Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-stir-messaging-08> for your review
Megan Ferguson <mferguson@amsl.com> Wed, 11 October 2023 20:08 UTC
Return-Path: <mferguson@amsl.com>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDA3EC151542; Wed, 11 Oct 2023 13:08:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 048oRF_UBooj; Wed, 11 Oct 2023 13:08:10 -0700 (PDT)
Received: from c8a.amsl.com (c8a.amsl.com [4.31.198.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B0AAC151533; Wed, 11 Oct 2023 13:08:10 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by c8a.amsl.com (Postfix) with ESMTP id 669FC424B42B; Wed, 11 Oct 2023 13:08:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from c8a.amsl.com ([127.0.0.1]) by localhost (c8a.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Epr3ec-KTcKV; Wed, 11 Oct 2023 13:08:10 -0700 (PDT)
Received: from [192.168.68.114] (c-67-161-143-5.hsd1.co.comcast.net [67.161.143.5]) by c8a.amsl.com (Postfix) with ESMTPSA id DCF51424B42A; Wed, 11 Oct 2023 13:08:09 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
From: Megan Ferguson <mferguson@amsl.com>
In-Reply-To: <5015D089-6A03-42A0-9870-EDEB09B30569@amsl.com>
Date: Wed, 11 Oct 2023 14:08:08 -0600
Cc: stir-ads@ietf.org, stir-chairs@ietf.org, ben@nostrum.com, "Murray S. Kucherawy" <superuser@gmail.com>, auth48archive@rfc-editor.org, RFC Editor <rfc-editor@rfc-editor.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <CCEE8758-8B8B-418B-B8B4-3094CC02A06A@amsl.com>
References: <20230908220539.01450631CA3@rfcpa.amsl.com> <C7170A35-B3DB-4E08-B2DE-E532335B3FF1@amsl.com> <5015D089-6A03-42A0-9870-EDEB09B30569@amsl.com>
To: jon.peterson@team.neustar, chris-ietf@chriswendt.net
X-Mailer: Apple Mail (2.3654.60.0.2.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/U2oTEhUryc-K9ag_LZ-m4qE0JKw>
Subject: Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-stir-messaging-08> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Oct 2023 20:08:14 -0000
Authors, Just hoping for a confirmation of receipt of the emails regarding this document. Please see further AUTH48 instructions in this email thread. The AUTH48 status page of this document is viewable at: http://www.rfc-editor.org/auth48/rfc9475 AUTH48 FAQs are available at https://www.rfc-editor.org/faq/#auth48. We look forward to hearing from you at your earliest convenience. Thank you. RFC Editor/mf > On Oct 2, 2023, at 10:16 AM, Megan Ferguson <mferguson@amsl.com> wrote: > > Authors, > > Just a friendly ping that this document awaits your action. Please see below for more details. > > Thank you. > > RFC Editor/mf > > >> On Sep 22, 2023, at 2:35 PM, Megan Ferguson <mferguson@amsl.com> wrote: >> >> Greetings, >> >> Just a friendly weekly reminder that this document awaits your attention. Please see the document-specific questions and AUTH48 announcement in this thread and let us know if we can be of assistance as you begin the AUTH48 review process. >> >> Please note that the AUTH48 status page of this document is viewable at: >> >> http://www.rfc-editor.org/auth48/rfc9475 >> >> AUTH48 FAQs are available at https://www.rfc-editor.org/faq/#auth48. >> >> We look forward to hearing from you at your earliest convenience. >> >> Thank you. >> >> RFC Editor/mf >> >>> On Sep 8, 2023, at 4:05 PM, rfc-editor@rfc-editor.org wrote: >>> >>> Authors, >>> >>> While reviewing this document during AUTH48, please resolve (as necessary) the following questions, which are also in the XML file. >>> >>> 1) <!-- [rfced] Please note that the title of the document has been >>> updated as follows: >>> >>> Abbreviations have been expanded per Section 3.6 of RFC 7322 (“RFC >>> Style Guide”). Please review. >>> >>> Original: >>> Messaging Use Cases and Extensions for STIR >>> >>> Current: >>> Messaging Use Cases and Extensions for Secure Telephone Identity >>> Revisited (STIR) >>> >>> --> >>> >>> >>> 2) <!