Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-stir-messaging-08> for your review

[Chris Wendt <chris-ietf@chriswendt.net>]

I approve, it looks good to me.

> On Dec 1, 2023, at 3:48 PM, Ben Campbell <ben@nostrum.com> wrote:
> 
> I assume you mean Jon and Chris. Forwarding to alternate addresses.
> 
> 
> Sent from my iPhone
> 
>> On Dec 1, 2023, at 2:21 PM, Megan Ferguson <mferguson@amsl.com> wrote:
>> 
>> Jon and Ben,
>> 
>> Just a reminder that we await your approvals of this document.   Please review the document at the links below and let us know if you have any further updates/comments/questions.
>> 
>> Thank you.
>> 
>> RFC Editor/mf
>> 
>> 
>>> On Nov 17, 2023, at 1:11 PM, Megan Ferguson <mferguson@amsl.com> wrote:
>>> 
>>> 
>>> Murray, Jon, and Ben,
>>> 
>>> Thank you for your replies.  We have updated to make RFC 4648 a normative reference.
>>> 
>>> Please review the files carefully as we do not make changes after publication.  
>>> 
>>> The files have been posted here (please refresh):
>>> https://www.rfc-editor.org/authors/rfc9475.txt
>>> https://www.rfc-editor.org/authors/rfc9475.pdf
>>> https://www.rfc-editor.org/authors/rfc9475.html
>>> https://www.rfc-editor.org/authors/rfc9475.xml
>>> 
>>> The relevant diff files have been posted here (please refresh):
>>> https://www.rfc-editor.org/authors/rfc9475-diff.html (comprehensive diff)
>>> https://www.rfc-editor.org/authors/rfc9475-auth48diff.html (AUTH48 changes only)
>>> https://www.rfc-editor.org/authors/rfc9475-lastdiff.html (last to current version only)
>>> 
>>> Please contact us with any further updates/questions/comments you may have.  
>>> 
>>> We will await overt approvals from each of the parties listed on the AUTH48 status page prior to moving forward to publication.  
>>> 
>>> The AUTH48 status page for this document is available here:
>>> 
>>> https://www.rfc-editor.org/auth48/rfc9475
>>> 
>>> Thank you.
>>> 
>>> RFC Editor/mf
>>> 
>>>>> On Nov 17, 2023, at 9:57 AM, Peterson, Jon <Jon.Peterson@transunion.com> wrote:
>>>> 
>>>> 
>>>> Sounds good to me.
>>>> 
>>>> - J
>>>> 
>>>> From: Ben Campbell <ben@nostrum.com>
>>>> Date: Friday, November 17, 2023 at 10:30 AM
>>>> To: Murray S. Kucherawy <superuser@gmail.com>, Megan Ferguson <mferguson@amsl.com>
>>>> Cc: Peterson, Jon <Jon.Peterson@transunion.com>, jon.peterson@team.neustar <jon.peterson@team.neustar>, chris-ietf@chriswendt.net <chris-ietf@chriswendt.net>, stir-ads@ietf.org <stir-ads@ietf.org>, stir-chairs@ietf.org <stir-chairs@ietf.org>, auth48archive@rfc-editor.org <auth48archive@rfc-editor.org>, RFC Editor <rfc-editor@rfc-editor.org>
>>>> Subject: Re: [AD] AUTH48: RFC-to-be 9475 <draft-ietf-stir-messaging-08> for your review
>>>> 
>>>> 4648 is a PS, so I assume this change takes no additional process other than the AD approval that Murray just gave. Is that correct? Thanks! Ben. On Nov 17, 2023, at 9: 11 AM, Murray S. Kucherawy <superuser@ gmail. com> wrote: Hi,Please make
>>>> 4648 is a PS, so I assume this change takes no additional process other than the AD approval that Murray just gave. Is that correct?
>>>> 
>>>> Thanks!
>>>> 
>>>> Ben.
>>>> 
>>>> 
>>>>> On Nov 17, 2023, at 9:11 AM, Murray S. Kucherawy <superuser@gmail.com> wrote:
>>>> 
>>>> Hi,
>>>> 
>>>> Please make it normative.
