SPITSTOP BOF Request for 69th IETF

-- General Information ------------------

RAI Area Director(s): Cullen Jennings and Jon Peterson
RAI Area Advisor: Cullen Jennings

Mailing list for discussion:
https://listserv.netlab.nec.de/mailman/listinfo/spitstop

Proposed co-chair(s): Juergen Quittek and Mary Barnes

-- BOF Information ------------------

* BOF Description:

Spam over IP Telephony (SPIT) is a potential severe threat to real-time
communication applications. Discussion of the issue is already going on
at the IETF for some time and first products are being deployed.

Currently, there are two big problems to be solved on the way towards
a reasonable protection of users from SPIT. The first issue is the
selection and further development of SPIT detection methods.
This is an application level research issue not addressed by this BoF.

The other problem is how to integrate SPIT prevention methods into
real-time applications. This is an engineering problem including
the following issues:

- a SPIT prevention framework,
- reference scenarios for communication between entities involved
in SPIT prevention,
- protocols for communication between the entities.

The target of this BoF session is identifying the need for IETF standards
addressing the issues. For all issues, I-Ds are already available that
will serve as basis for discussions.

A framework would describe mechanisms and identify entities involved
in SPIT prevention and assign roles to them. The description of mechanisms
is progressing as a SIPPING WG work item. Entities to be identified may
include existing entities, such as SIP proxy servers, as well as new entities
to be developed, such as SPIT detection engines that analyze SIP messages.

Reference scenarios would specify how these entities communicate with
each other and which information is exchanged between them.
One example would be requesting an analysis of of a SIP INVITE message
in order to determine the probability of the call to be SPIT.
Another example would be a user agent indicating to another entity
that a previously received call actually was SPIT.

For conducting the communication between entities involved in SPIT prevention,
protocols are required that transmit the information to be exchanged. For
the envisioned referenced scenarios protocols need to be specified. This can
be achieved by using or extending existing protocols, such as SIP, or be
developing new protocols for this purpose.

Discussions at the BoF session will not go into much detail concerning the
engineering issues to be solved but rather focus on whether or not these
issues need to be addressed by the IETF and if yes, in which way this should
be done.

* Existing Internet drafts Related to this BOF:

-- Jennings, C. and J. Rosenberg, "The Session Initiation Protocol (SIP)
and Spam", draft-ietf-sipping-spam-04 (work in progress), February 2007.

-- Niccolini, S. and J. Quittek, "Signaling TO Prevent SPIT (SPITSTOP)
Reference Scenario", draft-niccolini-sipping-spitstop-00 (work in progress),
January 2007.

-- Niccolini, S., "SIP Extensions for SPIT identification",
draft-niccolini-sipping-feedback-spit-03 (work in progress), February 2007.

-- Shacham, R. and H. Schulzrinne, "HTTP Header for Future Correspondence
Addresses", draft-shacham-http-corr-uris-00 (work in progress), May 2007.

-- Froment, T., "Authorization Policies for Preventing SPIT",
draft-froment-sipping-spit-authz-policies-02 (work in progress), February 2007.

* Proposed BOF Agenda (2 hours slot requested):

-- Introduction to the objectives of the BOF (5 minutes)
-- Presentation on framework for anti-spam in SIP (10 minutes)
-- draft-ietf-sipping-spam-04
-- Presentation on reference scenario for potential prevention communication (20 minutes)
-- draft-niccolini-sipping-spitstop-00
-- draft-niccolini-sipping-feedback-spit-03
-- Presentation on accepting communication based on whitelisting (10 minutes)
-- draft-shacham-http-corr-uris-00
-- Presentation on authorization policies for SPIT prevention (10 minutes)
-- draft-froment-sipping-spit-authz-policies-02
-- Discussion about needs for standardization and how/where to handle them (60 minutes)

* Proposed BOF Agenda (1 hour slot requested):

-- Introduction to the objectives of the BOF (5 minutes)
-- Presentation on framework for anti-spam in SIP (10 minutes)
-- draft-ietf-sipping-spam-04
-- Presentation on reference scenario for potential prevention communication (10 minutes)
-- draft-niccolini-sipping-spitstop-00
-- draft-niccolini-sipping-feedback-spit-03
-- Presentation on accepting communication based on whitelisting (10 minutes)
-- draft-shacham-http-corr-uris-00
-- Discussion about needs for standardization and how/where to handle them (25 minutes)

-- Attendance estimation and conflicts ------------------

Estimated attendance is exprected to gather mainly from people normally
attending groups like SIP, SIPPING and SPEERMINT in the RAI area, as well
as other groups in the security area. Thus conflicts with these groups
should be avoided as much as possible. Estimated attendance number
is about 150 persons.