Re: [auth48] AUTH48: RFC-to-be 9410 <draft-ietf-stir-identity-header-errors-handling-08> for your review
Chris Wendt <chris-ietf@chriswendt.net> Wed, 12 July 2023 12:26 UTC
Return-Path: <chris-ietf@chriswendt.net>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33028C151531; Wed, 12 Jul 2023 05:26:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.093
X-Spam-Level:
X-Spam-Status: No, score=-2.093 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=chriswendt.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GEOo9TA0ZNAE; Wed, 12 Jul 2023 05:26:15 -0700 (PDT)
Received: from caracal.birch.relay.mailchannels.net (caracal.birch.relay.mailchannels.net [23.83.209.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4096DC15106E; Wed, 12 Jul 2023 05:26:13 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|chris-ietf@chriswendt.net
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 47E672C10B2; Wed, 12 Jul 2023 12:26:13 +0000 (UTC)
Received: from pdx1-sub0-mail-a302.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id AE7B22C1263; Wed, 12 Jul 2023 12:26:12 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1689164772; a=rsa-sha256; cv=none; b=L6QmqUBPc1tzxjwIojq3gPsYt5CosNqmdmRc51flYsrQ4GYdEYJXARGnjsLhtGGXw9SXt0 89UpEd9AUwEizvjmItVFU/lHHvar8CjXwlBxxn+W6MfGB4clxb3ToQqNSZ4MXvzrG4flxM m0a6a/DEmcUO9m99DRi0O5RT41KHv4Mm4ARpwZ3Kyk0TqylP/okGKeB8jSWzHKwlt5tl20 RZ9nYiuX/K4aXRK0njxAUDdF9s5FYrivR9CWXb4Okla+DpqRVSPnqiGZF3QFxlXngV0VuL 5A56L1ImrTNibar26X9mE8n0AXnWnEj/d/uTFP2lHzjRRNNZDIELumYb0T7aTg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1689164772; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=1ibjIZgr0ACBh+ZWRhP7Z5+0C0GA3FfH3GKHWN58+Qg=; b=s0BjmSUw2TEeO7R1xLYTCtxRLXlSbXHHpY/gIvP4HumNA6NvP07c0/NoOd4C3J+ON0ZtVc Sq0w0BWubF1uHmZEnG40xkj8MEjTBriq82hbUSGnjm4OKip5KNJvF/dZin7g0fd04vXoxB Kbervo6nzceJF0Udvix2wPQWLZUuSTOAIsKW8+QyyHW3ZjT62PCNeThVHRHD3aJsgn8Yd7 X1dMx/+stCyqOwqe8KJUXBLxToPwFijcVDuWCoSQ+C7Qm+RJnvpi4Cu5oandCpWujdCjCg bkwdNnIpZFZ/vAjulp0xA7Kh3IypEZG4fW7+TwqPG4V+rYYIWDT5tMtndygkMg==
ARC-Authentication-Results: i=1; rspamd-5595f87fc9-9k5ps; auth=pass smtp.auth=dreamhost smtp.mailfrom=chris-ietf@chriswendt.net
X-Sender-Id: dreamhost|x-authsender|chris-ietf@chriswendt.net
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|chris-ietf@chriswendt.net
X-MailChannels-Auth-Id: dreamhost
X-Drop-Reaction: 7ae81f0026fb9ba9_1689164773030_3519895629
X-MC-Loop-Signature: 1689164773030:2070593864
X-MC-Ingress-Time: 1689164773030
Received: from pdx1-sub0-mail-a302.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.119.45.70 (trex/6.9.1); Wed, 12 Jul 2023 12:26:13 +0000
Received: from smtpclient.apple (unknown [172.56.2.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: chris-ietf@chriswendt.net) by pdx1-sub0-mail-a302.dreamhost.com (Postfix) with ESMTPSA id 4R1H5t5mlLzRt; Wed, 12 Jul 2023 05:26:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chriswendt.net; s=dreamhost; t=1689164772; bh=1ibjIZgr0ACBh+ZWRhP7Z5+0C0GA3FfH3GKHWN58+Qg=; h=Content-Type:Subject:From:Date:Cc:Content-Transfer-Encoding:To; b=IjVJQ+9G3mlLEQcG+kELuxoWgnvLY+4UIzPZrM6kBdML4jKAhM2lowJMXrWnPM++S eEZgW6uHE38aVtP8P4AZnk3uEum79VAIvAhMHjB2/igFyJ++He8oFpvSB/I3J3qlRp Ubw6yrziWb+KJ/BCKxLd0dn3ftqEctnPila1ZyQ1CDwcF1v/1jMTwUI1mKgCmofBkw LGCKXbYiVIqzQ9wFJg87dmrz76rEZY6ap6syanYZSkUSP01iladLSf0Qwi6jQdTDzB RHev3kwotywzxJWY6AhZl2Kvd8Nwo2PLNyGYj4QR1uu/OIdUHp9iMPVOGdCjO3JCKB Il88w6mI2438A==
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
From: Chris Wendt <chris-ietf@chriswendt.net>
In-Reply-To: <20230711035118.CE02A119E2@rfcpa.amsl.com>
Date: Wed, 12 Jul 2023 08:25:59 -0400
Cc: Chris Wendt <chris-ietf@chriswendt.net>, stir-ads@ietf.org, STIR Chairs <stir-chairs@ietf.org>, Ben Campbell <ben@nostrum.com>, "Murray S. Kucherawy" <superuser@gmail.com>, auth48archive@rfc-editor.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <CA88E251-A61F-464B-8705-D3D24E3CA37D@chriswendt.net>
References: <20230711035118.CE02A119E2@rfcpa.amsl.com>
To: RFC Editor <rfc-editor@rfc-editor.org>
X-Mailer: Apple Mail (2.3731.600.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/09GwqcZQGcUFHKVlc2YZ7iAl9NQ>
Subject: Re: [auth48] AUTH48: RFC-to-be 9410 <draft-ietf-stir-identity-header-errors-handling-08> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jul 2023 12:26:19 -0000