>>>> 
>>>> -MSK, ART AD
>>>> 
>>>>> On Mon, Oct 16, 2023 at 4:45 PM Megan Ferguson <mferguson@amsl.com> wrote:
>>>> Greetings,
>>>> 
>>>> *AD - please review the following question and provide guidance to the authors on this point:
>>>> 
>>>>>> -->
>>>>>> 
>>>>>> 
>>>>>> 10) <!-- [rfced] We have added RFC 4648 as an Informative Reference. Please let us know if it should be Normative instead.
>>>>>> 
>>>>>> Original:
>>>>>> The subsequent characters in the claim value are the base64 encoded
>>>>>> [RFC4648] digest of a canonicalized and concatenated string or binary data
>>>>>> based MIME body of the message. -->
>>>>>> 
>>>>> 
>>>>> Um, I believe that’s okay as Informative, but I might ask our AD if he agrees.
>>>>> 
>>>> 
>>>> Jon,
>>>> 
>>>> Thank you for your reply.  We have updated accordingly.
>>>> 
>>>> Please review the files carefully as we do not make changes after publication.  
>>>> 
>>>> The files have been posted here (please refresh):
>>>> https://www.rfc-editor.org/authors/rfc9475.txt
>>>> https://www.rfc-editor.org/authors/rfc9475.pdf
>>>> https://www.rfc-editor.org/authors/rfc9475.html
>>>> https://www.rfc-editor.org/authors/rfc9475.xml
>>>> 
>>>> The relevant diff files have been posted here (please refresh):
>>>> https://www.rfc-editor.org/authors/rfc9475-diff.html (comprehensive diff)
>>>> https://www.rfc-editor.org/authors/rfc9475-auth48diff.html (AUTH48 changes only)
>>>> 
>>>> Please contact us with any further updates/questions/comments you may have.  
>>>> 
>>>> We will await approvals from each of the parties listed on the AUTH48 status page prior to moving forward to publication.  
>>>> 
>>>> The AUTH48 status page for this document is available here:
>>>> 
>>>> https://www.rfc-editor.org/auth48/rfc9475
>>>> 
>>>> Thank you.
>>>> 
>>>> RFC Editor/mf
>>>> 
>>>>> On Oct 12, 2023, at 8:34 AM, Peterson, Jon <Jon.Peterson@transunion.com> wrote:
>>>>> 
>>>>> Sorry for the late reply, some comments inline.
>>>>> 
>>>>> 
>>>>>> On Sep 8, 2023, at 4:05 PM, rfc-editor@rfc-editor.org wrote:
>>>>>> 
>>>>>> Authors,
>>>>>> 
>>>>>> While reviewing this document during AUTH48, please resolve (as necessary) the following questions, which are also in the XML file.
>>>>>> 
>>>>>> 1) <!-- [rfced] Please note that the title of the document has been
>>>>>>  updated as follows:
>>>>>> 
>>>>>> Abbreviations have been expanded per Section 3.6 of RFC 7322 (“RFC
>>>>>> Style Guide”). Please review.
>>>>>> 
>>>>>> Original:
>>>>>> Messaging Use Cases and Extensions for STIR
>>>>>> 
>>>>>> Current:
>>>>>> Messaging Use Cases and Extensions for Secure Telephone Identity
>>>>>> Revisited (STIR)
>>>>>> 
>>>>>> -->
>>>>> 
>>>>> OK
>>>>> 
>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 2)  <!--[rfced] We had two questions about the first sentence in the
>>>>>>   Abstract:
>>>>>> 
>>>>>> a) Should "protocol" or "problem statement" or some other noun follow
>>>>>> the expansion of STIR in this text?  If we cut "STIR" and just read
>>>>>> with the expansion, this sounds a bit odd.
>>>>>> 
>>>>>> b) May we break up this sentence as suggested below for the ease of
>>>>>> the reader?
>>>>>> 
>>>>>> Original:
>>>>>> Secure Telephone Identity Revisited (STIR) provides a means of
>>>>>> attesting the identity of a telephone caller via a signed token in
>>>>>> order to prevent impersonation of a calling party number, which is a
>>>>>> key enabler for illegal robocalling.
>>>>>> 
>>>>>> Perhaps:
>>>>>> The Secure Telephone Identity Revisited (STIR) protocol provides a
>>>>>> means of attesting the identity of a telephone caller via a signed
>>>>>> token.  This prevents impersonation of a calling party number, which
>>>>>> is a key enabler for illegal robocalling.
