[Sipping] comments on draft-tschofenig-sipping-captcha-00.txt
Jonathan Rosenberg <jdrosen@cisco.com> Fri, 13 July 2007 15:10 UTC
Return-path: <sipping-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I9MmP-0004wg-PS; Fri, 13 Jul 2007 11:10:01 -0400
Received: from sipping by megatron.ietf.org with local (Exim 4.43) id 1I9MmN-0004pJ-F4 for sipping-confirm+ok@megatron.ietf.org; Fri, 13 Jul 2007 11:09:59 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I9MmM-0004iU-N5 for sipping@ietf.org; Fri, 13 Jul 2007 11:09:58 -0400
Received: from sj-iport-1-in.cisco.com ([171.71.176.70] helo=sj-iport-1.cisco.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1I9MmM-0005Hi-CE for sipping@ietf.org; Fri, 13 Jul 2007 11:09:58 -0400
Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-1.cisco.com with ESMTP; 13 Jul 2007 08:09:57 -0700
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ao8CAGoyl0arR7O6/2dsb2JhbAA
X-IronPort-AV: i="4.16,537,1175497200"; d="scan'208"; a="8426240:sNHT13501218"
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id l6DF9vk2006979 for <sipping@ietf.org>; Fri, 13 Jul 2007 08:09:57 -0700
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id l6DF9dnA026207 for <sipping@ietf.org>; Fri, 13 Jul 2007 15:09:57 GMT
Received: from xfe-sjc-211.amer.cisco.com ([171.70.151.174]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 13 Jul 2007 08:09:54 -0700
Received: from [10.32.241.147] ([10.32.241.147]) by xfe-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 13 Jul 2007 08:09:53 -0700
Message-ID: <469795C7.5030108@cisco.com>
Date: Fri, 13 Jul 2007 11:09:59 -0400
From: Jonathan Rosenberg <jdrosen@cisco.com>
User-Agent: Thunderbird 2.0.0.4 (Windows/20070604)
MIME-Version: 1.0
To: IETF Sipping List <sipping@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 13 Jul 2007 15:09:54.0028 (UTC) FILETIME=[DDFD52C0:01C7C55F]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=2366; t=1184339397; x=1185203397; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jdrosen@cisco.com; z=From:=20Jonathan=20Rosenberg=20<jdrosen@cisco.com> |Subject:=20comments=20on=20draft-tschofenig-sipping-captcha-00.txt |Sender:=20; bh=0UKTsxzbAO7uHvTBDPaWi8IZ9BsXd/WFb2y93SKd9go=; b=pR5orGKaT5I/33XPZZFztIw97gnRZb2jCHca8cN5idKtRJHA+Q4whXnsXRu/PHzy3HjDLD/f AN+gk+uFbGsr7G+zeO1f+qMA8gTaLhOdUTDTuVUwkDHahgYIy4OJ+eXf;
Authentication-Results: sj-dkim-2; header.From=jdrosen@cisco.com; dkim=pass ( sig from cisco.com/sjdkim2002 verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 538aad3a3c4f01d8b6a6477ca4248793
Subject: [Sipping] comments on draft-tschofenig-sipping-captcha-00.txt
X-BeenThere: sipping@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SIPPING Working Group \(applications of SIP\)" <sipping.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sipping@ietf.org>
List-Help: <mailto:sipping-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
Errors-To: sipping-bounces@ietf.org
Interesting draft, a few comments. Firstly, I disagree strongly that the app interaction framework cannot be reused for this. The draft makes several statements about its applicability, all of which are wrong: > Since there are different > solutions for different cases, the UAC needs to indicate the > supported application user interaction mechamisms when issuing a SIP > request. This might be too a heavy requirement for solving the user > interaction needs related to SPIT challenges. Firstly, it wasn't clear to me how the proposed mechanism solves this either. WHen the server rejects the request and provides the captcha challenge, how does it know which challenge to issue? It depends on the capabilities of the user and UA. So, same problem. Secondly this hardly seems like a hard problem to solve. The INVITE contains an Accept contact header field with the object types it can use. The draft also says: > Also, the application > interaction framework requires that a dialog exists before initiating > or accepting any user interaction requests. In case of SPIT > challenges the user interaction must happen during the dialog > establishment so it seems that the application interaction framework > cannot be directly used as a solution. This is false. THe dialog can be early. The application would send a provisional response and then issue the REFER to an HTTP URL, which can be used to retrieve exactly the same object you have specified, if you like. Using the dialog event package also allows better performance since you don't have to retry the INVITE, the call just proceeds. My second comment is, I'm not convinced a separate object format is needed for the challenge. Certainly in email systems today and web systems there is not; its just an HTTP interaction. I suspect you are worried about more limited user interfaces that don't have a general purpose web browser? You might want to motivate this a bit. -JOnathan R. -- Jonathan D. Rosenberg, Ph.D. 600 Lanidex Plaza Cisco Fellow Parsippany, NJ 07054-2711 Cisco Systems jdrosen@cisco.com FAX: (973) 952-5050 http://www.jdrosen.net PHONE: (973) 952-5000 http://www.cisco.com _______________________________________________ Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping This list is for NEW development of the application of SIP Use sip-implementors@cs.columbia.edu for questions on current sip Use sip@ietf.org for new developments of core SIP
- [Sipping] comments on draft-tschofenig-sipping-ca… Jonathan Rosenberg
- RE: [Sipping] comments on draft-tschofenig-sippin… Jeremy Barkan (DigitalShtick)