IETF Logo Mail Archive

Re: [stir] sipcore Digest, Vol 158, Issue 1

Paul Kyzivat <pkyzivat@alum.mit.edu> Wed, 27 July 2022 16:41 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E4E2C13C52B; Wed, 27 Jul 2022 09:41:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iPRePoQxUYUw; Wed, 27 Jul 2022 09:41:13 -0700 (PDT)
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2087.outbound.protection.outlook.com [40.107.94.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 294DEC14F6E7; Wed, 27 Jul 2022 09:41:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UsNBjDZmLWJbSnxXgH94tWgH4whcaC8anJr+N7GL3gjdWsFjqV8s2xz3CK6u5mEvSj2ecOUr/Fanj7HPYcxpUj7Eo7Skt9lGOq015aH7j6Fx7R9b+YKA3ItMWPCpCww9dOYLPXRrtAWG1MgmLL9nbtLHuj283ith7SYugGVYLwO7cGTQmqhMv4OO9RQ9Ti31/0Ul9qySgpqpGjbyQO7qC/2MSXCc61Gm1SqDCKOm+rDq0D/jeqcYevo4uLh4yX9IUCL9l4LHWne9v8lF8+JvpmIq3n74L1mHyS9OGzM/e76cv7xmGui3cWLyy3V2RVIO2KBn44vnCNmHQpjoe0+ByQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XNfUGoZ2AjO71GRn1r7MPEK3nMMaspmO6aw7thlcrPw=; b=IzhBLKdpm3Sc+sB1HKwwfevDy+E1b7W9VMRf2FLyvtMwZmUvmnJEH63eID3frtGrlXipMSmShBjN3OslrGozsS9l/ejD657lKcwQKkQZ03mv7ZjarBJyP22cNXpxYHv084bIPTDr1gNqddfOKwFGKnXLHIfBF1XgyXRmUj8GqIFTRcH0iDOG+y0x27QdAnLNg0I5U1SjnDkBHn+YmcELSodgo7bkPg4Xnc8zrxHHHyGvJCGlJGKzUPe9fv14Str86i/z1Dy86OOD2ZRB+6oGLfZx5C9rHQMUENXR41jym+ecK6oWmGpMOy829+/l3Vz6OyVMd575CpAbpB7s1Xxi7A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=ietf.org smtp.mailfrom=alum.mit.edu; dmarc=pass (p=none sp=none pct=100) action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XNfUGoZ2AjO71GRn1r7MPEK3nMMaspmO6aw7thlcrPw=; b=SJLX+S9uAj7VCs14J2aXl0kyfvBGQVedbCvgQr0doH4VNDqIlMi7822rPK/eVJf+QOltcLtw52IZ1v+eAir//VqXr7WVu6u7DoijlvXbxkljM+GVeBTtExIaLe5e/Zovb85FdPXz1dN/xTpfukkrI/0Qu6gg6swJOS1Z+rNt2Gk=
Received: from DS7PR03CA0344.namprd03.prod.outlook.com (2603:10b6:8:55::28) by DM4PR12MB5940.namprd12.prod.outlook.com (2603:10b6:8:6b::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5458.24; Wed, 27 Jul 2022 16:41:10 +0000
Received: from DM3NAM02FT019.eop-nam02.prod.protection.outlook.com (2603:10b6:8:55:cafe::a) by DS7PR03CA0344.outlook.office365.com (2603:10b6:8:55::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5458.19 via Frontend Transport; Wed, 27 Jul 2022 16:41:10 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=alum.mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu; pr=C
Received: from outgoing-alum.mit.edu (18.7.68.33) by DM3NAM02FT019.mail.protection.outlook.com (10.13.4.191) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5482.10 via Frontend Transport; Wed, 27 Jul 2022 16:41:10 +0000
Received: from [192.168.1.52] (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id 26RGf71J002330 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Wed, 27 Jul 2022 12:41:08 -0400
