privacy service. Rather than referring to RFC 3323 on what to do under conditions where an hi-entry is subject to privacy and cannot be forwarded (in a request or in a response), it would be better to specify exactly what the proxy must do. The possibilities seem to be to remove the hi-entry or to substitute an anonymous value. The latter does not seem very useful , except that the History-Info header field would still indicate the number of retargets that have occurred (possibly of some use). In the case of an anonymous hi-entry in a request, the proxy could change it back to the original value when passing back the response. John > > Thanks, > Paul > > Worley, Dale R (Dale) wrote: > > Mary Barnes writes (in the middle of a long exchange quoted below): > >> That sentence is written within the context of core RFC 3261. We > >> really didn't get into the RFC 3325 trust domain concept > in RFC 4244 - > >> in particular because RFC 3325 is informational. However, > there is an > >> UNLESS later in that section: > >> > >> "...,unless the processing entity knows a priori that > it can rely on a > >> downstream processing entity within its domain to > apply the requested > >> privacy or local policy allows the forwarding." > > > > I think the problem can be fixed by deleting the phrase > "within its domain" (and also > > "a priori", which doesn't add anything): > > > > "..., unless the processing entity knows that it can rely > on a downstream processing > > entity to apply the requested privacy ..." > > > > The crucial fact is "entity A knows that entity B will do > it", not whether or how the > > two entities are related to each other. And in practice, > whether or not "entity A knows ..." > > is clearer than whether or not "entity A is in the same > trust domain as entity B", > > and possibly clearer than "entity A is in the same SIP > domain as entity B" -- > > the latter two questions are fraught with definitional > problems, whereas the first > > question is purely functional. > > > > Dale > > ________________________________________ > > From: sipcore-bounces@ietf.org [sipcore-bounces@ietf.org] > On Behalf Of Mary Barnes [mary.ietf.barnes@gmail.com] > > Sent: Wednesday, August 25, 2010 2:18 PM > > To: Paul Kyzivat > > Cc: SIPCORE (Session Initiation Protocol Core) WG > > Subject: Re: [sipcore] REMINDER: Re: WGLC: > draft-ietf-sipcore-rfc4244bis > > > > Paul, > > > > In the context of 4244/-bis, the term domain is a DNS > domain (per RFC 3261) and not a SPEC-T Trust Domain per RFC > 3325. However, the specific terminology we are referring to > is also in RFC 3261 in that a SIP entity can be responsible > for multiple domains, which is not a Trust domain, but is > something that can be configured. That's the context meant > in RFC 4244/-bis. It is outside the scope of RFC 3261 (and > thus RFC 4244/-bis) as to how those relationships are > configured. It could certainly be done using the Trust domain > model, but again, that's out of scope. > > > > If it helps, I can add in the terminology section that > domain (and the terminology around the domains for which an > entity is responsible, etc. ) is used in the same context as > RFC 3261, but I personally don't think that should be necessary. > > > > Mary. > > On Wed, Aug 25, 2010 at 1:01 PM, Paul Kyzivat > <pkyzivat@cisco.com<mailto:pkyzivat@cisco.com>> wrote: > > > > > > Mary Barnes wrote: > > Actually, I did respond to that message, per the following: > > http://www.ietf.org/mail-archive/web/sipcore/current/msg03088.html > > > > (threading in the email archives is no better than my > archiving method for emails). > > > > Hmm. I cannot find that one anywhere in my own archives, > and I don't recall seeing it. Don't know why. :-( > > > > That sentence is written within the context of core RFC > 3261. We really didn't get into the RFC 3325 trust domain > concept in RFC 4244 - in particular because RFC 