IETF Logo Mail Archive

RE: [Sipping] Pushing Policies towards the Sender's Domain

"Saverio Niccolini" <Saverio.Niccolini@netlab.nec.de> Tue, 26 June 2007 11:45 UTC

Return-path: <sipping-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I39Tl-0001qR-DB; Tue, 26 Jun 2007 07:45:05 -0400
Received: from sipping by megatron.ietf.org with local (Exim 4.43) id 1I39Tj-0001qL-JP for sipping-confirm+ok@megatron.ietf.org; Tue, 26 Jun 2007 07:45:03 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I39Tj-0001qC-7q for sipping@ietf.org; Tue, 26 Jun 2007 07:45:03 -0400
Received: from smtp0.netlab.nec.de ([195.37.70.40]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1I39Ti-0005lE-K2 for sipping@ietf.org; Tue, 26 Jun 2007 07:45:03 -0400
Received: from localhost (atlas1.office [127.0.0.1]) by smtp0.netlab.nec.de (Postfix) with ESMTP id D4769200F030; Tue, 26 Jun 2007 13:45:01 +0200 (CEST)
X-Virus-Scanned: Amavisd on Debian GNU/Linux (atlas1.office)
Received: from smtp0.netlab.nec.de ([127.0.0.1]) by localhost (atlas1.office [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uERkkROE5IHM; Tue, 26 Jun 2007 13:45:01 +0200 (CEST)
Received: by smtp0.netlab.nec.de (Postfix, from userid 1001) id B598420102CC; Tue, 26 Jun 2007 13:45:01 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on atlas1.office
X-Spam-Level:
X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.1.7
Received: from mx1.office (mx1.office [10.1.1.23]) by smtp0.netlab.nec.de (Postfix) with ESMTP id 45F6A200F030; Tue, 26 Jun 2007 13:44:50 +0200 (CEST)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Sipping] Pushing Policies towards the Sender's Domain
Date: Tue, 26 Jun 2007 13:45:52 +0200
Message-ID: <113091BD57179D4491C19DA7E10CD6960150ECBF@mx1.office>
In-Reply-To: <467D5023.5020200@gmx.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Sipping] Pushing Policies towards the Sender's Domain
Thread-Index: Ace1tz+aYLknVWzqSwqknhded+7BVwCL5pfQ
References: <4673EDB6.3000601@gmx.net> <3B73AC67F37851635A180591@Gaja-Quitteks-Computer-2.local> <113091BD57179D4491C19DA7E10CD6960150E443@mx1.office> <467D5023.5020200@gmx.net>
From: Saverio Niccolini <Saverio.Niccolini@netlab.nec.de>
To: SIPPING LIST <sipping@ietf.org>
X-Sanitizer: This message has been sanitized!
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 612a16ba5c5f570bfc42b3ac5606ac53
Cc: Signaling TO Prevent SPIT <spitstop@listserv.netlab.nec.de>
X-BeenThere: sipping@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SIPPING Working Group \(applications of SIP\)" <sipping.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sipping@ietf.org>
List-Help: <mailto:sipping-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
Errors-To: sipping-bounces@ietf.org

Hannes,

> Hi Saverio,
> 
> Saverio Niccolini wrote:
> > Hi Hannes,
> >
> > to add on what Juergen said, what we adressed in our SPITSTOP
> > draft was not meant to cover only the authorization policies
> > as you are saying, the authorization policies are just a 
> special case
> > of the possible communications between domains, others are;
> > -- info related to SPIT estimations
> >   
> 
> Have you looked at the following document 
> http://www.tschofenig.priv.at/drafts/draft-schwartz-sipping-spit-s
> aml-00.txt
> Is this close to the mechanisms you have in mind?
> (ignore the encoding in a SAML assertion for a moment)

(Ignoring the SAML assertion for a moment)
I had a look at it some time ago (this draft expired in 2006),
I think the SPITSuspect security attribute is the most important
example of info to be exchanged, but also others are good examples,
anyway I think more can be added, maybe we can find time at next IETF
to discuss this.

> > -- messages explaining to the sender domain why the message 
> was blocked
> >   
> If you are talking about ordinary SIP mechanisms then that is 
> fine for 
> me. This might help the sender
> Is this your intention or to share blacklists between the two domains?

This could be an example but also pushing back the SPITSuspect scores
or the reason why the callee's rejected a call could be othjer
examples (with the proper considerations to be applied)

> > I clearly see these two points having priority over the 
> authorization
> > polices when it comes to pushing info towards the sender domain.
> >   
> In some sense this is quite similar to "authorization" policies. The 
> difference is, however, whether you do the interaction based on 
> individual calls or on an aggregate

I agree on this.