Message-ID: <e74caf42-b5cb-a473-f4f5-12c1129f4437@alum.mit.edu>
Date: Wed, 27 Jul 2022 12:41:07 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.11.0
Content-Language: en-US
To: pierce@numeracle.com
References: <mailman.125.1658862003.55613.sipcore@ietf.org> <017401d8a1c4$402a5e10$c07f1a30$@numeracle.com>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Cc: sipcore@ietf.org, stir@ietf.org
In-Reply-To: <017401d8a1c4$402a5e10$c07f1a30$@numeracle.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 0d40030d-4f09-4dbb-2dda-08da6feecfee
X-MS-TrafficTypeDiagnostic: DM4PR12MB5940:EE_
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 15Hu3l5HcSad5URgbg9BVzPrI8A/C0YfDAKffHZc+f5A3C9Sr4S9A/i86mnWG+/6gofupn9HBbunagKNmoJcKBlPKfMN0jGT+m/xDDVMOkFD+ZWXpf4IEo22fpo4zA1JzR04h0jdn+ihdN6qiWrcSLul529DmsTyOgJKY500TK3qvymJJ+19H+ncsYteoBC+G1DUv9zH1zvqouij6ltchRjrmGICuNU+sfKVT7yA9Z+xsJ8mIPa/dN98QNmGxZjkpq814MNzf319fQ12iqdIKURCCnqHd1rg04wBjMBpUm0tTXMElpkIF0tymzCDcYzdzYIiOpYOppYhs5HJuC5yvZ5H9Jv/qnh6/9I1wMSK05uufu7UGJLJWgFGJR+DuF3Efm4Zce4N5p7LCMjECMow9N5kZE9QBveSV/CFxBfBZH1Pb7T4ZIwhRNBRctVsjNzjUqPmRIhh9sck66KjGfxlwbGtEMgPJtVrFJEZD5CZC7/1mKH5hx/fXNpsa1IoXCegXWyJ5Rdi/JKJaHuj0AGwUSqvAknN1byZc5LDTgsgx1PEia/aN9BGos/j/0BbezftziHI/noaYR9BE8kjjzIsjdjWFgNXYbM1G8Fjp7IpwHQEtLN3+mniYcBP18oI+VPuppLShjTC6JxSBP3heXJW1otVd1iZMMt6O+Y6AwFeApm8M9mkQRQgB+A/2L0902pZpFkGWLhkFf3Dnf8C3aYJrLVAT/Ha3dIkhLwvQMB9yAG42DnxeyKcATRYpZ4c2KnlU84GhVLAUauq1qVbXemMOfLhncvcbHIsqCt8Q910EaUDickwsgGsl1cPlTWlYm8DWDtg2dfPG1kxRPjKwphAsg==
X-Forefront-Antispam-Report: CIP:18.7.68.33; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:outgoing-alum.mit.edu; PTR:outgoing-alum.mit.edu; CAT:NONE; SFS:(13230016)(346002)(396003)(39860400002)(376002)(136003)(36840700001)(46966006)(83380400001)(70206006)(82310400005)(26005)(66574015)(30864003)(41320700001)(47076005)(186003)(956004)(336012)(5660300002)(4326008)(8936002)(70586007)(31686004)(478600001)(966005)(41300700001)(53546011)(316002)(356005)(36860700001)(31696002)(7596003)(2616005)(86362001)(82740400003)(40480700001)(786003)(2906002)(6916009)(8676002)(75432002)(43740500002); DIR:OUT; SFP:1101;
X-OriginatorOrg: alum.mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Jul 2022 16:41:10.5864 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 0d40030d-4f09-4dbb-2dda-08da6feecfee
X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu]
X-MS-Exchange-CrossTenant-AuthSource: DM3NAM02FT019.eop-nam02.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5940
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/QaMaquJTnEC4_WvYRrZqaplTBw0>
Subject: Re: [stir] sipcore Digest, Vol 158, Issue 1
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jul 2022 16:41:17 -0000

