RE: [Sipping] comments on draft-wing-sipping-spam-score-00
"Dan Wing" <dwing@cisco.com> Tue, 04 December 2007 17:53 UTC
Return-path: <sipping-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Izbxk-0003RN-20; Tue, 04 Dec 2007 12:53:40 -0500
Received: from sipping by megatron.ietf.org with local (Exim 4.43) id 1Izbxi-0003Qx-Ai for sipping-confirm+ok@megatron.ietf.org; Tue, 04 Dec 2007 12:53:38 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Izbxi-0003Qn-14 for sipping@ietf.org; Tue, 04 Dec 2007 12:53:38 -0500
Received: from sj-iport-5.cisco.com ([171.68.10.87]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Izbxg-0003Z2-Ed for sipping@ietf.org; Tue, 04 Dec 2007 12:53:38 -0500
Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-5.cisco.com with ESMTP; 04 Dec 2007 09:53:35 -0800
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id lB4HrZEg030035; Tue, 4 Dec 2007 09:53:35 -0800
Received: from dwingwxp01 (sjc-vpn6-1855.cisco.com [10.21.127.63]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id lB4HrZ75025567; Tue, 4 Dec 2007 17:53:35 GMT
From: Dan Wing <dwing@cisco.com>
To: 'Henning Schulzrinne' <hgs@cs.columbia.edu>, 'Jonathan Rosenberg' <jdrosen@cisco.com>
References: <47556743.5050604@cisco.com> <BC2EF934-BE70-4476-9ACB-B96776B018B0@cs.columbia.edu>
Subject: RE: [Sipping] comments on draft-wing-sipping-spam-score-00
Date: Tue, 04 Dec 2007 09:53:35 -0800
Message-ID: <15ec01c8369e$97d301e0$4e76150a@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
Thread-Index: Acg2jDv/us6X4QQTTJq1cmVF6bHkQQAEYRrQ
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
In-Reply-To: <BC2EF934-BE70-4476-9ACB-B96776B018B0@cs.columbia.edu>
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=3310; t=1196790815; x=1197654815; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@cisco.com; z=From:=20=22Dan=20Wing=22=20<dwing@cisco.com> |Subject:=20RE=3A=20[Sipping]=20comments=20on=20draft-wing-sipping-spam-s core-00 |Sender:=20; bh=pOW/M0HIdKYEqDJ9BBtMFAEYQI2iNcAXqDTia92GvXM=; b=DayQgnRyMayuleD1nBryNKft4+2/vIY/sMsgJE6tDuIFs+MrPChC//YHVgwn9NhKYaaMlll5 vrNi6KjU+VdXJNHU2rjeHVtYFaNsuI21HJwilYdTA0MP0adUsCfWpV1T5pc+75fOXGOR5shHb+ 9EKd8sBC6GIh2s+LjCDt+nxgc=;
Authentication-Results: sj-dkim-1; header.From=dwing@cisco.com; dkim=pass (s ig from cisco.com/sjdkim1004 verified; );
X-Spam-Score: -4.0 (----)
X-Scan-Signature: b280b4db656c3ca28dd62e5e0b03daa8
Cc: 'IETF Sipping List' <sipping@ietf.org>
X-BeenThere: sipping@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SIPPING Working Group \(applications of SIP\)" <sipping.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sipping@ietf.org>
List-Help: <mailto:sipping-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
Errors-To: sipping-bounces@ietf.org
> -----Original Message----- > From: Henning Schulzrinne [mailto:hgs@cs.columbia.edu] > Sent: Tuesday, December 04, 2007 7:41 AM > To: Jonathan Rosenberg > Cc: IETF Sipping List > Subject: Re: [Sipping] comments on draft-wing-sipping-spam-score-00 > > The mechanism proposed has reasonable precedent in email, > with various > X-Spam-Score style headers inserted by the local mailserver. The > problem in email is that every spam filter seems to have picked some > other X- convention or re-use the same header with different > formats. > I don't think that's an experience that we want to repeat. > > For example, your message arrived in my inbox with > X-Spam-Score: -3 () CU_OK_LISTUNSUB RBL_DNSWL_127.0.9.3 Yes, and my SpamAssassin uses a different syntax, as does my employer's IronPort system. The intent of this draft is to avoid this same diversity in SIP. That is, to create a standard for this scoring rather than having every product invent its own proprietary indicator and having every SIP proxy and SIP UA have to support a bunch of those different proprietary indicators. > On Dec 4, 2007, at 9:42 AM, Jonathan Rosenberg wrote: > > > I think a key part of this is that you need to have a trust > > relationship with the sender of the score, otherwise its > useless. As > > with any trust relationship, it requires authentication to > make sure > > the guy you are talking to is the one you trust. This typically > > implies mutual TLS authentication between domains. It also means > > that you can't have more than one spam score at a time - just the > > one from the previous hop domain. So how would you > authenticate and > > authorize the sources farther away, as this draft proposes? > > Clearly, authentication would work (e.g., in the SIP Connect style), > but the simpler approach taken today by email also works: The > inbound > proxy deletes all such headers and the UA has a trust relationship > with its proxy. That is one viable approach. > This does not work if the originating domain > computes > the scores; there, you'd need a trust relationship. > > This seems pretty similar to PAI. > > The limitations of this approach need to be clearly > documented in the draft. Agreed, and I know it is not described in the draft right now. > > It seems that, unless there is a standardized range and meaning of > > values it will be hard to take any action based on this value. I don't see any way to create a standard for what "80% likelyhood of spam" could possibly mean, other than it is more likely to be spam than another request that was scored with a lower value. > This isn't true today for email spam scores, but it is still useful, > given that the tests performed by one's inbound proxy tend not to > change a whole lot over time. Spam Assassin inserts similar tokens > into inbound email and it is then up to the scripts in the > email "UA" to decide whether, for example, Chinese characters > are a sign of spam or not. In that case, the UA is building its own score based on that additional detailed information. The draft currently allows such detailed information to be conveyed to the UA so the UA can do that. -d _______________________________________________ Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping This list is for NEW development of the application of SIP Use sip-implementors@cs.columbia.edu for questions on current sip Use sip@ietf.org for new developments of core SIP
- [Sipping] comments on draft-wing-sipping-spam-sco… Jonathan Rosenberg
- RE: [Sipping] comments on draft-wing-sipping-spam… Saverio Niccolini
- Re: [Sipping] comments on draft-wing-sipping-spam… Henning Schulzrinne
- Re: [Sipping] comments on draft-wing-sipping-spam… Hannes Tschofenig
- RE: [Sipping] comments on draft-wing-sipping-spam… Dan Wing