IETF Logo Mail Archive

Re: [stir] New draft draft-rosenberg-stir-callback-00

"David Frankel" <dfrankel@zipdx.com> Sun, 04 March 2018 07:50 UTC

Return-Path: <dfrankel@zipdx.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A0031241F5 for <stir@ietfa.amsl.com>; Sat, 3 Mar 2018 23:50:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=zipdx.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZWx3KBSaiy5N for <stir@ietfa.amsl.com>; Sat, 3 Mar 2018 23:50:25 -0800 (PST)
Received: from xdev1sjc.zipdx.com (sjc-e-66.zipdx.com [166.88.23.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C666126C19 for <stir@ietf.org>; Sat, 3 Mar 2018 23:50:25 -0800 (PST)
Received: from DPFENVY (c-98-210-64-228.hsd1.ca.comcast.net [98.210.64.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: dfrankel) by xdev1sjc.zipdx.com (Postfix) with ESMTPSA id E64D01B8018E; Sat, 3 Mar 2018 23:50:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=zipdx.com; s=default; t=1520149825; bh=2ar0FgPCsH8nhnbIegaQa7qFXLXpQjTIL+RqtC4418g=; h=From:To:References:In-Reply-To:Subject:Date:From; b=TezVD9EqScFG9B2X6pqeZD97da1dBS1gcRHKjB/vVmXKgjpj7Wh0GDYIL8K1yVMlG sXg0KIJVoaXrlEeuvZnv9K+1aq0vbg8kYNLiB9c9aGoodphhVHgnoJYHMq3rCz3zGR 44SSLofe9AFZVACnNV724y6ZuLlnwwudUrikWv3o=
From: David Frankel <dfrankel@zipdx.com>
To: 'Jonathan Rosenberg' <jdrosen@jdrosen.net>, stir@ietf.org
References: <CA+23+fF7UfT4KY6jCm8VqgPBbiq2KH3_9ASb2KiH0bjVTZeY_A@mail.gmail.com>
In-Reply-To: <CA+23+fF7UfT4KY6jCm8VqgPBbiq2KH3_9ASb2KiH0bjVTZeY_A@mail.gmail.com>
Date: Sat, 03 Mar 2018 23:50:26 -0800
Organization: ZipDX LLC
Message-ID: <02f401d3b38d$754f0570$5fed1050$@zipdx.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_02F5_01D3B34A.672D7320"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQMNzGGZoHHMUr8ow6+gR+Dmf47KwqFLb+Hg
Content-Language: en-us
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/Uz1KeolIEHnVdtaAiNsrROjL1O4>
Subject: Re: [stir] New draft draft-rosenberg-stir-callback-00
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Mar 2018 07:50:28 -0000

Hi Jonathan and Cullen –

 

I read the draft with interest and wonder if you can clarify a few things for me. My understanding of SIP nuances is limited, so I may be overlooking some obvious things here. At the same time, I’m trying to be pragmatic about how things work in the “real world” vs. the world as defined by the specs.

 

So my questions / comments are:

 

A) I see in section 3 references to SUPPORTED and REQUIRE header fields that include “stir-callback”. Then in sub-part 1 of section 3, in the call diagram I see references to SUPPORTED and REQUIRE headers that say “stir-verify”.  (Note, btw, that there are two sub-parts 1 in section 3; I think they are supposed to be numbered 1, 2, 3 instead of 1, 1, 2.) There are further references in the document to “stir-verify”. Then in section 8.1, there are references to a “sip-verify” Option Tag. 

 

So my question is: are “stir-callback”, “stir-verify” and “sip-verify” all meant to be the same string, and perhaps the exact value evolved during development of the document? Or are there really two or three different option-tags involved here? Or am I missing how these three different values are actually applied?

 

B) In the “real world”, a PSTN call from Bob (tel:1, served by Provider B), to Alice (tel:2 <tel:1> , served by Provider A) is often completed by B sending the call to transit provider X, which, even in an end-to-end SIP connection, will re-initiate the call and send it to provider Y, which then re-initiates it and sends it to terminating Provider A. (Note that the call path from B to A typically does not necessarily follow the reverse path of a call from A to B.)