Responses inline. > On Jul 10, 2023, at 11:51 PM, rfc-editor@rfc-editor.org wrote: > > Authors, > > While reviewing this document during AUTH48, please resolve (as necessary) > the following questions, which are also in the XML file. > > 1) <!-- [rfced] Note that the title of the document has been updated as > follows. Please review and let us know if updates are required. > > Original: > Identity Header Errors Handling for STIR > > Current: > Handling of Identity Header Errors for Secure Telephone Identity > Revisited (STIR) --> > ok > > 2) <!-- [rfced] Please insert any keywords (beyond those that appear in the > title) for use on https://www.rfc-editor.org/search. --> > multiple errors, passport, reason header field > > 3) <!-- [rfced] We suggest rephrasing the following text in the abstract > into two seperate sentences for better comprehension. Does the following > suggestion retain your intended meaning? > > Original: > This document extends STIR and the Authenticated Identity Management > in the Session Initiation Protocol (SIP) error handling procedures to > include the mapping of verification failure reasons to STIR defined 4xx > codes so the failure reason of an Identity header field can be conveyed to > the upstream authentication service when local policy dictates that the > call should continue in the presence of a verification failure. > > Perhaps: > This document extends Secure Telephone Identity Revisited (STIR) and > the Authenticated Identity Management in the Session Initiation Protocol > (SIP) error-handling procedures to include the mapping of verification > failure reasons to STIR-defined 4xx codes. The failure reason of an > Identity header field can be conveyed to the upstream authentication > service when local policy dictates that the call should continue in the > presence of a verification failure.--> > I would include this slight variation to clarify the meaning: > This document extends the Secure Telephone Identity Revisited (STIR) and > the Authenticated Identity Management in the Session Initiation Protocol > (SIP) current error-handling procedures for the mapping of verification > failure reasons to STIR-defined 4xx codes. It extends the ability to use the reason header field as an option of conveying an error associated with an > Identity header field to the upstream authentication > service when local policy dictates that the call should continue in the > presence of a verification failure. > > 4) <!-- [rfced] We suggest rephrasing the following sentence for > readability. Does the following suggestion retain your intended meaning? > > Original: > [RFC8224] describes the use of the STIR framework in the SIP > protocol [RFC3261] and defines both the authentication service that creates > a PASSporT, defined in [RFC8225], and delivers it in an Identity header > field and the verification service that correspondingly verifies the > PASSporT and embedded originating identity. > > Perhaps: > [RFC8224] describes the use of the STIR framework in the SIP > protocol [RFC3261]. It defines both a) the authentication service that > creates a PASSporT [RFC8225] and delivers it in an Identity header field, > and b) the verification service that correspondingly verifies the PASSporT > and embedded originating identity.--> > ok > > 5) <!-- [rfced] We suggest rephrasing the following sentence for clarity. Does the following suggestion retain your intended meaning? > > Original: > Additionally, it addresses the issue of the current 4xx error > response and that when there is a verification error, the call is terminated. > > Perhaps: > Additionally, it addresses the issue of the current 4xx error > response, i.e., the call is terminated when a verification error is > present. --> ok > > > 6) <!-- [rfced] We have rephrased the following sentence for clarity. > Please let us know any objections. > > Original: > In many cases of, for example, inadvertent or operational errors > that do not represent any identity falsification type of attempt, the > policy of continuing the call even though the identity is not verified, may > be the preferred policy. > > Current: > For example, in many cases of inadvertent or operational errors that > do not represent any type of identity falsification attempt, the preferred > policy may be to continue the call despite the unverified > identity. --> ok > > > 7) <!-- [rfced] For readability, please consider whether the following correctly conveys the intended meaning. > > Original: > For the handling of multiple Identity header fields and the potential > situation that some of the Identity header fields in a call may pass > verification but others may have errors, this document defines the > method of adding an identifier so that the authentication service can > uniquely identify which Identity header field is being referred to in > the case of an error. > > Perhaps: > To handle multiple Identity header fields where > some in a call may be verified while others may not (i.e., they have > errors), this document defines a method by which an identifier is added > to the header so that the authentication service can uniquely identify > which Identity header field is being referred to in > the case of an error. > --> > ok > > 8) <!