Re: [sipcore] [stir] [Acme] NYTimes.com: How Do You Stop Robocalls?
"Olle E. Johansson" <oej@edvina.net> Thu, 15 July 2021 06:58 UTC
Return-Path: <oej@edvina.net>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 439003A1F89 for <sipcore@ietfa.amsl.com>; Wed, 14 Jul 2021 23:58:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bFwAuv8cwkZi for <sipcore@ietfa.amsl.com>; Wed, 14 Jul 2021 23:58:06 -0700 (PDT)
Received: from smtp7.webway.se (smtp7.webway.se [IPv6:2a02:920:212e::205]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9A7C3A1F83 for <sipcore@ietf.org>; Wed, 14 Jul 2021 23:58:05 -0700 (PDT)
Received: from smtpclient.apple (h-176-10-205-16.A165.corp.bahnhof.se [176.10.205.16]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp7.webway.se (Postfix) with ESMTPSA id 15E811900; Thu, 15 Jul 2021 08:58:02 +0200 (CEST)
From: "Olle E. Johansson" <oej@edvina.net>
Message-Id: <17ED4B2F-D445-4E35-B722-995EC9D4567B@edvina.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_99E2CD5E-AF7D-44CB-9DE0-F2B48D8720E2"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.100.0.2.22\))
Date: Thu, 15 Jul 2021 08:57:56 +0200
In-Reply-To: <CAD5OKxugdycNMFPjvjWAiKoDj0FL1Fps5_N9CYDMcinoY90hGA@mail.gmail.com>
Cc: SIPCORE <sipcore@ietf.org>
To: Roman Shpount <roman@telurix.com>
References: <B0BBFDFA-4203-4660-A982-80A5B8DED746@contoso.com> <CAHBDyN57-8-ctw8L-5ob_ti2azBwEGqyEApGVSMwJgNM68Uscw@mail.gmail.com> <CAD5OKxsy3xODy2mXHJcKB=ihwdOeLLYiLaDpORa4B33j7TUuhw@mail.gmail.com> <FDA56FC9-ADDD-4A5C-8624-3F0CC822E230@edvina.net> <CAD5OKxvYMERn9++0-igHxCLf5=DwPGH7E-T+OzH1NNiGZp0tHA@mail.gmail.com> <357B6EDB-C403-4539-B760-F76118F3E7B5@edvina.net> <CAD5OKxuW5PCQQHT7nYrrD6zJuuppPYhUTqyw5q-_rKdKYKaMLw@mail.gmail.com> <FFB02EC8-F437-4469-82F1-052B3052FBCC@edvina.net> <CAD5OKxugdycNMFPjvjWAiKoDj0FL1Fps5_N9CYDMcinoY90hGA@mail.gmail.com>
X-Mailer: Apple Mail (2.3654.100.0.2.22)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/uvyq2PITR96sUuN9uQgF-XtSBz0>
Subject: Re: [sipcore] [stir] [Acme] NYTimes.com: How Do You Stop Robocalls?
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jul 2021 06:58:11 -0000
> On 15 Jul 2021, at 08:30, Roman Shpount <roman@telurix.com> wrote Only addressing sipcore for now. > On Wed, Jul 14, 2021 at 2:04 AM Olle E. Johansson <oej@edvina.net <mailto:oej@edvina.net>> wrote: >> 13 juli 2021 kl. 17:35 skrev Roman Shpount <roman@telurix.com <mailto:roman@telurix.com>>: >> >> On Tue, Jul 13, 2021 at 3:11 AM Olle E. Johansson <oej@edvina.net <mailto:oej@edvina.net>> wrote: >> I would love to have a discussion on that - either on the sipcore list or somewhere else. I gave a lot of input to the SIPconnect update but there’s still a lot of work to do on the server2server case. >> >> >> The areas I wanted to investigate were: >> 1. Handling TLS connection failure at all stages of an INVITE transaction. Design a test suite for proxies and SBC to test this behavior. >> 2. Support for multiple bidirectional TLS connections between two SIP endpoints or two clusters of SIP endpoints >> 3. Dealing with slow proxy thread or slow proxy in the cluster when processing SIP transactions >> 4. Best practices for high-performance TLS connections between proxies, including connection reuse, connection resumption, cipher suites, etc >> 5. Look at SIP-over-QUIC as a next-generation secure SIP transport > > > What do you think is the right way to proceed to deal with these issues? I want to limit the scope of this on addressing the issues related to set up a high scale TLS SIP connection between two service providers. I think these issues need to be addressed rather urgently, considering both the growing SIP message size as well as privacy concerns and regulations. It is time to move from UDP, and if implemented correctly TLS connection should be more reliable and only require about 10% extra CPU resources. We may want to draft a problem statement for the TLS part to start with - documenting both server2server (domain2domain) and client to domain issues. I think it is critical to document the issues before moving forward. There are many issues when you start looking at it, like the connection reuse document that states that a server should request a client cert in order to do connection reuse - but not how to determine if a connection is a server2server or a client2server connection. In XMPP there’s a separate port for server2server, which solves that problem. /O > > I know there are also multiple issues related to TLS SIP connectivity from clients, but they might be slightly different than high-scale server-to-server connections. >> > A good list. One thing that comes up now and then when meeting SIP developers is dialog survival. > > We have many solutions for failover if a server dies, meaning we can always set up a new dialog. But when a server inside a route set dies, we have less documented survivability. There’s some hint in RFC 3263 if I remember correctly that if there is a DNS name in the route header, DNS srv may apply. > > I never quite understood why target refresh request updates Contact and not the entire route set. It is generally useful to update the list of proxies used for the dialog. > _____________ > Roman Shpount
- Re: [sipcore] [stir] [Acme] NYTimes.com: How Do Y… Olle E. Johansson
- Re: [sipcore] [stir] [Acme] NYTimes.com: How Do Y… Roman Shpount
- Re: [sipcore] [stir] [Acme] NYTimes.com: How Do Y… Olle E. Johansson