RE: [Sipping] Re: Question on draft-rosenberg-sipping-acr-code-00
"Nataraju A B" <bnataraju@kodiaknetworks.com> Mon, 16 January 2006 08:22 UTC
Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EyPcp-0001we-6D; Mon, 16 Jan 2006 03:22:03 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EyPcm-0001wB-VT for sipping@megatron.ietf.org; Mon, 16 Jan 2006 03:22:01 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA22758 for <sipping@ietf.org>; Mon, 16 Jan 2006 03:20:35 -0500 (EST)
Received: from [203.200.4.5] (helo=serversmb.kodiaknetworks.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EyPkc-0007Zh-FE for sipping@ietf.org; Mon, 16 Jan 2006 03:30:10 -0500
Received: from Nataraju ([192.168.2.115]) by serversmb.kodiaknetworks.com (8.11.6/8.11.6) with ESMTP id k0G8HkP11005; Mon, 16 Jan 2006 13:47:46 +0530
From: Nataraju A B <bnataraju@kodiaknetworks.com>
To: "'Jesske, R'" <R.Jesske@t-com.net>, john.elwell@siemens.com, pkyzivat@cisco.com, jdrosen@cisco.com
Subject: RE: [Sipping] Re: Question on draft-rosenberg-sipping-acr-code-00
Date: Mon, 16 Jan 2006 13:50:49 +0530
Message-ID: <001901c61a75$c24fe6f0$7302a8c0@Nataraju>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
In-Reply-To: <E7666D92C64C2845AEF12636FF94F9520496BC6C@S4DE8PSAAGQ.blf.telekom.de>
X-Spam-Score: 3.1 (+++)
X-Scan-Signature: 75ac735ede4d089f7192d230671d536e
Content-Transfer-Encoding: quoted-printable
Cc: sipping@ietf.org
X-BeenThere: sipping@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SIPPING Working Group \(applications of SIP\)" <sipping.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sipping@ietf.org>
List-Help: <mailto:sipping-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
Sender: sipping-bounces@ietf.org
Errors-To: sipping-bounces@ietf.org
Display name is being used only for the information being displayed to user and not being used for automata - RIGHT ? Hence if the display name was set as anonymous and uri as some different URI, then it should have processed as a non-anonymous URI...??? >From this point of understanding, I feel we should not do anything logically based on user's display name, hence my earlier question... Thanks & Regards, Nataraju A.B. -----Original Message----- From: Jesske, R [mailto:R.Jesske@t-com.net] Sent: Monday, January 16, 2006 12:42 PM To: bnataraju@kodiaknetworks.com; john.elwell@siemens.com; pkyzivat@cisco.com; jdrosen@cisco.com Cc: sipping@ietf.org Subject: AW: [Sipping] Re: Question on draft-rosenberg-sipping-acr-code-00 Why should we change it? If a user set the display name to anonymous, he would like to say the identity given in From header is not my real identity. Roland > -----Ursprüngliche Nachricht----- > Von: Nataraju A B [mailto:bnataraju@kodiaknetworks.com] > Gesendet: Sonntag, 15. Januar 2006 08:28 > An: Jesske, Roland; john.elwell@siemens.com; > pkyzivat@cisco.com; jdrosen@cisco.com > Cc: sipping@ietf.org > Betreff: RE: [Sipping] Re: Question on > draft-rosenberg-sipping-acr-code-00 > > > The draft draft-rosenberg-sipping-acr-code-00 specifies that 433 > response would be sent in case the from header carries display name - > anonymous "OR" URI within the domain anonymous.invalid. > > This Does mean it would be rejected with 433 if display name is > anonymous or URI domain anonymous.invalid. > > Sending 433 in case display name is anonymous whereas some > different URI > (other than anonymous.invalid) is not a GOOD idea... > > Probably we can delete the mention the anonymity about display name... > ??? > > Thanks & Regards, > Nataraju A.B. > > -----Original Message----- > From: sipping-bounces@ietf.org [mailto:sipping-bounces@ietf.org] On > Behalf Of Jesske, R > Sent: Friday, January 13, 2006 2:32 PM > To: john.elwell@siemens.com; pkyzivat@cisco.com; jdrosen@cisco.com > Cc: sipping@ietf.org > Subject: AW: [Sipping] Re: Question on > draft-rosenberg-sipping-acr-code-00 > > John, > I showed only how TISPAN handle the ACR service, of course other > solutions