-- [rfced] We have updated artwork elements to sourcecode throughout > the document. Please review the "type" attribute of each sourcecode element > in the XML file to ensure correctness. If the current list of preferred > values for "type" > (https://www.rfc-editor.org/materials/sourcecode-types.txt) does not > contain an applicable type, then feel free to let us know. Also, it is > acceptable to leave the "type" attribute not set. --> > I think that is ok to have the artwork as sourcecode. But i’ll also defer to editor or others cc’d if there is better feedback. > > 9) <!-- [rfced] Please review the following text. Terms such as "cause code" and "call dialog" do not appear in RFC 8824. Please let us know how/if we should update the text and/or citation. > > Original: > The > association of a "ppi" parameter with a Reason header field using > "STIR" protocol MUST only identify a single cause code in the context > of a call dialog defined in [RFC8224] or in future documents defining > STIR related errors. > --> > Good question, the cause codes (i.e. 4xx) are defined in 8224, but the Reason header and cause code are defined in 3326. Call dialog as a term is defined in 3261. So perhaps the following: The association of a “ppi” parameter with a Reason header field [RFC3326] using the protocol value of “STIR” defined in this document MUST only identify a single cause code [RFC3326] in the context of a call dialog [RFC3261] corresponding to only the STIR related error codes defined in [RFC8224] or in future documents defining new STIR related error codes. > > 10) <!-- [rfced] FYI - We have added expansions for the following > abbreviations per Section 3.6 of RFC 7322 ("RFC Style Guide"). Please > review each expansion in the document carefully to ensure correctness. > > Secure Telephone Identity Revisited (STIR) > User Agent Client (UAC) > User Agent Server (UAS) --> Yes these are correct > > > 11) <!-- [rfced] Please review the "Inclusive Language" portion of the > online Style Guide > <https://www.rfc-editor.org/styleguide/part2/#inclusive_language> and let > us know if any changes are needed. Note that our script did not flag any > words in particular, but this should still be reviewed as a best > practice. --> > I did not find any opportunities to change anything. > > Thank you. > > RFC Editor > > > On Jul 10, 2023, at 8:45 PM, rfc-editor@rfc-editor.org wrote: > > *****IMPORTANT***** > > Updated 2023/07/10 > > RFC Author(s): > -------------- > > Instructions for Completing AUTH48 > > Your document has now entered AUTH48. Once it has been reviewed and > approved by you and all coauthors, it will be published as an RFC. > If an author is no longer available, there are several remedies > available as listed in the FAQ (https://www.rfc-editor.org/faq/). > > You and you coauthors are responsible for engaging other parties > (e.g., Contributors or Working Group) as necessary before providing > your approval. > > Planning your review > --------------------- > > Please review the following aspects of your document: > > * RFC Editor questions > > Please review and resolve any questions raised by the RFC Editor > that have been included in the XML file as comments marked as > follows: > > <!-- [rfced] ... --> > > These questions will also be sent in a subsequent email. > > * Changes submitted by coauthors > > Please ensure that you review any changes submitted by your > coauthors. We assume that if you do not speak up that you > agree to changes submitted by your coauthors. > > * Content > > Please review the full content of the document, as this cannot > change once the RFC is published. Please pay particular attention to: > - IANA considerations updates (if applicable) > - contact information > - references > > * Copyright notices and legends > > Please review the copyright notice and legends as defined in > RFC 5378 and the Trust Legal Provisions > (TLP – https://trustee.ietf.org/license-info/). > > * Semantic markup > > Please review the markup in the XML file to ensure that elements of > content are correctly tagged. For example, ensure that <sourcecode> > and <artwork> are set