IETF Logo Mail Archive

Re: [sipcore] I-D Action: draft-ietf-sipcore-rejected-02.txt

"Asveren, Tolga" <tasveren@rbbn.com> Wed, 02 January 2019 19:25 UTC

Return-Path: <tasveren@rbbn.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49CA5130F01 for <sipcore@ietfa.amsl.com>; Wed, 2 Jan 2019 11:25:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=rbbn.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kOckwRfbA1kH for <sipcore@ietfa.amsl.com>; Wed, 2 Jan 2019 11:25:36 -0800 (PST)
Received: from us-smtp-delivery-181.mimecast.com (us-smtp-delivery-181.mimecast.com [63.128.21.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7083130ED4 for <sipcore@ietf.org>; Wed, 2 Jan 2019 11:25:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rbbn.com; s=mimecast20180816; t=1546457134; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZPNsXwQ2v3CNoxGhv767a3/JonGYUEi/9CQu9SHm0NE=; b=f4dx6iGBiLJ77GNbDd6s6OKdSiSM2/mjPAlCFu/y++NCY5PezXCYmS8Us4V7OUwR/XyHloGIqUQeklBxe+9xBVXlzub2gH5Oroa5mfEKy30sIM9riISURMw3DgKvL2KMKqbAEs/xNzgYHie5BdIlO7d8PM1tYBmIIMIcIWgQ3IE=
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02lp2054.outbound.protection.outlook.com [104.47.37.54]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-52-4cS0DmxLPQWwP3JE-mlIMw-1; Wed, 02 Jan 2019 14:25:33 -0500
Received: from BN6PR03MB2802.namprd03.prod.outlook.com (10.175.125.8) by BN6PR03MB2708.namprd03.prod.outlook.com (10.173.144.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1471.20; Wed, 2 Jan 2019 19:25:28 +0000
Received: from BN6PR03MB2802.namprd03.prod.outlook.com ([fe80::7526:2011:6430:70d9]) by BN6PR03MB2802.namprd03.prod.outlook.com ([fe80::7526:2011:6430:70d9%3]) with mapi id 15.20.1495.005; Wed, 2 Jan 2019 19:25:28 +0000
From: "Asveren, Tolga" <tasveren@rbbn.com>
To: Eric Burger <eburger@standardstrack.com>
CC: "sipcore@ietf.org" <sipcore@ietf.org>
Thread-Topic: [sipcore] I-D Action: draft-ietf-sipcore-rejected-02.txt
Thread-Index: AQHUnvbjsa1tYo46Ik2Dtee5yXzeYaWUsfqAgAKZJsCABPyHgIAAEvpQ
Date: Wed, 02 Jan 2019 19:25:28 +0000
Message-ID: <BN6PR03MB2802C8C47A4D7C575514FD1CA58C0@BN6PR03MB2802.namprd03.prod.outlook.com>
References: <154603356727.21662.4937819323227360735@ietfa.amsl.com> <F46F2CA3-B71E-4CE5-8798-27B4CADD405B@standardstrack.com> <BN6PR03MB280280F46028853890B4DC0CA5B10@BN6PR03MB2802.namprd03.prod.outlook.com> <FD63319A-2BDA-475F-9E2A-EC48784A1B1F@standardstrack.com>
In-Reply-To: <FD63319A-2BDA-475F-9E2A-EC48784A1B1F@standardstrack.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [73.80.74.66]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR03MB2708; 20:Xvm+bZj/1DyCjnkLKdfXUkAiW+QIK7LYsVHIeKGdY6buK0+3qHdNgfmsW9rSC1VYjvkhwCJOWN7Jxg96qsYP78uzORJAYsJKdX+oaCwI2/4CVq04O2cI04i5w885OKMBiXkMPgCV2vGX8utgwdz3BgWfZLQ6baf9eSvxf29r4NQ=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 38746d54-70e5-4fa1-33e5-08d670e80daa
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600109)(711020)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:BN6PR03MB2708;
x-ms-traffictypediagnostic: BN6PR03MB2708:
x-microsoft-antispam-prvs: <BN6PR03MB270850A552B8EE0E34836718A58C0@BN6PR03MB2708.namprd03.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(3230021)(908002)(999002)(5005026)(6040522)(8220060)(2401047)(8121501046)(10201501046)(93006095)(93001095)(3231475)(944501520)(52105112)(3002001)(6041310)(20161123562045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123558120)(201708071742011)(7699051)(76991095); SRVR:BN6PR03MB2708; BCL:0; PCL:0; RULEID:; SRVR:BN6PR03MB2708;
x-forefront-prvs: 0905A6B2C7
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(39850400004)(396003)(136003)(346002)(366004)(189003)(199004)(7696005)(790700001)(186003)(53546011)(6506007)(6116002)(102836004)(81166006)(236005)(76176011)(14444005)(26005)(8936002)(105586002)(93886005)(106356001)(99286004)(81156014)(97736004)(3846002)(256004)(8676002)(229853002)(33656002)(6436002)(9326002)(6246003)(53936002)(68736007)(54896002)(74316002)(2906002)(55016002)(6916009)(14454004)(316002)(71200400001)(476003)(71190400001)(4326008)(486006)(66066001)(25786009)(478600001)(6306002)(11346002)(446003)(86362001)(9686003)(7736002)(5660300001); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR03MB2708; H:BN6PR03MB2802.namprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: Az4o51ZMvLhvP/lbFwD8kLGaKvWeAgAoYsEBJPYkqFvkvb3cPwKALx/jpdWJBKOCOfQp+1EiEX+Wj5vI+LWFJcIvu/lrl2wHpVSERoL6uDQxySqCzdK0GKLFK1WJDf3dILNOpylATEx7h4xaKfVaOLLzwbQzxHp8cuv5Q0g3aYum8O0p4gXtdRpGGgnoThooaG99FGZCRH32F0X++5fVPG+PsBKZFRIPItMpdMFSiVt3c8RAszvVWslmryi8yi521QMh3UaqyP7DyQjr8nYycolgI9UifKhtdMTougiaoXs/aetEr507WDTqS4vCPfh6
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
MIME-Version: 1.0
X-OriginatorOrg: rbbn.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 38746d54-70e5-4fa1-33e5-08d670e80daa
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Jan 2019 19:25:28.3095 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 29a671dc-ed7e-4a54-b1e5-8da1eb495dc3
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR03MB2708
X-MC-Unique: 4cS0DmxLPQWwP3JE-mlIMw-1
X-Mimecast-Spam-Score: 0
Content-Type: multipart/alternative; boundary="_000_BN6PR03MB2802C8C47A4D7C575514FD1CA58C0BN6PR03MB2802namp_"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/gS6xPt_MR7jBGet6ovcd7Wu2kPs>
Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-rejected-02.txt
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jan 2019 19:25:40 -0000

