IETF Logo Mail Archive

AW: [spitstop] [Sipping] RE: leaving it to the user (topic; SPIT)

"Tschofenig, Hannes" <hannes.tschofenig@nsn.com> Tue, 26 June 2007 11:46 UTC

Return-path: <sipping-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I39VR-0002W5-UA; Tue, 26 Jun 2007 07:46:49 -0400
Received: from sipping by megatron.ietf.org with local (Exim 4.43) id 1I39VQ-0002Vz-DT for sipping-confirm+ok@megatron.ietf.org; Tue, 26 Jun 2007 07:46:48 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I39VQ-0002Vr-1W for sipping@ietf.org; Tue, 26 Jun 2007 07:46:48 -0400
Received: from lizzard.sbs.de ([194.138.37.39]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1I39VP-0005qY-5X for sipping@ietf.org; Tue, 26 Jun 2007 07:46:47 -0400
Received: from mail2.sbs.de (localhost [127.0.0.1]) by lizzard.sbs.de (8.12.6/8.12.6) with ESMTP id l5QBkLpH017411; Tue, 26 Jun 2007 13:46:21 +0200
Received: from fthw9xoa.ww002.siemens.net (fthw9xoa.ww002.siemens.net [157.163.133.201]) by mail2.sbs.de (8.12.6/8.12.6) with ESMTP id l5QBkJJl002671; Tue, 26 Jun 2007 13:46:21 +0200
Received: from MCHP7IDA.ww002.siemens.net ([139.25.131.144]) by fthw9xoa.ww002.siemens.net with Microsoft SMTPSVC(6.0.3790.1830); Tue, 26 Jun 2007 13:46:20 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: AW: [spitstop] [Sipping] RE: leaving it to the user (topic; SPIT)
Date: Tue, 26 Jun 2007 13:45:54 +0200
Message-ID: <0D22E3C1A7D7A843B12BF8C6F0A40758021EC498@MCHP7IDA.ww002.siemens.net>
In-Reply-To: <113091BD57179D4491C19DA7E10CD6960150ECAE@mx1.office>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [spitstop] [Sipping] RE: leaving it to the user (topic; SPIT)
Thread-Index: Ace1tAZuDdIxpAVHTUm5bI2/LtxHVgCMDsQgAABJwZA=
From: "Tschofenig, Hannes" <hannes.tschofenig@nsn.com>
To: Saverio Niccolini <Saverio.Niccolini@netlab.nec.de>, Signaling TO Prevent SPIT <spitstop@listserv.netlab.nec.de>
X-OriginalArrivalTime: 26 Jun 2007 11:46:20.0040 (UTC) FILETIME=[9CDCE880:01C7B7E7]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 3f2cf88677bfbdeff30feb2c80e2257d
Cc: SIPPING LIST <sipping@ietf.org>
X-BeenThere: sipping@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SIPPING Working Group \(applications of SIP\)" <sipping.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sipping@ietf.org>
List-Help: <mailto:sipping-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
Errors-To: sipping-bounces@ietf.org

Hi Saverio, 

> 
> Hi all,
>   
> > * leave it to the user whether he wants to get something 
> > filtered or treated differently, but
> 
> I think we all agree on this point and this is also what makes the
> solution legally-compliant:
> the user is anyway in control and the operator/provider just offer
> a set of functionality to the user, either the users wants to
> use themor it leaves to the operator/provider to make decision
> on his/her behalf, but an agreement has to be in place
Sounds good to me. 

> 
> > * you might want to make information available to the VoIP 
> > providers network to allow some of these statistical methods 
> > to produce intelligent decisions and you might want to 
> > execute the enforcement at the VoIP provider rather than at 
> > the end host.
> 
> this is a completely different point, and I think info exchange
> between provider is important.

I also agree that this is a somewhat different story. 

 As Hannes said maybe not so important
> to be standardized first, anyway this info exchange is exactly what is
> detailed in our "scenarios" draft (see interface 'b'):
> http://tools.ietf.org/id/draft-niccolini-sipping-spitstop-00.txt

I have read it. I don't agree that it is only interface 'b' but the interface language is maybe confusing as such. 
For example, a receiving side wants to return information about the fact that a call or message was SPIT. 
Then, there is the question whether this information is only made available to his/her outbound proxy (his/her VoIP provider) or all the way towards the other end (mostly useful for debugging purpose; needs to be analysed whether an adversary could make use of it somehow).