correctly. See details at > <https://authors.ietf.org/rfcxml-vocabulary>. > > * Formatted output > > Please review the PDF, HTML, and TXT files to ensure that the > formatted output, as generated from the markup in the XML file, is > reasonable. Please note that the TXT will have formatting > limitations compared to the PDF and HTML. > > > Submitting changes > ------------------ > > To submit changes, please reply to this email using ‘REPLY ALL’ as all > the parties CCed on this message need to see your changes. The parties > include: > > * your coauthors > > * rfc-editor@rfc-editor.org (the RPC team) > > * other document participants, depending on the stream (e.g., > IETF Stream participants are your working group chairs, the > responsible ADs, and the document shepherd). > > * auth48archive@rfc-editor.org, which is a new archival mailing list > to preserve AUTH48 conversations; it is not an active discussion > list: > > * More info: > https://mailarchive.ietf.org/arch/msg/ietf-announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc > > * The archive itself: > https://mailarchive.ietf.org/arch/browse/auth48archive/ > > * Note: If only absolutely necessary, you may temporarily opt out > of the archiving of messages (e.g., to discuss a sensitive matter). > If needed, please add a note at the top of the message that you > have dropped the address. When the discussion is concluded, > auth48archive@rfc-editor.org will be re-added to the CC list and > its addition will be noted at the top of the message. > > You may submit your changes in one of two ways: > > An update to the provided XML file > — OR — > An explicit list of changes in this format > > Section # (or indicate Global) > > OLD: > old text > > NEW: > new text > > You do not need to reply with both an updated XML file and an explicit > list of changes, as either form is sufficient. > > We will ask a stream manager to review and approve any changes that seem > beyond editorial in nature, e.g., addition of new text, deletion of text, > and technical changes. Information about stream managers can be found in > the FAQ. Editorial changes do not require approval from a stream manager. > > > Approving for publication > -------------------------- > > To approve your RFC for publication, please reply to this email stating > that you approve this RFC for publication. Please use ‘REPLY ALL’, > as all the parties CCed on this message need to see your approval. > > > Files > ----- > > The files are available here: > https://www.rfc-editor.org/authors/rfc9410.xml > https://www.rfc-editor.org/authors/rfc9410.html > https://www.rfc-editor.org/authors/rfc9410.pdf > https://www.rfc-editor.org/authors/rfc9410.txt > > Diff file of the text: > https://www.rfc-editor.org/authors/rfc9410-diff.html > https://www.rfc-editor.org/authors/rfc9410-rfcdiff.html (side by side) > > Diff of the XML: > https://www.rfc-editor.org/authors/rfc9410-xmldiff1.html > > The following files are provided to facilitate creation of your own > diff files of the XML. > > Initial XMLv3 created using XMLv2 as input: > https://www.rfc-editor.org/authors/rfc9410.original.v2v3.xml > > XMLv3 file that is a best effort to capture v3-related format updates > only: > https://www.rfc-editor.org/authors/rfc9410.form.xml > > > Tracking progress > ----------------- > > The details of the AUTH48 status of your document are here: > https://www.rfc-editor.org/auth48/rfc9410 > > Please let us know if you have any questions. > > Thank you for your cooperation, > > RFC Editor > > -------------------------------------- > RFC9410 (draft-ietf-stir-identity-header-errors-handling-08) > > Title : Identity Header Errors Handling for STIR > Author(s) : C. Wendt > WG Chair(s) : Ben Campbell, Robert Sparks, Russ Housley > Area Director(s) : Murray Kucherawy, Francesca Palombini > >
- [auth48] AUTH48: RFC-to-be 9410 <draft-ietf-stir-… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9410 <draft-ietf-s… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9410 <draft-ietf-s… Chris Wendt
- Re: [auth48] AUTH48: RFC-to-be 9410 <draft-ietf-s… Russ Housley
- Re: [auth48] AUTH48: RFC-to-be 9410 <draft-ietf-s… Chris Wendt
- Re: [auth48] AUTH48: RFC-to-be 9410 <draft-ietf-s… Madison Church
- Re: [auth48] AUTH48: RFC-to-be 9410 <draft-ietf-s… Chris Wendt
- Re: [auth48] AUTH48: RFC-to-be 9410 <draft-ietf-s… Madison Church
- Re: [auth48] AUTH48: RFC-to-be 9410 <draft-ietf-s… Madison Church
- Re: [auth48] AUTH48: RFC-to-be 9410 <draft-ietf-s… Chris Wendt
- Re: [auth48] AUTH48: RFC-to-be 9410 <draft-ietf-s… Madison Church