>>>>>> 
>>>>> 
>>>>> I think the original is better.
>>>>> 
>>>>> 
>>>>>> 
>>>>>> -->
>>>>>> 
>>>>>> 
>>>>>> 3) <!--[rfced] FYI - we have broken up the information in the following
>>>>>>  sentence to make it easier for the reader to digest.  Please let
>>>>>>  us know if these changes have deviated from your intended
>>>>>>  meaning.
>>>>>> 
>>>>>> Original:
>>>>>> For the first case, where SIP negotiates a session where the media
>>>>>> will be text messages or MIME content, as, for example, with the
>>>>>> Message Session Relay Protocol (MSRP) [RFC4975], the usage of STIR
>>>>>> would deviate little from [RFC8224].
>>>>>> 
>>>>>> Current:
>>>>>> In the first case described in Section 3, SIP negotiates a
>>>>>> session in which the media will be text messages or MIME content, as,
>>>>>> for example, with the Message Session Relay Protocol (MSRP)
>>>>>> [RFC4975].  This usage of STIR would deviate little from [RFC8224].
>>>>>> -->
>>>>>> 
>>>>> 
>>>>> I would eliminate “described in Section 3” since this is the first sentence of Section 3.1 – we know where we are.  “In the first case, Sip negotiates a session” etc. Otherwise current is fine.
>>>>> 
>>>>> 
>>>>>> 
>>>>>> 4) <!--[rfced] Can the timestamp itself order things?  Or can the
>>>>>>  timestamp be used to order things?
>>>>>> 
>>>>>> Original:
>>>>>> ...duplicate messages are easily detected,
>>>>>> and the timestamp can order messages displayed to the user inbox in a
>>>>>> way that precludes showing stale messages as fresh.
>>>>>> 
>>>>>> Perhaps:
>>>>>> ...duplicate messages are easily detected, and the timestamp can be
>>>>>> used to order messages displayed in the user inbox in a way that
>>>>>> precludes showing stale messages as fresh.
>>>>>> -->
>>>>>> 
>>>>> 
>>>>> Your perhaps option looks good.
>>>>> 
>>>>> 
>>>>>> 
>>>>>> 5) <!--[rfced] FYI - We have updated the expansion of MMS as follows to
>>>>>>  match more common use in recent RFCs.  Please let us know any
>>>>>>  objections:
>>>>>> 
>>>>>> Original:
>>>>>> multimedia message system (MMS)
>>>>>> 
>>>>>> Current:
>>>>>> Multimedia Messaging Service (MMS)
>>>>>> -->
>>>>> 
>>>>> OK
>>>>> 
>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 6) <!--[rfced] How may we update this text for clarity?  We do not see
>>>>>>  "profiles" in RFC 8226.  (Note that we have made the change from
>>>>>>  "profiles defines" to "profiles define" pending more
>>>>>>  information).
>>>>>> 
>>>>>> Original:
>>>>>> The [RFC8226] STIR certificate profiles defines...
>>>>>> 
>>>>>> Perhaps:
>>>>>> "Secure Telephone Identity Credentials: Certificates" [RFC8226] defines...
>>>>>> 
>>>>>> Or perhaps:
>>>>>> The STIR certificate profiles defined in [RFC8226]...
>>>>>> -->
>>>>>> 
>>>>> 
>>>>> I think “profiles” and “defines” in the original were just a redundant typo. Your “Perhaps” is correct: “[RFC8226] defines”.
>>>>> 
>>>>> 
>>>>>> 
>>>>>> 7) <!--[rfced] This sentence describes a lot of things being "contain"ed.
>>>>>>  Might a rephrase benefit the reader?  If so, please let us know
>>>>>>  how we may update.
>>>>>> 
>>>>>> Original:
>>>>>> As the "orig" and "dest" field of PASSporTs may contain URIs
>>>>>> containing SIP URIs without telephone numbers, the STIR for messaging
>>>>>> mechanism contained in this specification is not inherently
>>>>>> restricted to the use of telephone numbers.
>>>>>> 
>>>>>> 
>>>>> 
>>>>> Yeah that’s pretty bad. How about:
>>>>> 
>>>>> As the “orig” and “dest” field of PASSporTs may contain SIP URIs without telephone numbers, the STIR for…
>>>>> 
>>>>> 
>>>>>> 
>>>>>> -->
>>>>>> 
>>>>>> 
>>>>>> 8) <!--[rfced] May we update the following to avoid awkward hyphenation?