Cheers,
Saverio

> 
> Ciao
> Hannes
> 
> > Cheers,
> > Saverio
> >
> > ============================================================
> > Dr. Saverio Niccolini
> > Senior Research Staff Member
> > Network Laboratories, NEC Europe Ltd.
> > Kurfuerstenanlage 36, D-69115 Heidelberg
> > Tel.     +49 (0)6221 4342-118
> > Fax:     +49 (0)6221 4342-155
> > e-mail:  saverio.niccolini@netlab.nec.de
> > ============================================================
> > NEC Europe Limited Registered Office: NEC House, 1 Victoria
> > Road, London W3 6BL Registered in England 2832014
> >  
> >   
> >
> >   
> >> -----Original Message-----
> >> From: Juergen Quittek [mailto:quittek@netlab.nec.de] 
> >> Sent: Sunday, June 17, 2007 2:30 PM
> >> To: Hannes Tschofenig; SIPPING LIST
> >> Subject: Re: [Sipping] Pushing Policies towards the Sender's Domain
> >>
> >> Hi Hannes,
> >>
> >> I fully agree, that pushing policies between domains should 
> >> get low priority at this point in time in the context of 
> >> standards required for SPIT prevention.  This is why we did 
> >> not cover it in draft-niccolini-sipping-spitstop and just 
> >> made the note that you cited below pointing to 
> >> draft-froment-sipping-spit-authz-policies
> >> where it seemed that this was included.
> >>
> >> It is good that you replaced 
> >> draft-froment-sipping-spit-authz-policies with 
> >> draft-froment-sipping-spit-requirements that only focuses on 
> >> requirements.
> >>
> >> Thanks,
> >>
> >>     Juergen
> >>
> >>
> >> --On 16.06.07 16:03 +0200 Hannes Tschofenig wrote:
> >>
> >>     
> >>> Hi all,
> >>>
> >>> when reading through the documents I came across the following 
> >>> statement in <draft-niccolini-sipping-spitstop-00.txt>:
> >>>
> >>> "
> >>>    Please note that the described reference scenario does 
> >>>       
> >> not addresses
> >>     
> >>>    management interfaces to entities involved in SPIT 
> prevention.  A
> >>>    first approach to this issue has been made is described in
> >>>    [I-D.froment-sipping-spit-authz-policies].
> >>> "
> >>>
> >>> it seems that some parts of
> >>> <draft-froment-sipping-spit-authz-policies-02.txt> got 
> >>>       
> >> misunderstood.
> >>     
> >>> There are some text paragraphs in
> >>> <draft-froment-sipping-spit-authz-policies-02.txt> that 
> envisioned 
> >>> that the authorization policies are distributed to other 
> >>>       
> >> domains, and 
> >>     
> >>> in particular towards the sender's domain. There is obviously the 
> >>> question what you would but in these policy documents, when to 
> >>> distribute them and whether there are potential privacy 
> >>>       
> >> problems with that approach.
> >>     
> >>> This is an interesting technical issue BUT I would put it on my 
> >>> priority list for work that has to be done in the SPIT prevention 
> >>> space to the end of the queue. This lead us actually to 
> >>>       
> >> create a new 
> >>     
> >>> document (see
> >>> http://fon.gs/spit-requirements)  that focuses purely on 
> >>>       
> >> requirements 
> >>     
> >>> for authorization policies that are not distributed 
> between domains.
> >>>
> >>> I wonder what other people think about pushing policies 
> towards the 
> >>> sender's domain.
> >>>
> >>> Ciao
> >>> Hannes
> >>>
> >>>
> >>> _______________________________________________
> >>> Sipping mailing list  
> https://www1.ietf.org/mailman/listinfo/sipping
> >>> This list is for NEW development of the application of SIP Use 
> >>> sip-implementors@cs.columbia.edu for questions on current sip Use 
> >>> sip@ietf.org for new developments of core SIP
> >>>       
> >>
> >> -- 
> >> Juergen Quittek        quittek@netlab.nec.de       Tel: +49 
> >> 6221 4342-115
> >> NEC Europe Limited,    Network Laboratories        Fax: +49 
> >> 6221 4342-155
> >> Kurfuersten-Anlage 36, 69115 Heidelberg, Germany   
> >> http://www.netlab.nec.de
> >> Registered Office: NEC House, 1 Victoria Road, London W3 6BL, 
> >> UK Registered in England 2832014
> >>
> >>
> >> _______________________________________________
> >> Sipping mailing list  
> https://www1.ietf.org/mailman/listinfo/sipping
> >> This list is for NEW development of the application of SIP 
> >> Use sip-implementors@cs.columbia.edu for questions on current 
> >> sip Use sip@ietf.org for new developments of core SIP
> >>
> >>     
> 
> 

============================================================
Dr. Saverio Niccolini
Senior Research Staff Member
Network Laboratories, NEC Europe Ltd.
Kurfuerstenanlage 36, D-69115 Heidelberg
Tel.     +49 (0)6221 4342-118
Fax:     +49 (0)6221 4342-155
e-mail:  saverio.niccolini@netlab.nec.de
============================================================
NEC Europe Limited Registered Office: NEC House, 1 Victoria
Road, London W3 6BL Registered in England 2832014


_______________________________________________
Sipping mailing list  https://www1.ietf.org/mailman/listinfo/sipping
This list is for NEW development of the application of SIP
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sip@ietf.org for new developments of core SIP

v2.23.0 | Report a Bug | By Email