Comments inline...

On 7/27/22 10:22 AM, pierce@numeracle.com wrote:
> In the STIR WG discussion yesterday there was commentary about having
> STIR-specific error information in REASON.
> 
> It occurred to me as people discussed what an STI-AS can do with the
> information in a REASON from an STI-VS that an STI-AS is rarely in the call
> path of an error response to the signature placed there by the STI-AS.
> 
> I point this out so that people can be thinking about this aspect.
> 
> An STI-VS doesn't typically tell the STI-AS "here's what is wrong with what
> you put in the SIP Identity header or certificate chain".
> 
> Most of the time, the STI-VS is going to be telling the originating UAC,
> "here is what is wrong with what your (3rd party) STI-AS put in the SIP
> Identity header or certificate chain".
> 
> Also note that this use of REASON has (does? will?) cause unnecessary call
> failures.
> 
> In the introduction to RFC 3326, it says:
> 
>     Clients and servers are free to ignore this header field.  It has no
>     impact on protocol processing.
> 
> The 2nd sentence is egregiously false. 

Can you give an example?

If a Reason is returned in a final response then the protocol processing 
has already failed. How would the presence or absence of Reason make it 
worse?

If it is returned in a 1xx response then the call may still succeed or 
fail. For the Reason to affect that the UAC would have to take some 
action on the subsequent call flow that was chosen due to the content of 
the Reason header. In that case you are correct that it has some impact, 
but is it egregious? If the implementer is any good, the impact is 
presumably intended to improve the call experience. But if the Reason 
header is instead ignored, then the call may well still complete.

The obvious case here is when the verifier has decided to allow the call 
to proceed even though the stir identity couldn't be verified. In this 
case the UAC could have a policy to drop the call or alert the user. 
Without processing the Reason the caller will have no clue. This kind of 
policy will be more important when used with sending Identity from UAS 
to UAC.

> And can someone explain how to code
> "free to ignore"?  Make a choice to ignore using a random number generator
> for entertainment?  Always ignore?  Never ignore?  Always write new code to
> adapt to every possible new error?

It could be anything. But the most obvious is that some implementations 
will choose to ignore the reason all the time, while others will choose 
to process it in some way that provides a better call experience.

This is the sort of thing that distinguishes better implementations.

> In my experience, a certain vendor chose to kill calls which had a
> STIR/SHAKEN 4xx in a REASON header because they could.  i.e., they didn't
> understand the 4xx but it was a 4xx which therefore indicated the expected
> final response would be a call failure, so they killed the calls.
> Calls which would have otherwise completed, instead failed because of an
> unknown 4xx in the REASON header. 

Poor quality of implementation. Sadly they can still claim conformance 
to the standard. Also, this couldn't have been with STIR reason codes, 
since those are only now being defined. It doesn't necessarily say 
anything about the processing of STIR reason codes, which is yet to be 
written.

> This caused Network Operations staff to
> write header manipulation rules which stripped the offending inbound error
> messages at the edge of the network.  An argument with the vendor about
> killing otherwise good calls led to a discussion of paying for and
> scheduling new development which, as far as I know, never happened because
> it was cheaper to strip the error messages at the edge of the network.

If that is the way you want to do business then you live with the 
consequences.

> RFC 3326 correctly observed:
> 
> ... status codes that provide information about the
>     user and about session parameters are typically useful for
>     implementing services whereas status codes intended to report errors
>     about a request are typically useful for debugging purposes.
> 
> So, I will suggest that errors in a REASON that are intended to be used for
> "debugging purposes" and which should not result in calls being killed
> unnecessarily, should only ever be 1xx.  I think this implies ALL error
> messages related to STIR/SHAKEN in a REASON should be 1xx.

Part of the problem here is leaping to the conclusion that the meanings 
of STIR reason codes are the same as SIP reason codes. They are not. At 
the least *most* SIP reason codes (which are the same as SIP response 
codes) make no sense if used as STIR reason codes. And even for the ones 
that are, their semantics will differ when used as a STIR reason code.

It may be worth creating a completely new name space (number space) for 
STIR reason codes just to avoid this confusion. But that isn't strictly 
necessary. But some text somewhere describing how the STIR reason codes 
SHOULD/SHOULD NOT be used is something that should be done.