3325 is > informational. However, there is an UNLESS later in that section: > > > > "...,unless the processing entity knows a priori that it > can rely on a downstream processing entity within its domain > to apply the requested privacy or local policy allows the forwarding." > > > > So, I will include that same clause in the sentence you are > concerned about. > > > > That doesn't do it for me. I think one way or another you > need to address whether "domain" means "DNS domain" or "trust > domain". And if it means "trust domain" then of course we > need a ref to 3325. > > > > You seem to mean DNS domain, but the kinds of actions you > are discussing seem more related to 3323 and 3325. ISTM that > if you mean DNS domain then you mean it based on an > assumption that "DNS domain" = "trust domain". > > > > Thanks, > > Paul > > > > Thanks, > > Mary. > > On Wed, Aug 25, 2010 at 11:51 AM, Mary Barnes > <mary.ietf.barnes@gmail.com<mailto:mary.ietf.barnes@gmail.com> > > <mailto:mary.ietf.barnes@gmail.com<mailto:mary.ietf.barnes@gma > il.com>>> wrote: > > > > Sorry, I should have replied to that thread, but I didn't think > > there was a change necessary. I'll reply now. > > > > Mary. > > > > On Wed, Aug 25, 2010 at 11:45 AM, Paul Kyzivat > <pkyzivat@cisco.com<mailto:pkyzivat@cisco.com> > > <mailto:pkyzivat@cisco.com<mailto:pkyzivat@cisco.com>>> wrote: > > > > [as individual] > > > > There was some discussion on the -00 version back in > July that > > was not, AFAICT, addressed in the -01 version. There > is a thread > > emanating from mary's announcement of the -00 version. The > > following is a hook into that thread: > > > > > http://www.ietf.org/mail-archive/web/sipcore/current/msg03056.html > > > > It has to do with when privacy should be applied. > > > > Thanks, > > Paul > > > > > > Adam Roach wrote: > > > > > > [as chair] > > > > As a reminder, we're just over halfway through this WGLC, > > and have not yet seen any comments. Please take > some time to > > review this draft. > > > > /a > > > > On 8/16/10 4:29 PM, Adam Roach - SIPCORE Chair wrote: > > > > > > [as chair] > > > > A major author of draft-ietf-sipcore-rfc4244bis-01 > > believes that the document has no remaining > open issues, > > and is ready for evaluation. Today, we are starting a > > two-week working group last call period. > This last call > > period ends on Tuesday, August 31st. > > > > The latest version of the document can be > retrieved here: > > > > > http://tools.ietf.org/html/draft-ietf-sipcore-rfc4244bis > > > > Any comments on the document should be sent to the > > SIPCORE mailing list. > > > > /a > > > > _______________________________________________ > > sipcore mailing list > > sipcore@ietf.org<mailto:sipcore@ietf.org> > <mailto:sipcore@ietf.org<mailto:sipcore@ietf.org>> > > > > https://www.ietf.org/mailman/listinfo/sipcore > > > > > > _______________________________________________ > > sipcore mailing list > > sipcore@ietf.org<mailto:sipcore@ietf.org> > <mailto:sipcore@ietf.org<mailto:sipcore@ietf.org>> > > > > https://www.ietf.org/mailman/listinfo/sipcore > > > > _______________________________________________ > > sipcore mailing list > > sipcore@ietf.org<mailto:sipcore@ietf.org> > <mailto:sipcore@ietf.org<mailto:sipcore@ietf.org>> > > > > https://www.ietf.org/mailman/listinfo/sipcore > > > > > > > > > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore >
- Re: [sipcore] privacy handling Worley, Dale R (Dale)
- Re: [sipcore] privacy handling Paul Kyzivat
- Re: [sipcore] privacy handling Mary Barnes
- Re: [sipcore] privacy handling Paul Kyzivat
- Re: [sipcore] privacy handling Mary Barnes
- Re: [sipcore] privacy handling Paul Kyzivat
- Re: [sipcore] privacy handling Hadriel Kaplan
- Re: [sipcore] privacy handling Paul Kyzivat
- Re: [sipcore] privacy handling Hadriel Kaplan
- Re: [sipcore] privacy handling Elwell, John
- Re: [sipcore] privacy handling Paul Kyzivat