Hi Eric,

New wording you suggested regarding the need/use of 608 sounds better to me.

For “intermediary” maybe “SIP intermediary”? Or would that be opening up a can of worms where this term itself needs to be defined? I would be fine either way (keeping it as is or using “SIP intermediary”).

For the need of “semantics of 608 + jCard being atomic”: Just based on history, yes I think you are being too strict :-)   Raising the bar high usually does not provide best results. The “default text” could mention the name Originating SP name directly and I guess that would be intelligible to any end user. I think this text is displayed not based on jCard multipart/alternate with a text version but should be a “native” capability of UAC itself IMHO. Otherwise, it would beat the purpose of providing a fallback for “lazy” implementations and infrastructure/deployment/management issues with public key being available/accessible. Having said that, it of course is preferable if jCard is supported, this would be only a fallback.

Thanks,
Tolga

From: Eric Burger <eburger@standardstrack.com>
Sent: Wednesday, January 2, 2019 12:44 PM
To: Asveren, Tolga <tasveren@rbbn.com>
Cc: sipcore@ietf.org
Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-rejected-02.txt

Tolga - As always, thanks for your review!
Thoughts inline.

On Dec 30, 2018, at 9:26 AM, Asveren, Tolga <tasveren@rbbn.com<mailto:tasveren@rbbn.com>> wrote:

Looks good to me with a few comments:

i-
1. Introduction

As
   described below, we need a distinct indicator to differentiate
   between a user rejection and an intermediary's rejection of a call.
   In some jurisdictions, calls, even if unwanted by the user, may not
   be blocked unless there is an explicit user request.
[TOLGA] I agree with the intend but the wording could be improved IMHO to clarify that 607 is not an “explicit user request”. Maybe by just adding “by other means” to the end of the last sentence?