>>>>>> 
>>>>>> Original:
>>>>>> This specification offers no guidance on certification authorities who
>>>>>> are appropriate to sign for non-telephone number "orig" values.
>>>>>> 
>>>>>> Perhaps:
>>>>>> This specification offers no guidance on certification authorities who
>>>>>> are appropriate to sign for "orig" values that are not for use with
>>>>>> telephone numbers.
>>>>>> 
>>>>> 
>>>>> How about: This specification offers no guidance on appropriate certification authorities for desigining “orig” values that do not contain telephone numbers.
>>>>> 
>>>>> 
>>>>>> -->
>>>>>> 
>>>>>> 
>>>>>> 9) <!--[rfced] Please note the following about the IANA Considerations
>>>>>>  and IANA-related text in the document:
>>>>>> 
>>>>>> a) Please note that we have changed IESG to be IETF for the Change
>>>>>> Controller of the "msgi" registration at
>>>>>> https://urldefense.com/v3/__https://www.iana.org/assignments/jwt/jwt.xhtml__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97iEEp1K0A$ .  This is in accordance
>>>>>> with the following note we received from IANA:
>>>>>> 
>>>>>> "Note: in accordance with recent practice, the change controller for
>>>>>> this registration has been changed from the IESG to the IETF."
>>>>> 
>>>>> OK
>>>>> 
>>>>> 
>>>>>> 
>>>>>> b) We have cut the URL to the registry mentioned in Section 6.2 to
>>>>>> match Section 6.1.  Please let us know any objections.
>>>>> 
>>>>> OK
>>>>> 
>>>>> 
>>>>>> 
>>>>>> c) We have removed the quote marks as they do not appear in the
>>>>>> corresponding registries.
>>>>> 
>>>>> OK
>>>>> 
>>>>> 
>>>>>> 
>>>>>> -->
>>>>>> 
>>>>>> 
>>>>>> 10) <!-- [rfced] We have added RFC 4648 as an Informative Reference. Please let us know if it should be Normative instead.
>>>>>> 
>>>>>> Original:
>>>>>> The subsequent characters in the claim value are the base64 encoded
>>>>>> [RFC4648] digest of a canonicalized and concatenated string or binary data
>>>>>> based MIME body of the message. -->
>>>>>> 
>>>>> 
>>>>> Um, I believe that’s okay as Informative, but I might ask our AD if he agrees.
>>>>> 
>>>>> 
>>>>>> 
>>>>>> 11) <!--[rfced] We had the following questions related to terminology use
>>>>>>  throughout the document:
>>>>>> 
>>>>>> a) We note the use of the following similar terms:
>>>>>> 
>>>>>> SIP Identity header
>>>>>> Identity header
>>>>>> Identity
>>>>>> identity
>>>>>> 
>>>>>> Please review these instances and let us know if any updates are
>>>>>> necessary for clarity (e.g., should all "Identity header"s be called
>>>>>> "SIP Identity header"s).
>>>>>> 
>>>>> 
>>>>> I mean, I tend to favor being readable over strict on these matters. Scanning through the doc, I think it’s clear that referring to “Identity” in these contexts means the SIP Identity header from the remainder of the sentences in question.
>>>>> 
>>>>> 
>>>>>> b) We see both:
>>>>>> 
>>>>>> "orig" field
>>>>>> "orig" values
>>>>>> 
>>>>>> Should the latter be made "orig" field values?
>>>>> 
>>>>> Where “orig” and “dest” and “iat” are referred to as “fields” (like in 4) that should more properly be “claims”. Claims have a value, so talking about the ‘“orig” value’ is fine. But we should say “claims” instead of “fields” for the few instances where PASSporT elements are referred to as “fields”:
>>>>> 
>>>>> … the “dest” field of the PASSporT …
>>>>> 
>>>>> … so that the “iat” field can be …
>>>>> 
>>>>> … As the “orig” and “dest” field of…
>>>>> 
>>>>> And also the last sentence in 1:  … that specifies new fields for use in PASSporTs…
>>>>> 
>>>>> Those should be “claim” or “claims.” (No changes to places where “Identity field” appears, though).
