IETF Logo Mail Archive

Re: [stir] [sipcore] draft-ietf-sipcore-callinfo-04 (call-reason)

Henning Schulzrinne <hgs@cs.columbia.edu> Sat, 19 March 2022 19:26 UTC

Return-Path: <hgs10@columbia.edu>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54C033A0E71 for <stir@ietfa.amsl.com>; Sat, 19 Mar 2022 12:26:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.507
X-Spam-Level:
X-Spam-Status: No, score=-1.507 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, GB_ABOUTYOU=0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=columbia.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5kZI3GaO0xLi for <stir@ietfa.amsl.com>; Sat, 19 Mar 2022 12:26:27 -0700 (PDT)
Received: from mx0a-00364e01.pphosted.com (mx0a-00364e01.pphosted.com [148.163.135.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF58A3A0EAD for <stir@ietf.org>; Sat, 19 Mar 2022 12:26:25 -0700 (PDT)
Received: from pps.filterd (m0167068.ppops.net [127.0.0.1]) by mx0a-00364e01.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 22JJQNZk010925 for <stir@ietf.org>; Sat, 19 Mar 2022 15:26:25 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=columbia.edu; h=mime-version : references : in-reply-to : from : date : message-id : subject : to : cc : content-type; s=pps01; bh=mqxtuvb3UNi+F2AqRgkwuObRRrsyOlOSGs5UkZdgz00=; b=UG+llgV4CmY9tca9SoxvKJG53gXDQ4x++q3aduMEwKn2Jaut1ieidB+ky4iMfl2/XjGI INSuSvUcmQOPdps6bIJtqt51+HNn2C6a3G4gsO33ugDphYWW+852WbM50/Lyg7/LW2cd /X1WXOJZZ6HilWPaB9khJjJq0h2Pqi9rFYSB8MU8xteTBDKM70z9BxTi7VibaHQ+NA+V aRD/nv62WwoRc4O+PtLpEhrio6np1pZXSyccV1mvDZdeJ7A/ljr2HN2WFwiC7k0EmlvD MPYcfog3zq/VXs+Co5ccWLSDybDs9md4eDvKU9iKyejirWeKT4qhBIPy1jUEoKEJueJ5 Nw==
Received: from sendprdmail21.cc.columbia.edu (sendprdmail21.cc.columbia.edu [128.59.72.23]) by mx0a-00364e01.pphosted.com (PPS) with ESMTPS id 3ew9ewjr8g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <stir@ietf.org>; Sat, 19 Mar 2022 15:26:24 -0400
Received: from mail-qk1-f199.google.com (mail-qk1-f199.google.com [209.85.222.199]) by sendprdmail21.cc.columbia.edu (8.14.7/8.14.4) with ESMTP id 22JJQNZY053371 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for <stir@ietf.org>; Sat, 19 Mar 2022 15:26:23 -0400
