[VIPR] Agenda & Handout for 2012/01/13
Marc Petit-Huguenin <petithug@acm.org> Thu, 12 January 2012 15:14 UTC
Return-Path: <petithug@acm.org>
X-Original-To: vipr@ietfa.amsl.com
Delivered-To: vipr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E81B221F8546 for <vipr@ietfa.amsl.com>; Thu, 12 Jan 2012 07:14:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.912
X-Spam-Level:
X-Spam-Status: No, score=-100.912 tagged_above=-999 required=5 tests=[AWL=-1.312, BAYES_00=-2.599, GB_I_INVITATION=-2, GB_SUMOF=5, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0DOCv4ky+lsy for <vipr@ietfa.amsl.com>; Thu, 12 Jan 2012 07:14:10 -0800 (PST)
Received: from implementers.org (implementers.org [IPv6:2604:3400:dc1:41:216:3eff:fe5b:8240]) by ietfa.amsl.com (Postfix) with ESMTP id E134C21F8545 for <vipr@ietf.org>; Thu, 12 Jan 2012 07:14:09 -0800 (PST)
Received: from [IPv6:2001:470:1f05:616:213:d4ff:fe04:3e08] (shalmaneser.org [IPv6:2001:470:1f05:616:213:d4ff:fe04:3e08]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client CN "petithug", Issuer "implementers.org" (verified OK)) by implementers.org (Postfix) with ESMTPS id E2FA7202D2; Thu, 12 Jan 2012 15:00:40 +0000 (UTC)
Message-ID: <4F0EF8BB.6080009@acm.org>
Date: Thu, 12 Jan 2012 07:14:03 -0800
From: Marc Petit-Huguenin <petithug@acm.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20120104 Icedove/8.0
MIME-Version: 1.0
To: Dean Willis <dean.willis@softarmor.com>, "Hakim Mehmood (naim)" <naim@cisco.com>, Michael Procter <michael@voip.co.uk>, John Ward <jward@IntelePeer.com>, 'Mary Barnes' <mary.ietf.barnes@gmail.com>, "Muthu Arul Mozhi Perumal (mperumal)" <mperumal@cisco.com>, Daryl Malas <D.Malas@cablelabs.com>, Jon Peterson <jon.peterson@neustar.biz>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "vipr@ietf.org" <vipr@ietf.org>
Subject: [VIPR] Agenda & Handout for 2012/01/13
X-BeenThere: vipr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Verification Involving PSTN Reachability working group <vipr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vipr>, <mailto:vipr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/vipr>
List-Post: <mailto:vipr@ietf.org>
List-Help: <mailto:vipr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vipr>, <mailto:vipr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jan 2012 15:14:11 -0000
A. Agenda - Action item list from Taipei - PVP Entropy - VIPR troubleshooting - Infrastructure overlays - ICE support in VIPR Note that the sum of the time allocated to each topic may exceeds the time allocated to the whole call. The topics that cannot make it to the discussion will be postponed to the next conference call if they are not subsequently decided in the mailing-list. Because the conference bridge as a limited capacity, an individual invitation to the conference will be sent shortly after this email to each member of the design team. Please send me an email if you are not on this list and want to receive an invitation. Note that the design team conference call is not a way to short-circuit the normal process, but a way to accelerate it by increasing face to face time. All decisions made must be confirmed on the mailing-list. This conference call is subject to the rules of RFC 5378 and RFC 3979 (updated by RFC 4879). B. Handout (reading time: 10 min) B.1. Action items list from Taipei This is the list of decisions and TODO extracted from the minutes and the audio recording (The minutes from the meeting in Taipei are available at: http://www.ietf.org/proceedings/82/minutes/vipr.txt) - Eric Burger to send a review of -overview before it can be adopted as WG document. - PVP method priority accepted, but need to decide if in registry or document. - SIP intermediaries: Comments on the list. - Fix the equation in proportional-quota. - Add support to blacklist methods in the configuration (and registry). - OK to store methods in RELOAD. - Remove 3 copies, and use voting algorithm. - Fixes multiplier in reload-usage as soon proportional-quota is done. - Method A: Add text about using EC2 to evaluate the complexity for given cost/phone number. - Create new document for method C: inverted selector/secret, with dynamic allocation of entropy. - General idea of entropy adopted, with minimum default value in configuration. Still need to decide if client support. - Ticket needs to be modified to support crypto agility, with recommended algo. - X.509: Rejected. - Asymmetrical keys: Richard Barnes to do a security review. - Renewal of ticket: Solution proposed adopted. - Infrastructure overlay: will be presented in DISPATCH in Paris. - Troubleshooting: Needs also a test mode for immediate PVP processing. B.2. PVP Entropy The decision in Taipei was to support the entropy mechanism, and to carry the minimal default value in the configuration file. We still have to decide between these two solutions: 1. Entropy is best managed completely in the PVP server. 