>>>>> 
>>>>> 
>>>>>> 
>>>>>> c) We see the following uses of "baseline":
>>>>>> 
>>>>>> i) At a high level, baseline PASSporT [RFC8225] claims provide similar
>>>>>> value to...
>>>>>> 
>>>>>> ii) Current usage of baseline [RFC8224] Identity is largely confined to
>>>>>> INVITE requests that initiate telephone calls.
>>>>>> 
>>>>>> iii) Per baseline [RFC8224], this specifications leaves it to local policy
>>>>>> to determine how messages are handled after verification succeeds or
>>>>>> fails.
>>>>> 
>>>>> “Baseline” is being used in all three of cases in its naïve sense, to mean just “as the specification is written.” I would just eliminate the word in all three cases, it isn’t adding much value.
>>>>> 
>>>>> 
>>>>>> 
>>>>>> For i), we see the use of "baseline claims" in RFC 8225, so we would
>>>>>> simply suggest moving the citation tag as follows:
>>>>>> 
>>>>>> Perhaps:
>>>>>> At a high level, baseline PASSporT claims (see [RFC8225]) provide similar
>>>>>> value to...
>>>>>> 
>>>>>> For ii), we note that "baseline Identity" is not mentioned in RFC
>>>>>> 8224.  Please review this text and let us know how to update.
>>>>>> 
>>>>>> For iii), we see RFC 8225 referred to as "the baseline PASSporT
>>>>>> specification" in RFC 8224.  Please review this text and let us know
>>>>>> how to update.
>>>>>> 
>>>>>> Perhaps:
>>>>>> Per the guidance in the baseline PASSporT specification [RFC8225], this
>>>>>> specification leaves it to local policy to determine how messages
>>>>>> are handled after verification succeeds or fails.
>>>>>> 
>>>>>> d) We see both PASSporT Type and PASSporT type.  We updated to use the
>>>>>> lowercase "type" throughout.  Please let us know any objections.
>>>>> 
>>>>> OK
>>>>> 
>>>>> 
>>>>>> 
>>>>>> -->
>>>>>> 
>>>>>> 
>>>>>> 12) <!-- [rfced] Please review the "Inclusive Language" portion of the
>>>>>>  online Style Guide
>>>>>>  <https://urldefense.com/v3/__https://www.rfc-editor.org/styleguide/part2/*inclusive_language__;Iw!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97ip7soJ18$ >
>>>>>>  and let us know if any changes are needed.
>>>>>> 
>>>>>> For example, please consider whether the following should be updated:
>>>>>> 
>>>>>> 
>>>>>> ...authorized to use the calling party number (or, for native SIP cases,...
>>>>> 
>>>>> I would delete “native”, yes.
>>>>> 
>>>>> 
>>>>>> 
>>>>>> 
>>>>>> In addition, please consider whether "tradition" should be updated for
>>>>>> clarity.  While the NIST website
>>>>>> <https://urldefense.com/v3/__https://www.nist.gov/nist-research-library/nist-technical-series-publications-author-instructions*table1__;Iw!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97iC0E6QT4$ >
>>>>>> indicates that this term is potentially biased, it is also ambiguous.
>>>>>> "Tradition" is a subjective term, as it is not the same for everyone.
>>>>>> 
>>>>>> 
>>>>>> ...value to number-based messaging as they do to traditional
>>>>>> telephone...
>>>>>> 
>>>>>> ...treatment that differs from traditional delivery expectations of
>>>>>> SIP...
>>>>>> 
>>>>>> ...the traditional telephone network and those based on
>>>>>> over-the-top...
>>>>>> -->
>>>>> 
>>>>> I might just remove “traditional” in all three cases.
>>>>> 
>>>>> Thanks,
>>>>> 
>>>>> - J
>>>>> 
>>>>> 
>>>>>> 
>>>>>> 
>>>>>> Thank you.
>>>>>> 
>>>>>> RFC Editor/kf/mf
>>>>>> 
>>>>>> *****IMPORTANT*****
>>>>>> 
>>>>>> Updated 2023/09/08
>>>>>> 
>>>>>> RFC Author(s):
>>>>>> --------------
>>>>>> 
>>>>>> Instructions for Completing AUTH48
>>>>>> 
>>>>>> Your document has now entered AUTH48.  Once it has been reviewed and
>>>>>> approved by you and all coauthors, it will be published as an RFC.  