Received: by mail-qk1-f199.google.com with SMTP id q24-20020a05620a0c9800b0060d5d0b7a90so7291783qki.11 for <stir@ietf.org>; Sat, 19 Mar 2022 12:26:23 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mqxtuvb3UNi+F2AqRgkwuObRRrsyOlOSGs5UkZdgz00=; b=BOTruw2NEqQ7gYTOwsWB9XgaP1LuYiBBF9KbeJy+5rKCre0c7se/ED1y3cKsRcpX3G yJwB/quUmOpnslcHFARRbFAw8y/yKoYjAo467FYd1mZkd40RmYOrxs0m3R0nujkmXhbX lMZHjXGT0Vzy/lHre7EBqPbZLXvpy/hCHvLdmYgamXKurdqmUSFqukgaFS0YmKgxFV0Z 03ampnZDCsjWwH+1N5jC+yMxXAnyZYWlYBF/c3wuYaEF4eZx9m1DY9XlQ2e+dUhJX9eU q8AFNN31OWggoYQalL/zVzSwufs/ddk8BiHOZwDql0AQBeKYYtiPU69hhEn4OMfQ+XtX Jtog==
X-Gm-Message-State: AOAM532jCXGiI3wr6TZ5TYj7tEY49XowAVcct4JNzrpb+ww3GhG8ESU5 /026diAv4H9RT6Jqi4bo4JH1Oom/9MKdUkETawj7uYJwmbRBR0lDEVxNC3gRwLMOo7aNv8TKf9v 1TydKvmJ5wIVsDLhVdLAeOCVgk4YH
X-Received: by 2002:ac8:5bd6:0:b0:2e1:c841:35f6 with SMTP id b22-20020ac85bd6000000b002e1c84135f6mr11573423qtb.120.1647717983090; Sat, 19 Mar 2022 12:26:23 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwZXxamIzLao1Vi4vQPx9R9lPENPC7AAQZEEcvoAiFfmUY0VDrlV5/m+Z67Y6qgAh3WnmK7DWRMcD8MSZ7xnZ4=
X-Received: by 2002:ac8:5bd6:0:b0:2e1:c841:35f6 with SMTP id b22-20020ac85bd6000000b002e1c84135f6mr11573399qtb.120.1647717982634; Sat, 19 Mar 2022 12:26:22 -0700 (PDT)
MIME-Version: 1.0
References: <CACgrgBbUASA4HTukPwZL9V=8XOMTx_keZcDh-pVc0eSJYtVS8w@mail.gmail.com> <86BE36F5-7CFE-48BE-B0A7-7458B67EB208@chriswendt.net> <CACgrgBYVi2rJv0BCFf3UxmjtSJHXRuFw+gbHsQm0Uo0Dr3J8Mw@mail.gmail.com> <51718867-9092-4423-B895-8069A8AF3D07@chriswendt.net>
In-Reply-To: <51718867-9092-4423-B895-8069A8AF3D07@chriswendt.net>
From: Henning Schulzrinne <hgs@cs.columbia.edu>
Date: Sat, 19 Mar 2022 15:25:56 -0400
Message-ID: <CACgrgBZNXc0zcn7O9z2TS4_r5OGTsde7euMxcz_SqDO35pJASw@mail.gmail.com>
To: Chris Wendt <chris-ietf@chriswendt.net>
Cc: SIPCORE <sipcore@ietf.org>, stir@ietf.org
Content-Type: multipart/alternative; boundary="0000000000000b9d0505da973db9"
X-Proofpoint-ORIG-GUID: z55a1YZKHMIX9XCNy2k1tJldBTiXi7uW
X-Proofpoint-GUID: z55a1YZKHMIX9XCNy2k1tJldBTiXi7uW
X-CU-OB: Yes
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.850,Hydra:6.0.425,FMLib:17.11.64.514 definitions=2022-03-19_07,2022-03-15_01,2022-02-23_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 spamscore=0 impostorscore=10 mlxscore=0 mlxlogscore=872 malwarescore=0 lowpriorityscore=10 adultscore=0 clxscore=1015 bulkscore=10 phishscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2202240000 definitions=main-2203190130
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/WhmS-6quSnxBiIhfv1MDCHI5718>
Subject: Re: [stir] [sipcore] draft-ietf-sipcore-callinfo-04 (call-reason)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Mar 2022 19:26:33 -0000

