Re: [Sipping] Expert review of draft-ejzak-sipping-p-em-auth-00.t xt

Paul Kyzivat <pkyzivat@cisco.com> Wed, 03 May 2006 13:37 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FbHXP-000539-8m; Wed, 03 May 2006 09:37:07 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FbHXN-00052z-Hu for sipping@ietf.org; Wed, 03 May 2006 09:37:05 -0400
Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FbHXN-0000HV-GR for sipping@ietf.org; Wed, 03 May 2006 09:37:05 -0400
Received: from rtp-iport-2.cisco.com ([64.102.122.149]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1FbHTk-0005BA-T9 for sipping@ietf.org; Wed, 03 May 2006 09:33:24 -0400
Received: from rtp-core-2.cisco.com ([64.102.124.13]) by rtp-iport-2.cisco.com with ESMTP; 03 May 2006 09:33:22 -0400
X-IronPort-AV: i="4.05,84,1146456000"; d="scan'208"; a="87785177:sNHT34223600"
Received: from xbh-rtp-201.amer.cisco.com (xbh-rtp-201.cisco.com [64.102.31.12]) by rtp-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id k43DXKvF016094; Wed, 3 May 2006 09:33:20 -0400 (EDT)
Received: from xfe-rtp-201.amer.cisco.com ([64.102.31.38]) by xbh-rtp-201.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Wed, 3 May 2006 09:33:20 -0400
Received: from [161.44.79.144] ([161.44.79.144]) by xfe-rtp-201.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Wed, 3 May 2006 09:33:19 -0400
Message-ID: <4458B11E.2050904@cisco.com>
Date: Wed, 03 May 2006 09:33:18 -0400
From: Paul Kyzivat <pkyzivat@cisco.com>
User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Aki Niemi <aki.niemi@nokia.com>
Subject: Re: [Sipping] Expert review of draft-ejzak-sipping-p-em-auth-00.t xt
References: <012901c66b32$203fd970$91c8000a@acmepacket.com> <31ED68E6-796D-49E1-B32C-055B6C2EE7FD@softarmor.com> <4458513B.604@nokia.com>
In-Reply-To: <4458513B.604@nokia.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 03 May 2006 13:33:19.0747 (UTC) FILETIME=[24393530:01C66EB6]
X-Spam-Score: -1.3 (-)
X-Scan-Signature: b7b9551d71acde901886cc48bfc088a6
Cc: 'Sipping' <sipping@ietf.org>, ext Dean Willis <dean.willis@softarmor.com>
X-BeenThere: sipping@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SIPPING Working Group \(applications of SIP\)" <sipping.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sipping@ietf.org>
List-Help: <mailto:sipping-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
Errors-To: sipping-bounces@ietf.org

Snipping to just the key points...

Aki Niemi wrote:

> Overall, I counted 80 messages on this thread landing in my inbox.
> That's a lot. If anything, this further solidifies my belief that the
> SIP change process of RFC 3427 is not working. We're getting wrapped
> around the axle on discussing whether or not a proposal is evil or has
> the "wrong" business model attached to it -- not whether it works as
> intended. Honestly, I don't see these discussions on P-headers generally
> very beneficial to have here. I tend to think that the markets will take
> care of proposals attached with bad business models eventually anyway
> and we need not bother.
> 
> That said, I still don't buy the argument that this header field changes
> behavior of nodes in a *significant* way. If it did, I can't imagine why
> blocking early media in terms of authorization of early media is then
> mentioned in RFC3959, which is after all standards track.

I can't find a reference to blocking early media in RFC3959, I suppose 
you meant RFC3960. I don't know why it meantions media authorization - 
maybe Gonzalo or Henning can explain.

>>4) This is where most of the argument is. Several folks have argued that
>>we're changing the behavior of SIP entities in a non-interoperable way,
>>and given the lack of an OPTION tag, can't negotiate or even detect a
>>requirement for the non-interoperable behavior. This makes me very, very
>>nervous. SIP is already complex enough -- deliberately introducing
>>multiple-personality-disorder would not make it any better.
> 
> I don't believe this non-interoperablility argument, not at least when
> this is still on paper. Would an option-tag make the problem go away?
> Hardly. I think the problem is we're measuring a P-header by the same
> standards we have for real headers.

I continue to have difficulty deciding how RFC 3427 should be applied, 
especially condition 4. I would be happy to have more guidance on this.

We start down the road of measuring P-headers the same as real headers 
when it appears that the proposal has violated this condition.

Frankly, I wouldn't care if the applicability was really for a truly 
closed garden, that would never interoperate with anything else based on 
sip standards. But I don't for a moment believe that is the case or the 
intent.

Re an options tag: I didn't specifically propose one. What I did suggest 
was that the media authorization be done in such a way that both ends 
know if early media will be permitted or not. I'm not convinced that 
option tags are the way to achieve that. But if achieved, what it would 
do is provide both ends with the opportunity to avoid doing things that 
aren't going to work. It doesn't solve the problem in cases where there 
is no alternative to early media, but it at least mitigates the problem.

> Is there rather something that could be put into the applicability
> statement to make these concerns go away, like to write down exactly the
> cases when interop problems are expected to happen? So that implementors
> and deployers can take notice.

There are practical problems with this. Suppose user A is connected 
through a service provider that is using the mechanisms of 
draft-ejzak-sipping-p-em-auth-00 to block early media from unauthorized 
sources. User B gets service from a "rogue" service provider that isn't 
part of the oligarchy that A's provider belongs to. But both providers 
are connected to the internet, and do interconnect via basic SIP routing 
rules. But because B's provider isn't part of the club, A's provider 
doesn't "trust" it, and so does not authorize early media.

B has configured his service to forward calls to his cell phone number 
on the PSTN when no sip device is registered. But B also forgot to pay 
his cellphone bill, and his service has been terminated.

Then A calls B. The call goes to B's provider. Nothing is registered, so 
B sends the call to its PSTN gateway, toward B's cell phone number. The 
cell phone provider plays a disconnected message in the media stream 
without answering the call. The gateway in B's network sends this media 
as early media towards A. But A's provider has blocked early media. So A 
hears nothing, and eventually the call drops.

Later A talks to B and says: I've been calling you and calling you 
without success. There must be something wrong because I just get 
silence and a disconnect.

	Paul

_______________________________________________
Sipping mailing list  https://www1.ietf.org/mailman/listinfo/sipping
This list is for NEW development of the application of SIP
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sip@ietf.org for new developments of core SIP