>>>>>> If an author is no longer available, there are several remedies
>>>>>> available as listed in the FAQ (https://urldefense.com/v3/__https://www.rfc-editor.org/faq/__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97i6VbbRHo$ ).
>>>>>> 
>>>>>> You and you coauthors are responsible for engaging other parties
>>>>>> (e.g., Contributors or Working Group) as necessary before providing
>>>>>> your approval.
>>>>>> 
>>>>>> Planning your review
>>>>>> ---------------------
>>>>>> 
>>>>>> Please review the following aspects of your document:
>>>>>> 
>>>>>> *  RFC Editor questions
>>>>>> 
>>>>>> Please review and resolve any questions raised by the RFC Editor
>>>>>> that have been included in the XML file as comments marked as
>>>>>> follows:
>>>>>> 
>>>>>> <!-- [rfced] ... -->
>>>>>> 
>>>>>> These questions will also be sent in a subsequent email.
>>>>>> 
>>>>>> *  Changes submitted by coauthors
>>>>>> 
>>>>>> Please ensure that you review any changes submitted by your
>>>>>> coauthors.  We assume that if you do not speak up that you
>>>>>> agree to changes submitted by your coauthors.
>>>>>> 
>>>>>> *  Content
>>>>>> 
>>>>>> Please review the full content of the document, as this cannot
>>>>>> change once the RFC is published.  Please pay particular attention to:
>>>>>> - IANA considerations updates (if applicable)
>>>>>> - contact information
>>>>>> - references
>>>>>> 
>>>>>> *  Copyright notices and legends
>>>>>> 
>>>>>> Please review the copyright notice and legends as defined in
>>>>>> RFC 5378 and the Trust Legal Provisions
>>>>>> (TLP – https://urldefense.com/v3/__https://trustee.ietf.org/license-info/__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97ivv60mCc$ ).
>>>>>> 
>>>>>> *  Semantic markup
>>>>>> 
>>>>>> Please review the markup in the XML file to ensure that elements of  
>>>>>> content are correctly tagged.  For example, ensure that <sourcecode>
>>>>>> and <artwork> are set correctly.  See details at
>>>>>> <https://urldefense.com/v3/__https://authors.ietf.org/rfcxml-vocabulary__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97i3kdQ3dg$ >.
>>>>>> 
>>>>>> *  Formatted output
>>>>>> 
>>>>>> Please review the PDF, HTML, and TXT files to ensure that the
>>>>>> formatted output, as generated from the markup in the XML file, is
>>>>>> reasonable.  Please note that the TXT will have formatting
>>>>>> limitations compared to the PDF and HTML.
>>>>>> 
>>>>>> 
>>>>>> Submitting changes
>>>>>> ------------------
>>>>>> 
>>>>>> To submit changes, please reply to this email using ‘REPLY ALL’ as all
>>>>>> the parties CCed on this message need to see your changes. The parties
>>>>>> include:
>>>>>> 
>>>>>> *  your coauthors
>>>>>> 
>>>>>> *  rfc-editor@rfc-editor.org (the RPC team)
>>>>>> 
>>>>>> *  other document participants, depending on the stream (e.g.,
>>>>>>   IETF Stream participants are your working group chairs, the
>>>>>>   responsible ADs, and the document shepherd).
>>>>>> 
>>>>>> *  auth48archive@rfc-editor.org, which is a new archival mailing list
>>>>>>   to preserve AUTH48 conversations; it is not an active discussion
>>>>>>   list:
>>>>>> 
>>>>>>  *  More info:
>>>>>>     https://urldefense.com/v3/__https://mailarchive.ietf.org/arch/msg/ietf-announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97iYlnOK50$
>>>>>> 
>>>>>>  *  The archive itself:
>>>>>>     https://urldefense.com/v3/__https://mailarchive.ietf.org/arch/browse/auth48archive/__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97i78oCEgc$
>>>>>> 
>>>>>>  *  Note: If only absolutely necessary, you may temporarily opt out
>>>>>>     of the archiving of messages (e.g., to discuss a sensitive matter).
>>>>>>     If needed, please add a note at the top of the message that you
>>>>>>     have dropped the address. When the discussion is concluded,
>>>>>>     auth48archive@rfc-editor.org will be re-added to the CC list and
>>>>>>     its addition will be noted at the top of the message.