--[rfced] We had two questions about the first sentence in the >>> Abstract: >>> >>> a) Should "protocol" or "problem statement" or some other noun follow >>> the expansion of STIR in this text? If we cut "STIR" and just read >>> with the expansion, this sounds a bit odd. >>> >>> b) May we break up this sentence as suggested below for the ease of >>> the reader? >>> >>> Original: >>> Secure Telephone Identity Revisited (STIR) provides a means of >>> attesting the identity of a telephone caller via a signed token in >>> order to prevent impersonation of a calling party number, which is a >>> key enabler for illegal robocalling. >>> >>> Perhaps: >>> The Secure Telephone Identity Revisited (STIR) protocol provides a >>> means of attesting the identity of a telephone caller via a signed >>> token. This prevents impersonation of a calling party number, which >>> is a key enabler for illegal robocalling. >>> >>> >>> --> >>> >>> >>> 3) <!--[rfced] FYI - we have broken up the information in the following >>> sentence to make it easier for the reader to digest. Please let >>> us know if these changes have deviated from your intended >>> meaning. >>> >>> Original: >>> For the first case, where SIP negotiates a session where the media >>> will be text messages or MIME content, as, for example, with the >>> Message Session Relay Protocol (MSRP) [RFC4975], the usage of STIR >>> would deviate little from [RFC8224]. >>> >>> Current: >>> In the first case described in Section 3, SIP negotiates a >>> session in which the media will be text messages or MIME content, as, >>> for example, with the Message Session Relay Protocol (MSRP) >>> [RFC4975]. This usage of STIR would deviate little from [RFC8224]. >>> --> >>> >>> >>> 4) <!--[rfced] Can the timestamp itself order things? Or can the >>> timestamp be used to order things? >>> >>> Original: >>> ...duplicate messages are easily detected, >>> and the timestamp can order messages displayed to the user inbox in a >>> way that precludes showing stale messages as fresh. >>> >>> Perhaps: >>> ...duplicate messages are easily detected, and the timestamp can be >>> used to order messages displayed in the user inbox in a way that >>> precludes showing stale messages as fresh. >>> --> >>> >>> >>> 5) <!--[rfced] FYI - We have updated the expansion of MMS as follows to >>> match more common use in recent RFCs. Please let us know any >>> objections: >>> >>> Original: >>> multimedia message system (MMS) >>> >>> Current: >>> Multimedia Messaging Service (MMS) >>> --> >>> >>> >>> 6) <!--[rfced] How may we update this text for clarity? We do not see >>> "profiles" in RFC 8226. (Note that we have made the change from >>> "profiles defines" to "profiles define" pending more >>> information). >>> >>> Original: >>> The [RFC8226] STIR certificate profiles defines... >>> >>> Perhaps: >>> "Secure Telephone Identity Credentials: Certificates" [RFC8226] defines... >>> >>> Or perhaps: >>> The STIR certificate profiles defined in [RFC8226]... >>> --> >>> >>> >>> 7) <!--[rfced] This sentence describes a lot of things being "contain"ed. >>> Might a rephrase benefit the reader? If so, please let us know >>> how we may update. >>> >>> Original: >>> As the "orig" and "dest" field of PASSporTs may contain URIs >>> containing SIP URIs without telephone numbers, the STIR for messaging >>> mechanism contained in this specification is not inherently >>> restricted to the use of telephone numbers. >>> >>> >>> >>> --> >>> >>> >>> 8) <!--[rfced] May we update the following to avoid awkward hyphenation? >>> >>> Original: >>> This specification offers no guidance on certification authorities who >>> are appropriate to sign for non-telephone number "orig" values. >>> >>> Perhaps: >>> This specification offers no guidance on certification authorities who >>> are appropriate to sign for "orig" values that are not for use with >>> telephone numbers. >>> >>> --> >>> >>> >>> 9) <!