IETF Logo Mail Archive

Re: [Sipping] Pushing Policies towards the Sender's Domain

Hannes Tschofenig <Hannes.Tschofenig@gmx.net> Sat, 23 June 2007 16:54 UTC

Return-path: <sipping-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I28s6-0004or-Bp; Sat, 23 Jun 2007 12:54:02 -0400
Received: from sipping by megatron.ietf.org with local (Exim 4.43) id 1I28s4-0004od-SN for sipping-confirm+ok@megatron.ietf.org; Sat, 23 Jun 2007 12:54:00 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I28s4-0004oV-Ii for sipping@ietf.org; Sat, 23 Jun 2007 12:54:00 -0400
Received: from mail.gmx.net ([213.165.64.20]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1I28s1-0002dd-15 for sipping@ietf.org; Sat, 23 Jun 2007 12:54:00 -0400
Received: (qmail invoked by alias); 23 Jun 2007 16:53:55 -0000
Received: from p54984EE0.dip.t-dialin.net (EHLO [192.168.1.3]) [84.152.78.224] by mail.gmx.net (mp039) with SMTP; 23 Jun 2007 18:53:55 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1+OdX59noSOJVwjP3JbALg7UWVuE5ZuihSGU9dOHo oClRynk9QSWaRy
Message-ID: <467D5023.5020200@gmx.net>
Date: Sat, 23 Jun 2007 18:53:55 +0200
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
User-Agent: Thunderbird 2.0.0.4 (Windows/20070604)
MIME-Version: 1.0
To: Saverio Niccolini <Saverio.Niccolini@netlab.nec.de>
Subject: Re: [Sipping] Pushing Policies towards the Sender's Domain
References: <4673EDB6.3000601@gmx.net> <3B73AC67F37851635A180591@Gaja-Quitteks-Computer-2.local> <113091BD57179D4491C19DA7E10CD6960150E443@mx1.office>
In-Reply-To: <113091BD57179D4491C19DA7E10CD6960150E443@mx1.office>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0770535483960d190d4a0d020e7060bd
Cc: SIPPING LIST <sipping@ietf.org>, spitstop@listserv.netlab.nec.de, Juergen Quittek <Quittek@netlab.nec.de>
X-BeenThere: sipping@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SIPPING Working Group \(applications of SIP\)" <sipping.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sipping@ietf.org>
List-Help: <mailto:sipping-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
Errors-To: sipping-bounces@ietf.org

Hi Saverio,

Saverio Niccolini wrote:
> Hi Hannes,
>
> to add on what Juergen said, what we adressed in our SPITSTOP
> draft was not meant to cover only the authorization policies
> as you are saying, the authorization policies are just a special case
> of the possible communications between domains, others are;
> -- info related to SPIT estimations
>   

Have you looked at the following document 
http://www.tschofenig.priv.at/drafts/draft-schwartz-sipping-spit-saml-00.txt
Is this close to the mechanisms you have in mind?
(ignore the encoding in a SAML assertion for a moment)
> -- messages explaining to the sender domain why the message was blocked
>   
If you are talking about ordinary SIP mechanisms then that is fine for 
me. This might help the sender
Is this your intention or to share blacklists between the two domains?
> I clearly see these two points having priority over the authorization
> polices when it comes to pushing info towards the sender domain.
>   
In some sense this is quite similar to "authorization" policies. The 
difference is, however, whether you do the interaction based on 
individual calls or on an aggregate

