Minutes IETF111: asap
minutes-111-asap-00
Meeting Minutes | Automatic SIP trunking And Peering (asap) WG | |
---|---|---|
Date and time | 2021-07-29 20:30 | |
Title | Minutes IETF111: asap | |
State | Active | |
Other versions | plain text | |
Last updated | 2021-08-04 |
minutes-111-asap-00
Automatic SIP trunking And Peering (ASAP) Working Group ======================================================= CHAIRS: Jean Mahoney Gonzalo Salgueiro Automatic SIP trunking And Peering (ASAP) Working Group ======================================================= CHAIRS: Jean Mahoney Gonzalo Salgueiro IETF 111 AGENDA Thursday, July 29, 2021 13:30 - 14:30 US Pacific Time Session II, Room 1 IETF 111 Info: https://www.ietf.org/how/meetings/111/ Meeting URL: https://gce.conf.meetecho.com/conference/?group=asap Etherpad: https://codimd.ietf.org/notes-ietf-111-asap ------------------------------------------------- 1. Note Well, Note Takers, Agenda Bashing, Draft status - (Chairs, 10 min) 2. Automatic Peering for SIP Trunks (Kaustubh Inamdar, Sreekanth Narayanan, 40 min) https://tools.ietf.org/html/draft-ietf-asap-sip-auto-peer 3. Wrapup and Next Steps (Chairs, 10 min) ------------------------------------------------- 1. Chair Items ~ Note well ~ Agenda bash ~ Gonzalo Salgueiro to act as Jabber scribe ~ Thanks to Marc Petit-Huguenin and Kaustubh Inamdar for taking notes ~ Draft status 2. Automatic Peering for SIP Trunks (draft-ietf-asap-sip-auto-peer) ~ Draft authors provided overview, status and version history of current draft ⁃ Sreekanth Narayanan provided overview of the changes made in the latest version of the draft and put forth open items (https://datatracker.ietf.org/doc/draft-ietf-asap-sip-auto-peer/) ⁃ Jon Peterson: Good to see the STIR stuff included in the draft. Lot of discussion around provisioning systems that are related to STIR. There is interest in pre-provisioning systems to sign and attest numbers in a certain way. There are a bunch of things with regards to provisioning that can be discussed on the list and added into the draft. Definitely interested to see more standardization around pre-provisioning. ⁃ Sreekanth Narayanan: we can surely have a discussion on the list. ⁃ Jonathan: Happy to see things added into the draft about STIR. Comments on things that aren’t in the draft - firstly, there is a flag called STIRCompliance which is a Boolean. This is a tautology as the all service providers in the United States are required to be STIR complaint as of June 30th 2021. To me the more interesting thing is how PASSporTs are handled in and out. For example, when calls are sent from contact centre providers to carriers, will the carriers accept the PASSporT inserted by the contact centre provider and pass them through. Also, would they verify if the numbers are part of the range that has been allocated. These are certain aspects that need to be manually probed as of today. Would be nice to see some bits within the draft that captures this information. I’m less optimistic about getting certificates using the fields in the draft - therefore the cert delegation fields within the draft are less useful to me. ⁃ Jon Peterson: ACME for enterprises is still largely aspirational. There is so much administrative stuff around ordering a number range, if part of that could be added into the draft, it perhaps could be useful. However parts of that would still remain out of band. Having a way to track that enterprise and service providers have a mutual understanding of what numbers have been allocated would be useful. I would like to see a world where number allocation is dynamic, but I don’t think we will get there in the foreseeable future. ⁃ Jonathan Rosenberg: Law doesn’t mandate all behaviors. It would be useful to encode the variabilities for both ingress and egress STIR in the draft. ⁃ Chris Wendt: Agree with what Jon Peterson said. Interested in the certificate delegation piece of the draft. Question is about trunking v/s peering v/s shaken as a service. See a lot of variation between those things. Is this document focused on one of those or more? Is the intent to cover all of those things, or a small scope? There will be a need for a lot of those things going forward. ⁃ Cullen Jennings: Agree that this isn’t a great mechanism to order numbers from service providers. There is value in the service provider reporting back to the enterprise that this is number range allocated. ⁃ Kaustubh Inamdar: Two points - scope of work at this time to get what