--[rfced] Please note the following about the IANA Considerations >>> and IANA-related text in the document: >>> >>> a) Please note that we have changed IESG to be IETF for the Change >>> Controller of the "msgi" registration at >>> https://www.iana.org/assignments/jwt/jwt.xhtml. This is in accordance >>> with the following note we received from IANA: >>> >>> "Note: in accordance with recent practice, the change controller for >>> this registration has been changed from the IESG to the IETF." >>> >>> b) We have cut the URL to the registry mentioned in Section 6.2 to >>> match Section 6.1. Please let us know any objections. >>> >>> c) We have removed the quote marks as they do not appear in the >>> corresponding registries. >>> >>> --> >>> >>> >>> 10) <!-- [rfced] We have added RFC 4648 as an Informative Reference. Please let us know if it should be Normative instead. >>> >>> Original: >>> The subsequent characters in the claim value are the base64 encoded >>> [RFC4648] digest of a canonicalized and concatenated string or binary data >>> based MIME body of the message. --> >>> >>> >>> 11) <!--[rfced] We had the following questions related to terminology use >>> throughout the document: >>> >>> a) We note the use of the following similar terms: >>> >>> SIP Identity header >>> Identity header >>> Identity >>> identity >>> >>> Please review these instances and let us know if any updates are >>> necessary for clarity (e.g., should all "Identity header"s be called >>> "SIP Identity header"s). >>> >>> b) We see both: >>> >>> "orig" field >>> "orig" values >>> >>> Should the latter be made "orig" field values? >>> >>> c) We see the following uses of "baseline": >>> >>> i) At a high level, baseline PASSporT [RFC8225] claims provide similar >>> value to... >>> >>> ii) Current usage of baseline [RFC8224] Identity is largely confined to >>> INVITE requests that initiate telephone calls. >>> >>> iii) Per baseline [RFC8224], this specifications leaves it to local policy >>> to determine how messages are handled after verification succeeds or >>> fails. >>> >>> For i), we see the use of "baseline claims" in RFC 8225, so we would >>> simply suggest moving the citation tag as follows: >>> >>> Perhaps: >>> At a high level, baseline PASSporT claims (see [RFC8225]) provide similar >>> value to... >>> >>> For ii), we note that "baseline Identity" is not mentioned in RFC >>> 8224. Please review this text and let us know how to update. >>> >>> For iii), we see RFC 8225 referred to as "the baseline PASSporT >>> specification" in RFC 8224. Please review this text and let us know >>> how to update. >>> >>> Perhaps: >>> Per the guidance in the baseline PASSporT specification [RFC8225], this >>> specification leaves it to local policy to determine how messages >>> are handled after verification succeeds or fails. >>> >>> d) We see both PASSporT Type and PASSporT type. We updated to use the >>> lowercase "type" throughout. Please let us know any objections. >>> >>> --> >>> >>> >>> 12) <!-- [rfced] Please review the "Inclusive Language" portion of the >>> online Style Guide >>> <https://www.rfc-editor.org/styleguide/part2/#inclusive_language> >>> and let us know if any changes are needed. >>> >>> For example, please consider whether the following should be updated: >>> >>> >>> ...authorized to use the calling party number (or, for native SIP cases,... >>> >>> >>> In addition, please consider whether "tradition" should be updated for >>> clarity. While the NIST website >>> <https://www.nist.gov/nist-research-library/nist-technical-series-publications-author-instructions#table1> >>> indicates that this term is potentially biased, it is also ambiguous. >>> "Tradition" is a subjective term, as it is not the same for everyone. >>> >>> >>> ...value to number-based