Re: [stir] [Acme] NYTimes.com: How Do You Stop Robocalls?

"Olle E. Johansson" <oej@edvina.net> Tue, 13 July 2021 08:56 UTC

Return-Path: <oej@edvina.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED7473A0D69; Tue, 13 Jul 2021 01:56:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WuyzSeMBhKIu; Tue, 13 Jul 2021 01:56:14 -0700 (PDT)
Received: from smtp7.webway.se (smtp7.webway.se [IPv6:2a02:920:212e::205]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A2203A0D6B; Tue, 13 Jul 2021 01:56:08 -0700 (PDT)
Received: from smtpclient.apple (h-176-10-205-16.A165.corp.bahnhof.se [176.10.205.16]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp7.webway.se (Postfix) with ESMTPSA id 587211900; Tue, 13 Jul 2021 10:56:06 +0200 (CEST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.100.0.2.22\))
From: "Olle E. Johansson" <oej@edvina.net>
In-Reply-To: <HE1PR07MB44419FE8AD0F7D197A1E562D93149@HE1PR07MB4441.eurprd07.prod.outlook.com>
Date: Tue, 13 Jul 2021 10:56:05 +0200
Cc: Roman Shpount <roman@telurix.com>, "stir@ietf.org" <stir@ietf.org>, Mary Barnes <mary.ietf.barnes@gmail.com>, "Salz, Rich" <rsalz@akamai.com>, "acme@ietf.org" <acme@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <D091A6A2-A85A-4A86-B1F2-E489C6ABA22B@edvina.net>
References: <B0BBFDFA-4203-4660-A982-80A5B8DED746@contoso.com> <CAHBDyN57-8-ctw8L-5ob_ti2azBwEGqyEApGVSMwJgNM68Uscw@mail.gmail.com> <CAD5OKxsy3xODy2mXHJcKB=ihwdOeLLYiLaDpORa4B33j7TUuhw@mail.gmail.com> <FDA56FC9-ADDD-4A5C-8624-3F0CC822E230@edvina.net> <HE1PR07MB4441ADDB925B8E12EE0E421E93149@HE1PR07MB4441.eurprd07.prod.outlook.com> <65F108C8-8139-4770-9C18-9694721A74BE@edvina.net> <HE1PR07MB44419FE8AD0F7D197A1E562D93149@HE1PR07MB4441.eurprd07.prod.outlook.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>
X-Mailer: Apple Mail (2.3654.100.0.2.22)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/zGTjoq33KZvbqia48H_OeLihB-k>
Subject: Re: [stir] [Acme] NYTimes.com: How Do You Stop Robocalls?
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jul 2021 08:56:19 -0000


> On 13 Jul 2021, at 10:52, Christer Holmberg <christer.holmberg@ericsson.com> wrote:
> 
> Hi,
> 
>>> When you say “does not support Outbound”, are you referring to the whole mechanism, or to the specific reuse-of-registration-connection-for-incoming-calls part?
>> 
>> We have had a lot of discussions about this in the past, where I focused on the latter. In the current set of standards a server is not allowed to reuse the incoming TLS connection for outbound requests. Only SIP outbound allows this. 
> 
> Correct.
> 
> However, many still do it, because in addition to the TLS issues it is also needed for NAT traversal.
Exactly. Kamailio does that, because it’s the only way even if we break the RFCs.
> 
>> That’s why I started a discussion about a “half-outbound” - much like the use of Outbound in SIP over WebSockets today.
> 
> That specific part could be defined in a separate specification, similar to what we did for SIP keep-alive: people wanted to have a mechanism for negotiating keep-alives, without having to implement everything else in Outbound.

Yes, that was my idea. But at the time it seemed like people either did not understand or did not see the need.
Maybe we have a different situation now. It is needed, as we need RFC-compliant security in SIP.

/O
> 
> Regards,
> 
> Christer
> 
> 
> 
> ________________________________________
> From: stir <mailto:stir-bounces@ietf.org> on behalf of Olle E. Johansson <mailto:oej@edvina.net>
> Sent: Tuesday, July 13, 2021 9:32:56 AM
> To: Roman Shpount <mailto:roman@telurix.com>
> Cc: mailto:stir@ietf.org <mailto:stir@ietf.org>; Mary Barnes <mailto:mary.ietf.barnes@gmail.com>; Salz, Rich <mailto:rsalz=40akamai.com@dmarc.ietf.org>; mailto:acme@ietf.org <mailto:acme@ietf.org>
> Subject: Re: [stir] [Acme] http://NYTimes.com: How Do You Stop Robocalls? 
>  
> 
> 
> 
> 13 juli 2021 kl. 06:58 skrev Roman Shpount <mailto:roman@telurix.com>:
> 
>  At the same time, SIP over TLS has many performance and reliability issues that would need to be addressed before it is ready for industry-wide deployment.
> 
> There’s also a lack of applicable standards for TLS usage, as I’ve pointed out a few times, but the working group seems to have no energy to fix. SIP over TLS from the SIP phone side requires implementation of SIP outbound, which we never successfully tested at any SIPit. I know of a few implementations now, but haven’t tested them together.
> 
> Made this presentation five years ago
> https://www.slideshare.net/oej/sip-tls-security-in-a-peer-to-peer-world
> 
> /O
> _______________________________________________
> stir mailing list
> mailto:stir@ietf.org
> https://www.ietf.org/mailman/listinfo/stir
>