Ciao
Hannes

> Cheers,
> Saverio
>
> ============================================================
> Dr. Saverio Niccolini
> Senior Research Staff Member
> Network Laboratories, NEC Europe Ltd.
> Kurfuerstenanlage 36, D-69115 Heidelberg
> Tel.     +49 (0)6221 4342-118
> Fax:     +49 (0)6221 4342-155
> e-mail:  saverio.niccolini@netlab.nec.de
> ============================================================
> NEC Europe Limited Registered Office: NEC House, 1 Victoria
> Road, London W3 6BL Registered in England 2832014
>  
>   
>
>   
>> -----Original Message-----
>> From: Juergen Quittek [mailto:quittek@netlab.nec.de] 
>> Sent: Sunday, June 17, 2007 2:30 PM
>> To: Hannes Tschofenig; SIPPING LIST
>> Subject: Re: [Sipping] Pushing Policies towards the Sender's Domain
>>
>> Hi Hannes,
>>
>> I fully agree, that pushing policies between domains should 
>> get low priority at this point in time in the context of 
>> standards required for SPIT prevention.  This is why we did 
>> not cover it in draft-niccolini-sipping-spitstop and just 
>> made the note that you cited below pointing to 
>> draft-froment-sipping-spit-authz-policies
>> where it seemed that this was included.
>>
>> It is good that you replaced 
>> draft-froment-sipping-spit-authz-policies with 
>> draft-froment-sipping-spit-requirements that only focuses on 
>> requirements.
>>
>> Thanks,
>>
>>     Juergen
>>
>>
>> --On 16.06.07 16:03 +0200 Hannes Tschofenig wrote:
>>
>>     
>>> Hi all,
>>>
>>> when reading through the documents I came across the following 
>>> statement in <draft-niccolini-sipping-spitstop-00.txt>:
>>>
>>> "
>>>    Please note that the described reference scenario does 
>>>       
>> not addresses
>>     
>>>    management interfaces to entities involved in SPIT prevention.  A
>>>    first approach to this issue has been made is described in
>>>    [I-D.froment-sipping-spit-authz-policies].
>>> "
>>>
>>> it seems that some parts of
>>> <draft-froment-sipping-spit-authz-policies-02.txt> got 
>>>       
>> misunderstood.
>>     
>>> There are some text paragraphs in
>>> <draft-froment-sipping-spit-authz-policies-02.txt> that envisioned 
>>> that the authorization policies are distributed to other 
>>>       
>> domains, and 
>>     
>>> in particular towards the sender's domain. There is obviously the 
>>> question what you would but in these policy documents, when to 
>>> distribute them and whether there are potential privacy 
>>>       
>> problems with that approach.
>>     
>>> This is an interesting technical issue BUT I would put it on my 
>>> priority list for work that has to be done in the SPIT prevention 
>>> space to the end of the queue. This lead us actually to 
>>>       
>> create a new 
>>     
>>> document (see
>>> http://fon.gs/spit-requirements)  that focuses purely on 
>>>       
>> requirements 
>>     
>>> for authorization policies that are not distributed between domains.
>>>
>>> I wonder what other people think about pushing policies towards the 
>>> sender's domain.
>>>
>>> Ciao
>>> Hannes
>>>
>>>
>>> _______________________________________________
>>> Sipping mailing list  https://www1.ietf.org/mailman/listinfo/sipping
>>> This list is for NEW development of the application of SIP Use 
>>> sip-implementors@cs.columbia.edu for questions on current sip Use 
>>> sip@ietf.org for new developments of core SIP
>>>       
>>
>> -- 
>> Juergen Quittek        quittek@netlab.nec.de       Tel: +49 
>> 6221 4342-115
>> NEC Europe Limited,    Network Laboratories        Fax: +49 
>> 6221 4342-155
>> Kurfuersten-Anlage 36, 69115 Heidelberg, Germany   
>> http://www.netlab.nec.de
>> Registered Office: NEC House, 1 Victoria Road, London W3 6BL, 
>> UK Registered in England 2832014
>>
>>
>> _______________________________________________
>> Sipping mailing list  https://www1.ietf.org/mailman/listinfo/sipping
>> This list is for NEW development of the application of SIP 
>> Use sip-implementors@cs.columbia.edu for questions on current 
>> sip Use sip@ietf.org for new developments of core SIP
>>
>>     



_______________________________________________
Sipping mailing list  https://www1.ietf.org/mailman/listinfo/sipping
This list is for NEW development of the application of SIP
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sip@ietf.org for new developments of core SIP

v2.23.0 | Report a Bug | By Email