messaging as they do to traditional >>> telephone... >>> >>> ...treatment that differs from traditional delivery expectations of >>> SIP... >>> >>> ...the traditional telephone network and those based on >>> over-the-top... >>> --> >>> >>> >>> Thank you. >>> >>> RFC Editor/kf/mf >>> >>> *****IMPORTANT***** >>> >>> Updated 2023/09/08 >>> >>> RFC Author(s): >>> -------------- >>> >>> Instructions for Completing AUTH48 >>> >>> Your document has now entered AUTH48. Once it has been reviewed and >>> approved by you and all coauthors, it will be published as an RFC. >>> If an author is no longer available, there are several remedies >>> available as listed in the FAQ (https://www.rfc-editor.org/faq/). >>> >>> You and you coauthors are responsible for engaging other parties >>> (e.g., Contributors or Working Group) as necessary before providing >>> your approval. >>> >>> Planning your review >>> --------------------- >>> >>> Please review the following aspects of your document: >>> >>> * RFC Editor questions >>> >>> Please review and resolve any questions raised by the RFC Editor >>> that have been included in the XML file as comments marked as >>> follows: >>> >>> <!-- [rfced] ... --> >>> >>> These questions will also be sent in a subsequent email. >>> >>> * Changes submitted by coauthors >>> >>> Please ensure that you review any changes submitted by your >>> coauthors. We assume that if you do not speak up that you >>> agree to changes submitted by your coauthors. >>> >>> * Content >>> >>> Please review the full content of the document, as this cannot >>> change once the RFC is published. Please pay particular attention to: >>> - IANA considerations updates (if applicable) >>> - contact information >>> - references >>> >>> * Copyright notices and legends >>> >>> Please review the copyright notice and legends as defined in >>> RFC 5378 and the Trust Legal Provisions >>> (TLP – https://trustee.ietf.org/license-info/). >>> >>> * Semantic markup >>> >>> Please review the markup in the XML file to ensure that elements of >>> content are correctly tagged. For example, ensure that <sourcecode> >>> and <artwork> are set correctly. See details at >>> <https://authors.ietf.org/rfcxml-vocabulary>. >>> >>> * Formatted output >>> >>> Please review the PDF, HTML, and TXT files to ensure that the >>> formatted output, as generated from the markup in the XML file, is >>> reasonable. Please note that the TXT will have formatting >>> limitations compared to the PDF and HTML. >>> >>> >>> Submitting changes >>> ------------------ >>> >>> To submit changes, please reply to this email using ‘REPLY ALL’ as all >>> the parties CCed on this message need to see your changes. The parties >>> include: >>> >>> * your coauthors >>> >>> * rfc-editor@rfc-editor.org (the RPC team) >>> >>> * other document participants, depending on the stream (e.g., >>> IETF Stream participants are your working group chairs, the >>> responsible ADs, and the document shepherd). >>> >>> * auth48archive@rfc-editor.org, which is a new archival mailing list >>> to preserve AUTH48 conversations; it is not an active discussion >>> list: >>> >>> * More info: >>> https://mailarchive.ietf.org/arch/msg/ietf-announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc >>> >>> * The archive itself: >>> https://mailarchive.ietf.org/arch/browse/auth48archive/ >>> >>> * Note: If only absolutely necessary, you may temporarily opt out >>> of the archiving of messages (e.g., to discuss a sensitive matter). >>> If needed, please add a note at the top of the message that you >>> have dropped the address. When the discussion is concluded, >>> auth48archive@rfc-editor.org will be re-added to the CC list and >>> its addition will be noted at the top of the message. >>> >>> You may submit your changes in one of two ways: >>> >>> An update to the provided XML file >>> — OR — >>> An