Ciao
Hannes

> Cheers,
> Saverio
> 
> > 
> > Ciao
> > Hannes
> > 
> > 
> > Saverio Niccolini wrote:
> > > Dear Joachim,
> > >
> > > I agree with the argument to see many calls in order to decide.
> > >
> > > Anyway, legally speaking there is also the opposite 
> > argument why you 
> > > should actually leave it to the user:
> > > -- if you suppress communications before they reach the end 
> > user you 
> > > may have legal troubles (at least in Germany I know about 
> > this kind of 
> > > law on suppression of communication), the user needs to 
> > give explicit 
> > > consent to suppress communications on his behalf.
> > >
> > > Thus, the evaluation is indeed to be done in the network 
> while the 
> > > final decision has to be on the user if he did not agree to 
> > have the 
> > > communication directed to him suppressed by the operator.
> > >
> > > Note that the user can also configure the terminal to suppress 
> > > communication without the phone to ring (if the sapm level 
> > estimated 
> > > by your operator is too high for you to accept the call).
> > >
> > > For this and similar topics we have been working on the 
> draft about 
> > > signaling interfaces (to share the estimation done in the 
> > network with 
> > > the terminal, like X-spam level in email spam), see:
> > > http://tools.ietf.org/id/draft-niccolini-sipping-spitstop-00.txt
> > >
> > > Cheers,
> > > Saverio
> > >
> > > ============================================================
> > > Dr. Saverio Niccolini
> > > Senior Research Staff Member
> > > Network Laboratories, NEC Europe Ltd.
> > > Kurfuerstenanlage 36, D-69115 Heidelberg
> > > Tel.     +49 (0)6221 4342-118
> > > Fax:     +49 (0)6221 4342-155
> > > e-mail:  saverio.niccolini@netlab.nec.de 
> > > ============================================================
> > > NEC Europe Limited Registered Office: NEC House, 1 Victoria Road, 
> > > London W3 6BL Registered in England 2832014
> > >  
> > >  
> > > -----Original Message-----
> > > From: Charzinski, Joachim [mailto:joachim.charzinski@nsn.com]
> > > Sent: Monday, June 18, 2007 10:16 AM
> > > To: Tschofenig, Hannes; SIPPING LIST
> > > Cc: spitstop@listserv.netlab.nec.de
> > > Subject: [Sipping] RE: leaving it to the user (topic; SPIT)
> > >
> > > there are two more arguments for not "leaving it to the user":
> > >
> > > 1. legal: In current telephone regulation, callers have a 
> > >    right to have their ID hidden from the callee. 
> > >    Current implementations transport the ID up to the last 
> > >    (soft) switch etc and then anonymize the caller. That is, 
> > >    a function in the network can but an end user device cannot 
> > >    include caller ID (and what else do you really have in the 
> > >    INVITE message) in evaluating spit probabilities. 
> > > 2. statistical: A function in the network sees many more calls -  
> > >    also by the same caller - than a function in an end user 
> > >    device. For statistical evaluations, you need a LOT of calls 
> > >    as a basis. 
> > >
> > > Best regards
> > >
> > > 	Joachim.
> > >
> > >   
> > >> -----Original Message-----
> > >> From: ext Tschofenig, Hannes [mailto:hannes.tschofenig@nsn.com]
> > >> Sent: Monday, June 18, 2007 9:27 AM
> > >> To: SIPPING LIST
> > >> Subject: [Sipping] WG: leaving it to the user (topic; SPIT)
> > >>
> > >> Here is a forward of a review sent to us. 
> > >>
> > >> -----Ursprüngliche Nachricht-----
> > >> Von: Albert Caruana
> > >> Gesendet: Freitag, 15. Juni 2007 17:33
> > >> An: Tschofenig, Hannes; hgs+ecrit@cs.columbia.edu; 
> > dwing@cisco.com; 
> > >> jdrosen@cisco.com; david.schwartz@kayote.com
> > >> Cc: internet-drafts@ietf.org
> > >> Betreff: leaving it to the user
> > >>
> > >> Hi
> > >>
> > >> I am very interested in security issues of emerging technologies.
> > >>
> > >> This is my personal opinion.
> > >>
> > >> I am both very pleased and somewhat dismayed reading the 
> > draft IETF 
> > >> document.
> > >>
> > >> The framweork proposed is great. The current statements 
> to at best 
> > >> help the user to make the decision as to what to refuse as 
> > SPIT and 
> > >> what to accept I find are decisions being taken without 
> > considering 
> > >> the user. Your mileage may vary.
> > >> One phrase which i find smacks of choosing the path of least 
> > >> resistance is:
> > >> "For example, it is mandatory to pass full control of SPIT 
> > filtering 
> > >> to the end user, as this minimises legal problems".
> > >>
> > >> The legalproblems may need to be ironed out in other 
> e.g. ITU and 
> > >> ETSI task forces but should not be a hindrance to creating 
> > mechanisms 
> > >> properly preventing criminal abuse of computer systems 
> such as the 
> > >> acts of generating spit and spam.