2. It is best managed in both client and server by using something like a cookie, stored in the ticket. B.3. VIPR troubleshooting One very important point made in draft-jennings-vipr-overview is the troubleshooting problem (section 2.4). Because the provisioning of SIP routes is automatic, there is no possibility to have a interop testing between two domains before the establishment of the fist call. This means that we need to provide help for debugging problems if things go wrong. The main issue is that it is not always possible to troubleshoot a problem only by looking on the logs and traces on the sending side - some kind of cooperation is required by the receiving side. Having a way to retrieve the logs and traces automatically would be a good step in this direction, but we now have a security problem to take care of, as we certainly do not want anybody to be able to retrieve this information. There is also a need to have a mode that permit a immediate execution of the PVP process, for troubleshooting purpose. B.4. Infrastructure overlays A new draft to discuss infrastructure overlays has been submitted to DISPATCH. "[RELOAD] is a peer to peer protocol developed by the P2PSIP Working Group. Each RELOAD instance has a unique name, which is used by the process in section 10.2 of this specification to find the configuration servers, enrollment servers and bootstrap servers needed to join the overlay. The process assumes that the RELOAD instance name is a FQDN, and uses the process in [RFC2782] (SRV RR) to find the IP address of the HTTPS server that serves the configuration document for this overlay. This process is adequate when the management of the overlay does not need to be distinguished from the owner of the FQDN used as the instance name, which is the case most of the time. But there is a special class of overlays that, by definition, requires to be unique on the Internet and for which having the possibility of create instances would defeat their very purpose. This specification calls the kind of overlays that are not domain specific, but application specific "infrastructure overlays". [VIPR] is a technology that is being standardized in the VIPR Working Group and that aims to build bridges between SIP islands by automatically provision SIP routes after the "ownership" of a PSTN phone number has been verified by an actual PSTN phone call. This technology uses an RELOAD overlay as a distributed database where mappings between phone numbers and servers responsible for the validation process are stored. The promise of VIPR to bridge these SIP islands cannot be fulfilled if there is more than one distributed database storing these mappings." B.5. ICE support in VIPR Section 1.2.1 of draft-procter-vipr-privacy-concerns proposes to use TURN to anonymise the source of a PVP validation. This proposal is probably incomplete, but the main problem is that we still do not know what transports will be used on the RELOAD overlay used by VIPR. First here's a list of what we currently know about this overlay: - The algorithm is RELOAD-CHORD - The Node-ID size is 16 bytes (128 bits). - Clients are not authorized because of the quota algorithm. - Self-signed certificates are not authorized. - There will be one or more root-certs. - There will be one or more bootstrap peers (unicast or anycast - no multicast). - Clients are not authorized because of the quota algorithm. - Shared secret are not used. - The overlay link protocol is TLS. - There will be a list of kind and configuration signers. - The urn:ietf:params:xml:ns:p2p:config-chord, urn:ietf:params:xml:ns:p2p:quota and urn:ietf:params:xml:ns:p2p:vipr extensions are mandatory. - The Kind VIPR-REGISTRATION will be authorized. What we do not know yet: - Do we need to authorize the CERTIFICATE-BY-NODE and CERTIFICATE-BY-USER Kinds? - Will TURN server deployed in the overlay? - Will ICE overlay link protocols be used? The important question for this topic is the support of ICE in the RELOAD overlay: Pros: With ICE support the RELOAD nodes, the PVP client and the PVP server can be installed behind a NAT/Firewall without having to put them on the DMZ or to open pinholes (the bootstrap servers will still need to be installed in the DMZ or on the Internet). TURN servers are required for ICE support, so they would also be available for anonymising the connections. Cons: ICE is complex to implement and debug. If we decide to exclude ICE, then the TURN servers are no longer available by default, and the idea of using them for anonymising the connections is moot. An additional consideration is that the RELOAD transports are currently limited to UDP and TCP, neither of them being really well suited to carry RELOAD or PVP messages. If we decide to exclude ICE support, I will then propose to use (D)TLS over SCTP instead (and write the I-D for this). So the initial question is: Do we need ICE or not?
- [VIPR] Agenda & Handout for 2012/01/13 Marc Petit-Huguenin