explicit list of changes in this format >>> >>> Section # (or indicate Global) >>> >>> OLD: >>> old text >>> >>> NEW: >>> new text >>> >>> You do not need to reply with both an updated XML file and an explicit >>> list of changes, as either form is sufficient. >>> >>> We will ask a stream manager to review and approve any changes that seem >>> beyond editorial in nature, e.g., addition of new text, deletion of text, >>> and technical changes. Information about stream managers can be found in >>> the FAQ. Editorial changes do not require approval from a stream manager. >>> >>> >>> Approving for publication >>> -------------------------- >>> >>> To approve your RFC for publication, please reply to this email stating >>> that you approve this RFC for publication. Please use ‘REPLY ALL’, >>> as all the parties CCed on this message need to see your approval. >>> >>> >>> Files >>> ----- >>> >>> The files are available here: >>> https://www.rfc-editor.org/authors/rfc9475.xml >>> https://www.rfc-editor.org/authors/rfc9475.html >>> https://www.rfc-editor.org/authors/rfc9475.pdf >>> https://www.rfc-editor.org/authors/rfc9475.txt >>> >>> Diff file of the text: >>> https://www.rfc-editor.org/authors/rfc9475-diff.html >>> https://www.rfc-editor.org/authors/rfc9475-rfcdiff.html (side by side) >>> >>> Diff of the XML: >>> https://www.rfc-editor.org/authors/rfc9475-xmldiff1.html >>> >>> The following files are provided to facilitate creation of your own >>> diff files of the XML. >>> >>> Initial XMLv3 created using XMLv2 as input: >>> https://www.rfc-editor.org/authors/rfc9475.original.v2v3.xml >>> >>> XMLv3 file that is a best effort to capture v3-related format updates >>> only: >>> https://www.rfc-editor.org/authors/rfc9475.form.xml >>> >>> >>> Tracking progress >>> ----------------- >>> >>> The details of the AUTH48 status of your document are here: >>> https://www.rfc-editor.org/auth48/rfc9475 >>> >>> Please let us know if you have any questions. >>> >>> Thank you for your cooperation, >>> >>> RFC Editor >>> >>> -------------------------------------- >>> RFC9475 (draft-ietf-stir-messaging-08) >>> >>> Title : Messaging Use Cases and Extensions for STIR >>> Author(s) : J. Peterson, C. Wendt >>> WG Chair(s) : Ben Campbell, Robert Sparks, Russ Housley >>> Area Director(s) : Murray Kucherawy, Francesca Palombini >>> >>> >> >
- [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-stir-… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-s… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-s… Megan Ferguson
- Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-s… Megan Ferguson
- Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-s… Megan Ferguson
- Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-s… Peterson, Jon
- Re: [auth48] [AD] AUTH48: RFC-to-be 9475 <draft-i… Megan Ferguson
- Re: [auth48] [AD] AUTH48: RFC-to-be 9475 <draft-i… Megan Ferguson
- Re: [auth48] [AD] AUTH48: RFC-to-be 9475 <draft-i… Megan Ferguson
- Re: [auth48] [AD] AUTH48: RFC-to-be 9475 <draft-i… Ben Campbell
- Re: [auth48] [AD] AUTH48: RFC-to-be 9475 <draft-i… Megan Ferguson
- Re: [auth48] [AD] AUTH48: RFC-to-be 9475 <draft-i… Peterson, Jon
- Re: [auth48] [AD] AUTH48: RFC-to-be 9475 <draft-i… Murray S. Kucherawy
- Re: [auth48] [AD] AUTH48: RFC-to-be 9475 <draft-i… Ben Campbell
- Re: [auth48] [AD] AUTH48: RFC-to-be 9475 <draft-i… Peterson, Jon
- Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-s… Megan Ferguson
- Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-s… Megan Ferguson
- Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-s… Ben Campbell
- Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-s… Chris Wendt
- Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-s… Megan Ferguson
- Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-s… Peterson, Jon
- Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-s… Megan Ferguson