are possible at least also for the UA. > So I think that there is no problem also to use it as a generic > solution. > The RFC3323 gives guideline how to anonymise the identity of > the caller. > So you can use the privacy header and the From header to do that. > So from my understanding the privacy header can be sent to the UA so > that there is a indication that privacy was required. > An other possibility is that the URI in the From header is set to > Anonymous. In both cases the call can be rejected with the > new response > code. > Of course as Paul said there are enough holes to bypass such > a mechanism > using other names within the From header. Fore these cases I only see > the possibility to use a barring mechanism (black/white list). > > I think how it is described within draft-rosenberg-sipping-acr-code-00 > fits to the generic approach you are asking for. > > Best Regards > > Roland > > > -----Ursprüngliche Nachricht----- > > Von: Elwell, John [mailto:john.elwell@siemens.com] > > Gesendet: Freitag, 13. Januar 2006 09:04 > > An: Jesske, Roland; pkyzivat@cisco.com; jdrosen@cisco.com > > Cc: sipping@ietf.org > > Betreff: RE: [Sipping] Re: Question on > > draft-rosenberg-sipping-acr-code-00 > > > > > > Roland, > > > > The problem is, I thought the sipping-acr-code draft was > > intended to be > > general purpose, not something that was restricted to use in TISPAN > > networks. Adding something to the main SIP response code > > repertoire means > > that anyone can use it, and we should have procedures that > > explain how it > > should be used in reasonable situations. I think a reasonable > > situation is > > where a UAS receives a request without an identity it can > > trust and where > > that identity has been withheld for privacy reasons. I fail > > to see how I can > > do this at present. > > > > If we want a TISPAN specific solution, let's document it as > > such - I would > > have no problem with that. Otherwise let's make sure we have > > a solution that > > works elsewhere. > > > > John > > > > > -----Original Message----- > > > From: Jesske, R [mailto:R.Jesske@t-com.net] > > > Sent: 13 January 2006 05:56 > > > To: Elwell, John; pkyzivat@cisco.com; jdrosen@cisco.com > > > Cc: sipping@ietf.org > > > Subject: AW: [Sipping] Re: Question on > > > draft-rosenberg-sipping-acr-code-00 > > > > > > John, > > > We have only specified the network based/application server > > > service. In Europe we have to provide this service within our > > > networks. > > > > > > For a end device service this would be the best way to > > > forward the privacy header, so that a UA based ACR can reject > > > the communication. > > > > > > Best Regards > > > > > > Roland > > > > > > > -----Ursprüngliche Nachricht----- > > > > Von: Elwell, John [mailto:john.elwell@siemens.com] > > > > Gesendet: Donnerstag, 12. Januar 2006 21:31 > > > > An: Jesske, Roland; pkyzivat@cisco.com; jdrosen@cisco.com > > > > Cc: sipping@ietf.org > > > > Betreff: RE: [Sipping] Re: Question on > > > > draft-rosenberg-sipping-acr-code-00 > > > > > > > > > > > > Roland, > > > > > > > > Thanks for the clarification. So in TISPAN networks ACR would > > > > apply when PAI > > > > is missing due to privacy reasons. If a UAS receives a > > > > request without PAI, > > > > how does it know whether it is for privacy reasons or not? Is > > > > the Privacy > > > > header forwarded to the UAS? > > > > > > > > John > > > > > > > > > -----Original Message----- > > > > > From: Jesske, R [mailto:R.Jesske@t-com.net] > > > > > Sent: 12 January 2006 12:51 > > > > > To: Elwell, John; pkyzivat@cisco.com; jdrosen@cisco.com > > > > > Cc: sipping@ietf.org > > > > > Subject: AW: [Sipping] Re: Question on > > > > > draft-rosenberg-sipping-acr-code-00 > > > > > > > > > > That what we specified within ETSI is based on the PAI and > > > > > the privacy header. When the user expresses his wish to > > > > > anonymise it's public ID the ACR service will be