607 is explicit user request, vs. 608 which is only a guess as to the user’s desire. In many jurisdictions, carriers have an obligation to complete (not block) calls, unless they are obviously illegal or the user explicitly requests blocking the call.

What if we put this into active voice?

This document describes a new SIP response code, 608, which allows calling parties to learn an intermediary rejected their call. As described below, we need a distinct indicator to differentiate between a user rejection and an intermediary's rejection of a call. In some jurisdictions, an intermediary can only block calls calls if there is an explicit user request. By giving legitimate callers the ability to correct blocks in error, some jurisdictions may decide to allow for intermediaries to block calls with implicit user request.



 Specifically, this code informs the UAC an

   intermediary blocked the call and provide a redress mechanism,

   specifically how to contact the operator of the intermediary.
[TOLGA] Couldn’t blocking be done also by the terminating SP and 608 still would be applicable AFAICS. “Intermediary” may cause confusion. It could be an idea to replace it with “an operator on the call path including intermediary operators”.
 However, things get more complicated if an intermediary, such as a

   third-party provider of call management services that classify calls

   based on the relative likelihood the call is unwanted, misidentifies

   the call as unwanted.
[TOLGA] Similar comment as the previous one.

I was thinking ‘intermediary’ in the SIP sense. I was struggling what to call it. Technically, it’s just the UAS, because that’s where the INVITE terminates. However, that is too easy to confuse with the UAS of the INVITE target. I didn’t want to use ‘Proxy’ or B2BUA, because who knows if that’s what it will be.

Do you (or anyone else) have a better term?



 ii-
3.3.  UAC Operation

A UAC conforming to this specification MUST include the sip.608

   feature capability tag in the INVITE request.
[TOLGA]What about other requests?
What about a registering end point indicating support in REGISTER Contact? I think the idea is that it still adds sip.608 to the request as well. It could be good to add a clarification about this case.
I think sip.608 means support for jCard as well. That IMHO is a taller order than just supporting a new response code. IMHO it could be good that always “Your calling number is blocked. Please contact the blocking organization based on the following information. Please contact your Originating SP if you don’t see any additional information” is displayed on the UAC upon receipt of 608.

Well… If you write code to explicitly deal with sip.608, as opposed to just generically handling 6xx), you get to support a JWT encoding of a jCard, including all the PKI support that implies. I.e., the jCard part is the least of your worries. Saying “contact your Originating SP” will be as useful as “Configure your STUN server [to electrocute yourself].” I.e., that will be meaningless information to Joe Average User. That’s also why I didn’t bother to include a multipart/alternate with a text version of the jCard. Either you understand sip.608 or you don’t.

Am I being too strict here?


 iii-
3.4.  Legacy Interoperation
[TOLGA] A malicious UAC may drain Operator announcement resources by placing many calls with a blocked calling-Id and not signaling sip.608. This can be remedied by playing announcement only once for each blocked calling-Id, or for every nth call, or only when announcement resources are idle. Granted, this could cause some hiccups if the same calling-Id is used by many UACs but still worth mentioning IMHO.

I like the idea. If it is a legal caller, then it’s likely a call center, and one announcement should be enough. If it is a spammer reusing the same calling-id, then who cares if they don’t get the message?




Thanks,
Tolga



[Cross-posted to IP-NNI, NNI, and STIR lists; please keep any discussion on the SIPCORE list]


What do we have here? This version is resistant to replay attacks. It also lets us trace jCards, if we wish.

I think it’s done, but I’m sure there are glaring holes that could be filled.

Please review.

Thanks, and Happy New Year.


-----------------------------------------------------------------------------------------------------------------------
Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. that
is confidential and/or proprietary for the sole use of the intended recipient.  Any review, disclosure, reliance or
distribution by others or forwarding without express permission is strictly prohibited.  If you are not the intended
recipient, please notify the sender immediately and then delete all copies, including any attachments.
-----------------------------------------------------------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email