>>>>>> 
>>>>>> You may submit your changes in one of two ways:
>>>>>> 
>>>>>> An update to the provided XML file
>>>>>> — OR —
>>>>>> An explicit list of changes in this format
>>>>>> 
>>>>>> Section # (or indicate Global)
>>>>>> 
>>>>>> OLD:
>>>>>> old text
>>>>>> 
>>>>>> NEW:
>>>>>> new text
>>>>>> 
>>>>>> You do not need to reply with both an updated XML file and an explicit
>>>>>> list of changes, as either form is sufficient.
>>>>>> 
>>>>>> We will ask a stream manager to review and approve any changes that seem
>>>>>> beyond editorial in nature, e.g., addition of new text, deletion of text,
>>>>>> and technical changes.  Information about stream managers can be found in
>>>>>> the FAQ.  Editorial changes do not require approval from a stream manager.
>>>>>> 
>>>>>> 
>>>>>> Approving for publication
>>>>>> --------------------------
>>>>>> 
>>>>>> To approve your RFC for publication, please reply to this email stating
>>>>>> that you approve this RFC for publication.  Please use ‘REPLY ALL’,
>>>>>> as all the parties CCed on this message need to see your approval.
>>>>>> 
>>>>>> 
>>>>>> Files
>>>>>> -----
>>>>>> 
>>>>>> The files are available here:
>>>>>> https://urldefense.com/v3/__https://www.rfc-editor.org/authors/rfc9475.xml__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97iEylmKUA$
>>>>>> https://urldefense.com/v3/__https://www.rfc-editor.org/authors/rfc9475.html__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97iWg_ouFg$
>>>>>> https://urldefense.com/v3/__https://www.rfc-editor.org/authors/rfc9475.pdf__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97iTy29TMw$
>>>>>> https://urldefense.com/v3/__https://www.rfc-editor.org/authors/rfc9475.txt__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97ilLQIE8A$
>>>>>> 
>>>>>> Diff file of the text:
>>>>>> https://urldefense.com/v3/__https://www.rfc-editor.org/authors/rfc9475-diff.html__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97it_L51nM$
>>>>>> https://urldefense.com/v3/__https://www.rfc-editor.org/authors/rfc9475-rfcdiff.html__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97i-zUhmzc$  (side by side)
>>>>>> 
>>>>>> Diff of the XML:
>>>>>> https://urldefense.com/v3/__https://www.rfc-editor.org/authors/rfc9475-xmldiff1.html__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97i9m1ultE$
>>>>>> 
>>>>>> The following files are provided to facilitate creation of your own
>>>>>> diff files of the XML.  
>>>>>> 
>>>>>> Initial XMLv3 created using XMLv2 as input:
>>>>>> https://urldefense.com/v3/__https://www.rfc-editor.org/authors/rfc9475.original.v2v3.xml__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97iZpfo5Z8$  
>>>>>> 
>>>>>> XMLv3 file that is a best effort to capture v3-related format updates
>>>>>> only:
>>>>>> https://urldefense.com/v3/__https://www.rfc-editor.org/authors/rfc9475.form.xml__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97igEa1vTg$
>>>>>> 
>>>>>> 
>>>>>> Tracking progress
>>>>>> -----------------
>>>>>> 
>>>>>> The details of the AUTH48 status of your document are here:
>>>>>> https://urldefense.com/v3/__https://www.rfc-editor.org/auth48/rfc9475__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97izp6fZsY$
>>>>>> 
>>>>>> Please let us know if you have any questions.  
>>>>>> 
>>>>>> Thank you for your cooperation,
>>>>>> 
>>>>>> RFC Editor
>>>>>> 
>>>>>> --------------------------------------
>>>>>> RFC9475 (draft-ietf-stir-messaging-08)
>>>>>> 
>>>>>> Title            : Messaging Use Cases and Extensions for STIR
>>>>>> Author(s)        : J. Peterson, C. Wendt
>>>>>> WG Chair(s)      : Ben Campbell, Robert Sparks, Russ Housley
>>>>>> Area Director(s) : Murray Kucherawy, Francesca Palombini
>>>>>> 
>>>>>> 
>>>>> 
>>>> 
>>> 
>> 
>