	Thanks,
	Paul

> -----Original Message-----
> From: sipcore <sipcore-bounces@ietf.org> On Behalf Of
> sipcore-request@ietf.org
> Sent: Tuesday, July 26, 2022 2:00 PM
> To: sipcore@ietf.org
> Subject: sipcore Digest, Vol 158, Issue 1
> 
> Send sipcore mailing list submissions to
> 	sipcore@ietf.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://www.ietf.org/mailman/listinfo/sipcore
> or, via email, send a message with subject or body 'help' to
> 	sipcore-request@ietf.org
> 
> You can reach the person managing the list at
> 	sipcore-owner@ietf.org
> 
> When replying, please edit your Subject line so it is more specific than
> "Re: Contents of sipcore digest..."
> 
> 
> Today's Topics:
> 
>     1. I-D Action: draft-ietf-sipcore-multiple-reasons-00.txt
>        (internet-drafts@ietf.org)
>     2. Re: I-D Action: draft-ietf-sipcore-multiple-reasons-00.txt
>        (Robert Sparks)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Mon, 25 Jul 2022 13:31:37 -0700
> From: internet-drafts@ietf.org
> To: <i-d-announce@ietf.org>
> Cc: sipcore@ietf.org
> Subject: [sipcore] I-D Action:
> 	draft-ietf-sipcore-multiple-reasons-00.txt
> Message-ID: <165878109730.56605.6408785536974654600@ietfa.amsl.com>
> Content-Type: text/plain; charset="utf-8"
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the Session Initiation Protocol Core WG of the
> IETF.
> 
>          Title           : Multiple SIP Reason Header Field Values
>          Author          : Robert Sparks
>    Filename        : draft-ietf-sipcore-multiple-reasons-00.txt
>    Pages           : 4
>    Date            : 2022-07-25
> 
> Abstract:
>     The SIP Reason Header Field as defined in RFC 3326 allows only one
>     Reason value per protocol value.  Practice shows it is useful to
>     allow multiple values with the same protocol value.  This update to
>     RFC 3326 allows multiple values for an indicated registered protocol
>     when that protocol defines what the presence of multiple values
>     means.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-sipcore-multiple-reasons/
> 
> There is also an HTML version available at:
> https://www.ietf.org/archive/id/draft-ietf-sipcore-multiple-reasons-00.html
> 
> 
> Internet-Drafts are also available by rsync at
> rsync.ietf.org::internet-drafts
> 
> 
> 
> 
> ------------------------------
> 
> Message: 2
> Date: Mon, 25 Jul 2022 17:05:19 -0500
> From: Robert Sparks <rjsparks@nostrum.com>
> To: sipcore@ietf.org
> Subject: Re: [sipcore] I-D Action:
> 	draft-ietf-sipcore-multiple-reasons-00.txt
> Message-ID: <c3b5fd61-d5f7-a621-b3be-7c608a19ec78@nostrum.com>
> Content-Type: text/plain; charset=UTF-8; format=flowed
> 
> Resending from the correct address:
> 
> On 7/25/22 4:07 PM, Robert Sparks wrote:
>> Hello sipcore:
>>
>> This is just the renaming of draft-sparks-sipcore-multiple-reasons to
>> draft-ietf-sipcore-multiple-reasons.
>>
>> There has been a lot of feedback about some short things to add, and I
>> am working on those as a 01. This -00 is here to make comparisons
>> later easier.
>>
>> Right now, I'm keeping the source at
>> https://github.com/rjsparks/draft-ietf-sipcore-multiple-reasons. PRs
>> are welcome. I'm happy to move that repo to a sipcore github
>> organization should the group choose to have one.
>>
>> RjS
>>
>> On 7/25/22 3:31 PM, internet-drafts@ietf.org wrote:
>>> A New Internet-Draft is available from the on-line Internet-Drafts
>>> directories.
>>> This draft is a work item of the Session Initiation Protocol Core WG
>>> of the IETF.
>>>
>>> ???????? Title?????????? : Multiple SIP Reason Header Field Values
>>> ???????? Author????????? : Robert Sparks ?? Filename??????? :
>>> draft-ietf-sipcore-multiple-reasons-00.txt
>>> ?? Pages?????????? : 4
>>> ?? Date??????????? : 2022-07-25
>>>
>>> Abstract:
>>> ??? The SIP Reason Header Field as defined in RFC 3326 allows only
>>> one ??? Reason value per protocol value.? Practice shows it is useful
>>> to ??? allow multiple values with the same protocol value.? This
>>> update to ??? RFC 3326 allows multiple values for an indicated
>>> registered protocol ??? when that protocol defines what the presence
>>> of multiple values ??? means.
>>>
>>>
>>> The IETF datatracker status page for this draft is:
>>> https://datatracker.ietf.org/doc/draft-ietf-sipcore-multiple-reasons/
>>>
>>> There is also an HTML version available at:
>>> https://www.ietf.org/archive/id/draft-ietf-sipcore-multiple-reasons-0
>>> 0.html
>>>
>>>
>>>
>>> Internet-Drafts are also available by rsync at
>>> rsync.ietf.org::internet-drafts
>>>
>>>
> 
> 
> 
> ------------------------------
> 
> Subject: Digest Footer
> 
> _______________________________________________
> sipcore mailing list
> sipcore@ietf.org
> https://www.ietf.org/mailman/listinfo/sipcore
> 
> 
> ------------------------------
> 
> End of sipcore Digest, Vol 158, Issue 1
> ***************************************
> 
> _______________________________________________
> stir mailing list
> stir@ietf.org
> https://www.ietf.org/mailman/listinfo/stir

v2.23.0 | Report a Bug | By Email