> > >>
> > >> Users i know are furious over the need to set up spam 
> > filters e.g. in 
> > >> outlook client when e.g. gmail shows it can be done at incoming 
> > >> server level.
> > >> Even better would be egress capture of spam at the source 
> > instead of 
> > >> at the target server, relieving the internet of spam load 
> > before it 
> > >> happens.
> > >>
> > >> In my opinion, while a voip phone looks like a phone, 
> the user is 
> > >> usually not in a position to understand the legal or technical 
> > >> differences between voip and PSTN/POTS technology.
> > >>
> > >> Leaving decisions up to the user is like assigning the 
> > responsibility 
> > >> for correct functioning of the suspension, braking and 
> > fuel injection 
> > >> system of a car to the driver instead of to the engineer 
> > tuning the 
> > >> car.
> > >> I do not know whether you could drive one of the first 
> automobiles 
> > >> where the driver had to adjust the timing so that the 
> engine would 
> > >> run smoothly at start, later when running - and 
> > differently for slow 
> > >> revs and for high revs... Even Formula 1 drivers are backed by a 
> > >> whole team of engineers and radio-diagnosis and control tools in 
> > >> order to do such work on the fly.
> > >>
> > >> I would thus like to recommend that you incorporate such 
> > preventive 
> > >> medicinal thinking into the excellent framework being 
> proposed and 
> > >> which you have submitted, with a view to relieving the 
> > >> ever-increasing numbers of non-technical users of voip  from the 
> > >> responsibility of deciding what is the correct level of spit 
> > >> filtering they should tolerate - and with the aim of 
> > preventing spit 
> > >> at source and ensuring audit trails are created which enable the 
> > >> perpetrators to be located and punished under no matter 
> > what legal system is in place anywhere.
> > >>
> > >> regards
> > >> Albert Caruana
> > >>
> > >>
> > >> _______________________________________________
> > >> Sipping mailing list  
> > https://www1.ietf.org/mailman/listinfo/sipping
> > >> This list is for NEW development of the application of SIP Use 
> > >> sip-implementors@cs.columbia.edu for questions on 
> current sip Use 
> > >> sip@ietf.org for new developments of core SIP
> > >>
> > >>     
> > > ----------------------------------------------------------
> > > Nokia Siemens Networks
> > > Joachim Charzinski
> > > Principal Innovator
> > > Machtlfinger Str. 1
> > > D-81379 Muenchen
> > > Germany
> > > Tel: +49 89 722 46803
> > > Joachim.Charzinski@nsn.com
> > > http://www.nokiasiemensnetworks.com/global/
> > >
> > > Think before you print
> > >
> > > Nokia Siemens Networks GmbH & Co. KG - Sitz der 
> > Gesellschaft: München 
> > > / Registered office: Munich - Registergericht: München / 
> Commercial 
> > > registry: Munich, HRA 88537 - WEEE-Reg.-Nr.: DE 52984304 - 
> > Persönlich 
> > > haftende Gesellschafterin / General Partner: Nokia 
> Siemens Networks 
> > > Management GmbH - Geschäftsleitung / Board of Directors: Joachim 
> > > Malterer, Lydia Sommer - Sitz der Gesellschaft: München / 
> > Registered 
> > > office: Munich - Registergericht: München / Commercial registry: 
> > > Munich, HRB 163416
> > >
> > >
> > > _______________________________________________
> > > Sipping mailing list  
> https://www1.ietf.org/mailman/listinfo/sipping
> > > This list is for NEW development of the application of SIP Use 
> > > sip-implementors@cs.columbia.edu for questions on current sip Use 
> > > sip@ietf.org for new developments of core SIP 
> > > _______________________________________________
> > > spitstop mailing list
> > > spitstop@listserv.netlab.nec.de
> > > https://listserv.netlab.nec.de/mailman/listinfo/spitstop
> > >   
> > 
> > _______________________________________________
> > spitstop mailing list
> > spitstop@listserv.netlab.nec.de
> > https://listserv.netlab.nec.de/mailman/listinfo/spitstop
> > 
> 
> ============================================================
> Dr. Saverio Niccolini
> Senior Research Staff Member
> Network Laboratories, NEC Europe Ltd.
> Kurfuerstenanlage 36, D-69115 Heidelberg
> Tel.     +49 (0)6221 4342-118
> Fax:     +49 (0)6221 4342-155
> e-mail:  saverio.niccolini@netlab.nec.de
> ============================================================
> NEC Europe Limited Registered Office: NEC House, 1 Victoria
> Road, London W3 6BL Registered in England 2832014
>  
> 


_______________________________________________
Sipping mailing list  https://www1.ietf.org/mailman/listinfo/sipping
This list is for NEW development of the application of SIP
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sip@ietf.org for new developments of core SIP

v2.23.0 | Report a Bug | By Email