the service provider likes/doesn’t like, supports/doesn’t support and use that information to bring up the SIP trunk. We can certainly discuss if some of the as a service paradigms could be added into scope. Also, there is a field within the capability set wherein the service provider reports that exact number block/range allocated to the enterprise. That would serve a viable mechanism for the enterprise to use the appropriate identity when sending calls outbound. ⁃ Chris Wendt: I guess my concern is that there isn’t a ton of overlap. Probably could have different specs to address those. ⁃ Gonzalo Salgueiro: Wanted to follow up with Jonathan on something that was discussed in the last meeting about conflicts that needed to be resolved between this draft and his draft on SIP High Availability. ⁃ Jonathan Rosenberg: Have not looked at it yet, will do so. ⁃ Kaustubh Inamdar: Ask the group their thoughts on open items - Need to register a new link relation type and whether the group favours XML over JSON or vice versa. ⁃ Jean Mahoney: Some of the questions have been outstanding for a while. XML v/s JSON. ⁃ Jonathan Rosenberg: Flip a coin or support both. JSON! I vote for JSON, can we close the open issue? Just pick something. ⁃ Cullen Jennings: Please don’t pick two things, pick one. I second Jonathan’s proposal of using JSON or any other proposal - but just pick one format. ~ Show of hands for JSON as the encoding format. Group favors JSON. ⁃ Gonzalo Salgueiro: Kaustubh & Sreekanth, what is it exactly about WebFinger that you’ll want final decisions on? ⁃ Kaustubh Inamdar: To make this as much of an automated solution as possible, WebFinger is useful. In the context of ASAP, for WebFinger to be truly effective, we cannot have a WebFinger query that returns a ton of objects in the Links Array as most of them aren’t relevant to ASAP. To make WebFinger more streamlined for ASAP, it makes sense to define a new link relation type. It could be called “capabilitySet” or anything else. The name of the link relation isn’t important. Looking for decision on whether is makes sense to register a new link relation type in IANA. ⁃ Gonzalo Salgueiro: We can do a show of hands for decision on registering a new link relation type for WebFinger. ~ Show of hands for registering a new link relation type for ASAP. 5 weighed in, all 5 are in favor. ⁃ Jean Mahoney: Is there anything else that we should throw to a show of hands? ⁃ Jonathan Rosenberg: Not sure, whether this should be thrown to a show of hands, but if this is the mechanism used by service providers to report the number range allocated to an enterprise, it dramatically changes the security properties of the framework. Minus the number range, other fields, one can argue, doesn’t require authentication. However, a number range is sensitive information. The document waives its hand on authentication. You probably should say more than “out of scope” in the draft. My question is whether we need to specify an authentication mechanism to get an interoperable solution? Or leave it vague? Or remove anything from the draft that is considered sensitive information? ⁃ Cullen Jennings: I favor simplicity over anything else. If adding an explicit authentication mechanism makes this more complicated, I would favor simplicity. While I can easily live with either, I favor simplicity. ⁃ Kaustubh Inamdar: I agree with Cullen. The purpose of this effort was to make SIP trunk configuration simple. However, to ensure that this framework is relevant for some time to come, it probably makes sense to add text around an explicit authentication mechanism so that number ranges can be reported by service providers. ⁃ Jonathan Rosenberg: I would not leave it vague or suggest that we use Digest. We can probably use OAuth, which shouldn’t be difficult to specify, however, we don’t know if vendors would be willing to implement. It could a barrier. ⁃ Sreekanth Narayanan: We did have OAuth in an earlier version of the draft. But was removed, because we thought it might be complicated to implement. We need to make a decision on this and weigh whether we need to specify an authentication mechanism to be able to include sensitive data or favour implementation simplicity. ⁃ Jean Mahoney: The authentication decision perhaps needs more discussion on the mailer as opposed to settling it now via a show of hands. ~ Wrap-Up and Next Steps: ⁃ Confirm on the list about the use of JSON and the need to register a new WebFinger link relation type.