 

So in order to propagate properly from origination to termination, the “verifying INVITE” proposed in section 3, containing the REQUIRE: stir-callback header, will need to first be processed by Provider X. As I understand it, X will need to be capable of recognizing the new REQUIRE header and knowing that it needs to propagate the call onward (NOT reject it due to lack of support for stir-callback), and will need to send the call to Y with the new REQUIRE header included. AND it will also need to know that it needs to propagate the VERIFY-CALL header as well.

 

Y will receive this INVITE, and it too will need to know that it needs to accept this invite and propagate it onward with the REQUIRE and VERIFY-CALL headers.

 

Since stir-callback is not today a defined option, if X and Y were conforming to the SIP RFC, they would today reject this INVITE. So does this mean that your STIR-Callback approach will necessitate updates of currently-conforming UA’s acting in the transit role to now provide support for this new type of INVITE?

 

Finally, if and when the verification INVITE gets to A, and as your document explains, A will have to be smart enough to process the verify request and send the appropriate response. That support is noted in your document; I’m wondering if you also need to document the kind of support that will be required from intermediate providers, and note the importance of A being RFC-compliant with respect to REQUIRE headers it does not understand.

 

C) At the end of section 3 you note: “The presence of the Require header field in the verifying INVITE is critical to the operation of the solution.  It prevents the verifying INVITE from actually ringing a real phone, which would be quite annoying.” This is my biggest concern.

 

If the new REQUIRE header gets dropped somewhere along the way, the INVITE will look “normal”, so won’t Provider A ring Alice’s phone? Or, if A is not RFC-compliant and ignores the REQUIRE header, Alice’s phone will ring. (And of course if the call originator was spoofing the number, and in fact Bob’s verification INVITE went to the real owner of the number, served by provider C, C would have to be RFC-compliant in this regard or the real number owner’s phone would ring.)

 

I am nervous that in today’s real world deployments, your approach is fragile because it is dependent on the various UA’s in the call path diligently following the SIP RFC.

 

I made a few test calls acting like I was Bob’s UA, having received an INVITE from A that I want to verify. So I sent an INVITE back towards A, inserting the REQUIRE: stir-callback header in my mock “verification” INVITE; I sent these calls through various real-world termination providers. 

 

In a couple of cases, I got back 420 Bad Extension responses. That’s good and bad; the good news is that it tells me that those particular UA’s ARE RFC compliant in this respect. They don’t understand a REQUIREd option so they are necessarily rejecting the call. On the other hand, it points out that if these UA’s are acting as intermediate providers (which, in these cases, they are), they will need to be updated to accept and pass the stir-callback related headers even though they are just providing a transit function and even though they are not assuming any responsibility for verification.

 

In my other test cases, the destination phone rang even though this was supposed to be a “verification” INVITE. This tells me, I think, that at least the first UA (X, in my explanation above) in the verification call path is non-RFC-complaint, and that downstream UA’s are either also non-compliant, or that the REQUIRE header got dropped along the way.

 

I am nervous about the extent to which deployed UA’s are non-RFC-compliant with respect to the REQUIRE header, and how that could undermine deployability of this solution. Maybe you intended that the solution only apply when A and B are directly connected and there are no intermediate providers. But I’m concerned that’s only a small fraction of “real world” calls today.

 

I am interested in your thoughts on these items, and on getting me back on track if I’ve misunderstood aspects of the proposal.

 

David

 

David Frankel

ZipDX® LLC

Monte Sereno, CA USA

Tel: 1-800-FRANKEL (1-800-372-6535)

 

From: stir <stir-bounces@ietf.org> On Behalf Of Jonathan Rosenberg
Sent: Thursday, March 1, 2018 6:15 PM
To: stir@ietf.org
Subject: [stir] New draft draft-rosenberg-stir-callback-00

 

Hey all - been a while :)

Cullen and I wrote up a concept for using STIR with self-signed or domain based certs, and then handling number validation with an in-band callback. We think its a promising approach to accelerate STIR deployments, since it allows them to happen without the cert infrastructure being in place. 

https://www.ietf.org/id/draft-rosenberg-stir-callback-00.txt

Comments welcome. 

-Jonathan R.



-- 

Jonathan Rosenberg, Ph.D.
jdrosen@jdrosen.net <mailto:jdrosen@jdrosen.net> 
http://www.jdrosen.net

v2.23.0 | Report a Bug | By Email