Hi Chris,

tl;dr: My suggestions are: (1) leave call purpose out
of draft-ietf-stir-passport-rcd; (2) drop call-purpose
from draft-ietf-sipcore-call-info-rcd; (3) consider a new JWT claim
"subject" [or whatever] that encapsulates the signed call purpose in the
future.

More details inline below.

On Fri, Mar 18, 2022 at 5:17 PM Chris Wendt <chris-ietf@chriswendt.net>
wrote:

> Hi Henning,
>
> I understand what you are saying.  I do however think there is reasons to
> protect call-reason/Subject of call.  I think these situations are mostly
> in the context of delegation to perhaps a call center, where you have
> authorized them to represent your company in particular ways, including not
> only your identity, but for different context of calls that you have
> authorized them to represent you.  We all know there is some call centers
> that use call identities with good reputation for customers that may
> exploit that reputation for other customers.  I would look at this as
> similar situation.
>

I think we generally agree - your example of a call center is probably, in
my view, the most likely case where some indication of call purpose will be
used, probably with explicit arrangement with the carrier. This may well
turn out to be similar to the current model for SMS, where (in the US and
some other countries) you'll have to register your "campaign" with the
carrier or designated third party. This may even take the notion of a
template ("This call is about your recent order from {date}") that can be
auto-enforced. It's clear that carriers seem quite concerned about their
individual customers messaging, in volume, to their subscribers, given the
abuse.


>
> There is also potential for future of Subject/call-reason to be more than
> just a text string.
>

I suspect that's best handled separately, once we have a clearer use case.
I don't think we can just stick this into call-reason without all kinds of
backwards-compatibility issues.


>
> I’m struggling a bit on your point that we should sign some data but not
> other data because it is less likely to be manipulated.  Is that the bar we
> should be striving for here? Seems to conflict with my understanding of
> some of the goals.
>

Maybe this indicates that we should be clearer on the goals. My take on the
value of STIR "classic" (for TNs) is that the main purpose of signing is to
make it clear who is responsible for the information provided - thus, the
whole discussion of A/B/C attestation. Indeed, the experience seems to
indicate that C-level attestation is actually a signal for a robocall,
i.e,. C-level calls are *more* likely to be robocalls than unsigned calls.
A/B/C obviously have the same cryptographic strength and all prevent
modification by third parties.

I don't think that carrier manipulation of the caller information (except
in various normalization ways) has ever been a major problem - it's
originator (OSP or end user) spoofing. This is rather different than the
typical threat model where the originator worries about evil Mallory
changing their data, e.g., by redirecting a money transfer to them.

But for call-purpose, this is less relevant - this is clearly (mostly)
useful if inserted by the originating caller, and unlike for A-level
attestation, the carrier can't really validate that the message is
truthful. How would it know that "You have won a cruise!" in the
call-purpose/Subject was correct or a scam? Indeed, as mentioned, if I were
a carrier, I'd never want to attest to that purpose, as somebody could
reasonably claim that the carrier should have known that the recipients
hadn't won anything.

This is the main reason that I think this should be a separate claim - if
anybody should sign/attest this, it's the enterprise call center and only
that call center.


> Why not have the framework that we can do that.  You are free to protect
> or not protect data depending on your own policy.
>

Nothing wrong as such. My argument is that RCD and call-purpose/Subject are
very different, so they shouldn't be in the *same* framework. If we need
Subject/call-purpose, they should be in separate claims, for the
operational reasons mentioned.


>
> I guess i want to be sure whether you are reacting to us not using Subject
> vs call-info as a common container for “rich call data” related info or
> that we have both call-info and ‘rcd’ as a container for Rich Call Data
> more generally?  I think there is many reasons why we landed there, we can
> re-hash that in the context of call-info vs subject.  I would be less
> excited about re-hashing it for passport/rcd.
>

For the reasons above, I think this is a bad idea for both cases, in
my view. It's worse for Call-Info, because of the duplication of existing
functionality.

To use an analogy: The RCD is mostly like a business card. We don't
typically write our contracts and messages on business cards - we might
staple our business card to a note.

My constructive suggestion is to create a separate claim if needed. (My
understanding is that rcd-14 does not contain the call purpose, so this is
the current state.)


>
> I do believe both of these frameworks need to be extensible, i don’t think
> we are finished.  We can define more passport extensions, but at the same
> time, do we want to redefine “rcd” and “rcdi” for new passport extensions?
>

No, we should create, in my view, a separate document that focuses on
signing the call purpose, expressed either as Subject (as the compact form)
or an explicit JWT claim, such as "subject".


> -Chris
>
>
>

v2.8.7 | Report a Bug | By Email