RE: [Sipping] Pushing Policies towards the Sender's Domain
"Saverio Niccolini" <Saverio.Niccolini@netlab.nec.de> Tue, 26 June 2007 11:45 UTC
Return-path: <sipping-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I39Tl-0001qR-DB; Tue, 26 Jun 2007 07:45:05 -0400
Received: from sipping by megatron.ietf.org with local (Exim 4.43) id 1I39Tj-0001qL-JP for sipping-confirm+ok@megatron.ietf.org; Tue, 26 Jun 2007 07:45:03 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I39Tj-0001qC-7q for sipping@ietf.org; Tue, 26 Jun 2007 07:45:03 -0400
Received: from smtp0.netlab.nec.de ([195.37.70.40]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1I39Ti-0005lE-K2 for sipping@ietf.org; Tue, 26 Jun 2007 07:45:03 -0400
Received: from localhost (atlas1.office [127.0.0.1]) by smtp0.netlab.nec.de (Postfix) with ESMTP id D4769200F030; Tue, 26 Jun 2007 13:45:01 +0200 (CEST)
X-Virus-Scanned: Amavisd on Debian GNU/Linux (atlas1.office)
Received: from smtp0.netlab.nec.de ([127.0.0.1]) by localhost (atlas1.office [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uERkkROE5IHM; Tue, 26 Jun 2007 13:45:01 +0200 (CEST)
Received: by smtp0.netlab.nec.de (Postfix, from userid 1001) id B598420102CC; Tue, 26 Jun 2007 13:45:01 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on atlas1.office
X-Spam-Level:
X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.1.7
Received: from mx1.office (mx1.office [10.1.1.23]) by smtp0.netlab.nec.de (Postfix) with ESMTP id 45F6A200F030; Tue, 26 Jun 2007 13:44:50 +0200 (CEST)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Sipping] Pushing Policies towards the Sender's Domain
Date: Tue, 26 Jun 2007 13:45:52 +0200
Message-ID: <113091BD57179D4491C19DA7E10CD6960150ECBF@mx1.office>
In-Reply-To: <467D5023.5020200@gmx.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Sipping] Pushing Policies towards the Sender's Domain
Thread-Index: Ace1tz+aYLknVWzqSwqknhded+7BVwCL5pfQ
References: <4673EDB6.3000601@gmx.net> <3B73AC67F37851635A180591@Gaja-Quitteks-Computer-2.local> <113091BD57179D4491C19DA7E10CD6960150E443@mx1.office> <467D5023.5020200@gmx.net>
From: Saverio Niccolini <Saverio.Niccolini@netlab.nec.de>
To: SIPPING LIST <sipping@ietf.org>
X-Sanitizer: This message has been sanitized!
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 612a16ba5c5f570bfc42b3ac5606ac53
Cc: Signaling TO Prevent SPIT <spitstop@listserv.netlab.nec.de>
X-BeenThere: sipping@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SIPPING Working Group \(applications of SIP\)" <sipping.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sipping@ietf.org>
List-Help: <mailto:sipping-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
Errors-To: sipping-bounces@ietf.org
Hannes, > Hi Saverio, > > Saverio Niccolini wrote: > > Hi Hannes, > > > > to add on what Juergen said, what we adressed in our SPITSTOP > > draft was not meant to cover only the authorization policies > > as you are saying, the authorization policies are just a > special case > > of the possible communications between domains, others are; > > -- info related to SPIT estimations > > > > Have you looked at the following document > http://www.tschofenig.priv.at/drafts/draft-schwartz-sipping-spit-s > aml-00.txt > Is this close to the mechanisms you have in mind? > (ignore the encoding in a SAML assertion for a moment) (Ignoring the SAML assertion for a moment) I had a look at it some time ago (this draft expired in 2006), I think the SPITSuspect security attribute is the most important example of info to be exchanged, but also others are good examples, anyway I think more can be added, maybe we can find time at next IETF to discuss this. > > -- messages explaining to the sender domain why the message > was blocked > > > If you are talking about ordinary SIP mechanisms then that is > fine for > me. This might help the sender > Is this your intention or to share blacklists between the two domains? This could be an example but also pushing back the SPITSuspect scores or the reason why the callee's rejected a call could be othjer examples (with the proper considerations to be applied) > > I clearly see these two points having priority over the > authorization > > polices when it comes to pushing info towards the sender domain. > > > In some sense this is quite similar to "authorization" policies. The > difference is, however, whether you do the interaction based on > individual calls or on an aggregate I agree on this. Cheers, Saverio > > Ciao > Hannes > > > Cheers, > > Saverio > > > > ============================================================ > > Dr. Saverio Niccolini > > Senior Research Staff Member > > Network Laboratories, NEC Europe Ltd. > > Kurfuerstenanlage 36, D-69115 Heidelberg > > Tel. +49 (0)6221 4342-118 > > Fax: +49 (0)6221 4342-155 > > e-mail: saverio.niccolini@netlab.nec.de > > ============================================================ > > NEC Europe Limited Registered Office: NEC House, 1 Victoria > > Road, London W3 6BL Registered in England 2832014 > > > > > > > > > >> -----Original Message----- > >> From: Juergen Quittek [mailto:quittek@netlab.nec.de] > >> Sent: Sunday, June 17, 2007 2:30 PM > >> To: Hannes Tschofenig; SIPPING LIST > >> Subject: Re: [Sipping] Pushing Policies towards the Sender's Domain > >> > >> Hi Hannes, > >> > >> I fully agree, that pushing policies between domains should > >> get low priority at this point in time in the context of > >> standards required for SPIT prevention. This is why we did > >> not cover it in draft-niccolini-sipping-spitstop and just > >> made the note that you cited below pointing to > >> draft-froment-sipping-spit-authz-policies > >> where it seemed that this was included. > >> > >> It is good that you replaced > >> draft-froment-sipping-spit-authz-policies with > >> draft-froment-sipping-spit-requirements that only focuses on > >> requirements. > >> > >> Thanks, > >> > >> Juergen > >> > >> > >> --On 16.06.07 16:03 +0200 Hannes Tschofenig wrote: > >> > >> > >>> Hi all, > >>> > >>> when reading through the documents I came across the following > >>> statement in <draft-niccolini-sipping-spitstop-00.txt>: > >>> > >>> " > >>> Please note that the described reference scenario does > >>> > >> not addresses > >> > >>> management interfaces to entities involved in SPIT > prevention. A > >>> first approach to this issue has been made is described in > >>> [I-D.froment-sipping-spit-authz-policies]. > >>> " > >>> > >>> it seems that some parts of > >>> <draft-froment-sipping-spit-authz-policies-02.txt> got > >>> > >> misunderstood. > >> > >>> There are some text paragraphs in > >>> <draft-froment-sipping-spit-authz-policies-02.txt> that > envisioned > >>> that the authorization policies are distributed to other > >>> > >> domains, and > >> > >>> in particular towards the sender's domain. There is obviously the > >>> question what you would but in these policy documents, when to > >>> distribute them and whether there are potential privacy > >>> > >> problems with that approach. > >> > >>> This is an interesting technical issue BUT I would put it on my > >>> priority list for work that has to be done in the SPIT prevention > >>> space to the end of the queue. This lead us actually to > >>> > >> create a new > >> > >>> document (see > >>> http://fon.gs/spit-requirements) that focuses purely on > >>> > >> requirements > >> > >>> for authorization policies that are not distributed > between domains. > >>> > >>> I wonder what other people think about pushing policies > towards the > >>> sender's domain. > >>> > >>> Ciao > >>> Hannes > >>> > >>> > >>> _______________________________________________ > >>> Sipping mailing list > https://www1.ietf.org/mailman/listinfo/sipping > >>> This list is for NEW development of the application of SIP Use > >>> sip-implementors@cs.columbia.edu for questions on current sip Use > >>> sip@ietf.org for new developments of core SIP > >>> > >> > >> -- > >> Juergen Quittek quittek@netlab.nec.de Tel: +49 > >> 6221 4342-115 > >> NEC Europe Limited, Network Laboratories Fax: +49 > >> 6221 4342-155 > >> Kurfuersten-Anlage 36, 69115 Heidelberg, Germany > >> http://www.netlab.nec.de > >> Registered Office: NEC House, 1 Victoria Road, London W3 6BL, > >> UK Registered in England 2832014 > >> > >> > >> _______________________________________________ > >> Sipping mailing list > https://www1.ietf.org/mailman/listinfo/sipping > >> This list is for NEW development of the application of SIP > >> Use sip-implementors@cs.columbia.edu for questions on current > >> sip Use sip@ietf.org for new developments of core SIP > >> > >> > > ============================================================ Dr. Saverio Niccolini Senior Research Staff Member Network Laboratories, NEC Europe Ltd. Kurfuerstenanlage 36, D-69115 Heidelberg Tel. +49 (0)6221 4342-118 Fax: +49 (0)6221 4342-155 e-mail: saverio.niccolini@netlab.nec.de ============================================================ NEC Europe Limited Registered Office: NEC House, 1 Victoria Road, London W3 6BL Registered in England 2832014 _______________________________________________ Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping This list is for NEW development of the application of SIP Use sip-implementors@cs.columbia.edu for questions on current sip Use sip@ietf.org for new developments of core SIP
- [Sipping] Pushing Policies towards the Sender's D… Hannes Tschofenig
- Re: [Sipping] Pushing Policies towards the Sender… Juergen Quittek
- RE: [Sipping] Pushing Policies towards the Sender… Saverio Niccolini
- Re: [Sipping] Pushing Policies towards the Sender… Hannes Tschofenig
- RE: [Sipping] Pushing Policies towards the Sender… Saverio Niccolini
- AW: [Sipping] Pushing Policies towards the Sender… Tschofenig, Hannes
- RE: [Sipping] Pushing Policies towards the Sender… Jeremy Barkan (DigitalShtick)
- Re: [spitstop] [Sipping] Pushing Policies towards… Hannes Tschofenig