invoked. > > > > > With regard to the from header there is no triggering for the > > > > > ACR service. > > > > > > > > > > That is the same behaviour as for the equivalent PSTN/ISDN > > > > > service and the regarding requirements from regulation. > > > > > > > > > > It is not the requirement to block calls where a PAI is > > > > > absent due to network reasons like interworking with analogue > > > > > networks. > > > > > > > > > > The idea of an other response code for an untrusted identity > > > > > could be the basis for a new service that is not defined yet. > > > > > But thinkable. > > > > > > > > > > Best Regards > > > > > > > > > > Roland > > > > > > -----Ursprüngliche Nachricht----- > > > > > > Von: Elwell, John [mailto:john.elwell@siemens.com] > > > > > > Gesendet: Donnerstag, 12. Januar 2006 08:49 > > > > > > An: Paul Kyzivat; Jonathan Rosenberg > > > > > > Cc: sipping > > > > > > Betreff: RE: [Sipping] Re: Question on > > > > > > draft-rosenberg-sipping-acr-code-00 > > > > > > > > > > > > > > > > > > The point that Paul makes about putting a fictitious or > > > > > > meaningless caller > > > > > > ID in the From header was what I had in mind when I asked > > > > > my original > > > > > > question. If I get an ACR response I just > substitute a caller > > > > > > ID at will, > > > > > > and if this gets through my own domain then it will also > > > > > > avoid ACR. Without > > > > > > PAI, Identity or AIB, the called domain or UAS has > no way of > > > > > > detecting this. > > > > > > > > > > > > John > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: Paul Kyzivat [mailto:pkyzivat@cisco.com] > > > > > > > Sent: 11 January 2006 22:45 > > > > > > > To: Jonathan Rosenberg > > > > > > > Cc: Elwell, John; sipping > > > > > > > Subject: Re: [Sipping] Re: Question on > > > > > > > draft-rosenberg-sipping-acr-code-00 > > > > > > > > > > > > > > > > > > > > > > > > > > > > Jonathan Rosenberg wrote: > > > > > > > > This is an old mail, my apologies for the really > > long time > > > > > > > to respond. > > > > > > > > This draft has started to get some attention > > again recently. > > > > > > > > > > > > > > > > John raises an interesting point. This basic > question has > > > > > > > been discussed > > > > > > > > almost endlessly in the SIMPLE/GEOPRIV groups as > > well. The > > > > > > > issue there > > > > > > > > was that the common policy/presence policy > specs have had > > > > > > > fields that > > > > > > > > define an "anonymous" condition, and we've > > debated whether > > > > > > > > unauthenticated counts as anonymous. > > > > > > > > > > > > > > > > Unfortunately this never really concluded; we just got > > > > > rid of the > > > > > > > > anonymous condition :( > > > > > > > > > > > > > > > > In this particular case, I don't think it helps > to count > > > > > > > unauthenticated > > > > > > > > as anonymous. The reason is, the whole point of the > > > > > > > resposne code is > > > > > > > > that the caller can do something different in an > > attemtp to > > > > > > > get the call > > > > > > > > through. In this case, the caller has not actually > > > > TRIED to be > > > > > > > > anonymous; its just that their service provider didn't > > > > > do PAID or > > > > > > > > sip-identity. So, if the call is rejected as > > anonymous, the > > > > > > > caller will > > > > > > > > be surprised, since it wasn't anonymous as far as > > they were > > > > > > > concerned, > > > > > > > > and there is nothing they can do about it to > make it not > > > > > > anonymous. > > > > > > > > > > > > > > The problem is that there is no good way to tell the > > > > > > > difference between > > > > > > > blocked and unavailable. When using Privacy, the Privacy > > > > > header is > > > > > > > removed before the request gets to the UAS. > > > > > > > > > > > > > > While responding to this I noticed something missing from > > > > > > > draft-rosenberg-sipping-acr-code-00: it does not specify > > > > > > > proxy behavior. > > > > > > > This is significant because it is possible for the ACR > > > > > > feature to be > > > > > > > carried out by a proxy acting on behalf of the callee. > > > > > > > > > > > > > > If that is happening, and the proxy is in the same trust > > > > > > > domain with the > > > > > > > caller, then the situation is a *little* > different, because > > > > > > > it can see > > > > > > > the Privacy header. So some blocked cases are > > > > > distinguishable from > > > > > > > unavailable cases. But that is still only a limited set, > > > > > > because the > > > > > > > caller could be in a different trust domain. So again, > > > > it becomes > > > > > > > necessary to fall back to reading the tea leaves to > > > > > decide between > > > > > > > blocked and unavailable. (Looking for Anonymous in the > > > > > From header.) > > > > > > > > > > > > > > Note that looking at From isn't reliable either. > If I don't > > > > > > > want to be > > > > > > > blocked by ACR, I can just set my Privacy:id and set > > > my From to > > > > > > > something like: From: nobody > > > > > <sip:nobody@nowhere.invalid>. Then the > > > > > > > callee will treat me as having an unavailable > > address and let > > > > > > > the call > > > > > > > through. > > > > > > > > > > > > > > I think the fundamental problem here is that > > > > > distinguishing between > > > > > > > unavailable and blocked can only work when all > callers and > > > > > > > callees are > > > > > > > linked to a single trust domain. > > > > > > > > > > > > > > Paul > > > > > > > > > > > > > > > > > > > > > > So, I'd suggest that we not include > > unauthenticated in the > > > > > > > list of cases. > > > > > > > > > > > > > > > > -Jonathan R. > > > > > > > > > > > > > > > > Elwell, John wrote: > > > > > > > > > > > > > > > >> What if a UAS receives a request containing an > > > > unauthenticated > > > > > > > >> identity in the From header? If the UAS or user is not > > > > > > prepared to > > > > > > > >> trust the unauthenticated identity, the source of the > > > > > request is > > > > > > > >> basically anonymous. Is the new response code > > intended for > > > > > > > use in this > > > > > > > >> situation? > > > > > > > >> > > > > > > > >> John > > > > > > > >> > > > > > > > >> > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > Sipping mailing list > > > > https://www1.ietf.org/mailman/listinfo/sipping > > > > > > This list is for NEW development of the application of SIP > > > > > > Use sip-implementors@cs.columbia.edu for questions on > > > current sip > > > > > > Use sip@ietf.org for new developments of core SIP > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping > This list is for NEW development of the application of SIP > Use sip-implementors@cs.columbia.edu for questions on current sip > Use sip@ietf.org for new developments of core SIP > _______________________________________________ Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping This list is for NEW development of the application of SIP Use sip-implementors@cs.columbia.edu for questions on current sip Use sip@ietf.org for new developments of core SIP
- AW: [Sipping] Re: Question on draft-rosenberg-sip… Jesske, R
- Re: AW: [Sipping] Re: Question on draft-rosenberg… Paul Kyzivat
- AW: [Sipping] Re: Question on draft-rosenberg-sip… Jesske, R
- AW: [Sipping] Re: Question on draft-rosenberg-sip… Jesske, R
- Re: AW: [Sipping] Re: Question on draft-rosenberg… Paul Kyzivat
- RE: [Sipping] Re: Question on draft-rosenberg-sip… Nataraju A B
- AW: [Sipping] Re: Question on draft-rosenberg-sip… Jesske, R
- RE: [Sipping] Re: Question on draft-rosenberg-sip… Nataraju A B
- Re: [Sipping] Re: Question on draft-rosenberg-sip… Jonathan Rosenberg
- Re: AW: [Sipping] Re: Question on draft-rosenberg… Jonathan Rosenberg
- RE: [Sipping] Re: Question on draft-rosenberg-sip… Nataraju A B
- Re: [Sipping] Re: Question on draft-rosenberg-sip… Dean Willis