Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-stir-messaging-08> for your review
Chris Wendt <chris-ietf@chriswendt.net> Tue, 05 December 2023 14:17 UTC
Return-Path: <chris-ietf@chriswendt.net>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CEB9C151077; Tue, 5 Dec 2023 06:17:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=chriswendt.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SJDfEC3FDmpX; Tue, 5 Dec 2023 06:17:48 -0800 (PST)
Received: from antelope.elm.relay.mailchannels.net (antelope.elm.relay.mailchannels.net [23.83.212.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D188C151063; Tue, 5 Dec 2023 06:17:48 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|chris-ietf@chriswendt.net
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id A311C7A2F37; Tue, 5 Dec 2023 14:17:47 +0000 (UTC)
Received: from pdx1-sub0-mail-a290.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id D52E47A1894; Tue, 5 Dec 2023 14:17:45 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1701785866; a=rsa-sha256; cv=none; b=odArthng/bG7MzpQ4ltTTzKcNpqFlanM3s2S6ULUCabpedxO0ENWswP0oc5kGdI3AhJ2R8 vvRhWWiOaZB/+1eacIHkwXal7nKLit3ZrVvpMZIk8ly3XiuqsMk57nlqKqfYbttvzfra3r 6oK/asz/R39lANBvqa0BQfy/GLihs3wsWVQUq6d+NYmolLlPAtDEtMf6sH7lUb9gSkMtFr jhY/Ahu0wVBoRv7no4jFaARFUM2Gx42+kI07b8n6g5uflEy1YV2DcrmFmhOyf0BTeciI+v WvRgEXJsQIDTV8z8EHqqX2MO8ZfQ0DNqVyyUA3cDAiyCglSuanhCiJNb9ro3Ng==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1701785866; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=FTSYSobYV2hxsHPW+NnVmsFHlSdar7VprkkOn5EsZAQ=; b=tibkFrNhh6QWH/aTU+m4pvZ9eWwTji5EIB61mqGYTxJ29C4a21Xgy34/eNOVxexjYHSLsS kTAD1iKd51t7QJfM+pHmyyYnaZn3yBuu2Uw94FM0h1Aw5/oUzUTMVEmnt9F7THfo9AKlHp dg8bjex5+yQ891uriJDy0EAP6595JOxp+QueaCPOkJ1iowBbXBUURlcGPp6ptFtI4xn23S AsBoe99V1GfvXbHYxOb7MP5ghkCRGER4Hfg2yUjgGE7mxJpBnUIg7l04VCX7Dxr44/fz7y LYKxMD8mA8noEuMQUvr3esLVdXk7+qDcNIk2zEz2zTw2elMe1s/uf1wXIhWe+Q==
ARC-Authentication-Results: i=1; rspamd-d88d8bd54-tmxqh; auth=pass smtp.auth=dreamhost smtp.mailfrom=chris-ietf@chriswendt.net
X-Sender-Id: dreamhost|x-authsender|chris-ietf@chriswendt.net
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|chris-ietf@chriswendt.net
X-MailChannels-Auth-Id: dreamhost
X-Cellar-Irritate: 3293c29305002e92_1701785866274_904326070
X-MC-Loop-Signature: 1701785866274:764030222
X-MC-Ingress-Time: 1701785866274
Received: from pdx1-sub0-mail-a290.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.120.2.6 (trex/6.9.2); Tue, 05 Dec 2023 14:17:46 +0000
Received: from smtpclient.apple (24.115.44.8.res-cmts.tvh.ptd.net [24.115.44.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: chris-ietf@chriswendt.net) by pdx1-sub0-mail-a290.dreamhost.com (Postfix) with ESMTPSA id 4Sl2gD109rzTg; Tue, 5 Dec 2023 06:17:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chriswendt.net; s=dreamhost; t=1701785865; bh=FTSYSobYV2hxsHPW+NnVmsFHlSdar7VprkkOn5EsZAQ=; h=Content-Type:Subject:From:Date:Cc:Content-Transfer-Encoding:To; b=tlraiMhc2U/3/OBx9kqn2hjVT7CDNvb25+xC3kC7yawfImte1oJQwZf5cvkFImwBT 8UY1ILttZLe7qiNaVzNptkIUmBRie8lQg2aTf3/cASadJlzOkXPiLXPZO7pUalCdhC 8km0Z4YpmlFT7xsgfZU51MZmvInf7xrKaBazN+wtsGixLfJ1N8m9aQJDPfYMMCmqkl gIaDGHYhv7ZlMjJNr3vJt9vtPJSf6kR5u2/tpqq4f09xV+Wgdohf99mbsuHK8bdSNT kzDGKegogcvZaSkf2Jr3nFIybJiiFvrcag9EQOb0v+lN6O0V6pORDFMDMUaDrVfXfr OfO5c9xPGxqXg==
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.200.91.1.1\))
From: Chris Wendt <chris-ietf@chriswendt.net>
In-Reply-To: <F205CE6F-203C-4478-9F0C-89F5A8E5F2E2@nostrum.com>
Date: Tue, 05 Dec 2023 09:17:31 -0500
Cc: Megan Ferguson <mferguson@amsl.com>, Jon Peterson <Jon.Peterson@transunion.com>, Chris Wendt <cwendt@somos.com>, Jon Peterson <jon.peterson@team.neustar>, "Murray S. Kucherawy" <superuser@gmail.com>, stir-ads@ietf.org, STIR Chairs <stir-chairs@ietf.org>, auth48archive <auth48archive@rfc-editor.org>, RFC Editor <rfc-editor@rfc-editor.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <0E6E137A-EEA2-44B3-9F41-9E12B2F0495D@chriswendt.net>
References: <060A4942-3CD4-413B-9FF5-2BBA4E0771B0@amsl.com> <F205CE6F-203C-4478-9F0C-89F5A8E5F2E2@nostrum.com>
To: Ben Campbell <ben@nostrum.com>
X-Mailer: Apple Mail (2.3774.200.91.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/_hxUGuhO6P8X_vKmhEBQF4gQwpo>
Subject: Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-stir-messaging-08> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Dec 2023 14:17:53 -0000
I approve, it looks good to me. > On Dec 1, 2023, at 3:48 PM, Ben Campbell <ben@nostrum.com> wrote: > > I assume you mean Jon and Chris. Forwarding to alternate addresses. > > > Sent from my iPhone > >> On Dec 1, 2023, at 2:21 PM, Megan Ferguson <mferguson@amsl.com> wrote: >> >> Jon and Ben, >> >> Just a reminder that we await your approvals of this document. Please review the document at the links below and let us know if you have any further updates/comments/questions. >> >> Thank you. >> >> RFC Editor/mf >> >> >>> On Nov 17, 2023, at 1:11 PM, Megan Ferguson <mferguson@amsl.com> wrote: >>> >>> >>> Murray, Jon, and Ben, >>> >>> Thank you for your replies. We have updated to make RFC 4648 a normative reference. >>> >>> Please review the files carefully as we do not make changes after publication. >>> >>> The files have been posted here (please refresh): >>> https://www.rfc-editor.org/authors/rfc9475.txt >>> https://www.rfc-editor.org/authors/rfc9475.pdf >>> https://www.rfc-editor.org/authors/rfc9475.html >>> https://www.rfc-editor.org/authors/rfc9475.xml >>> >>> The relevant diff files have been posted here (please refresh): >>> https://www.rfc-editor.org/authors/rfc9475-diff.html (comprehensive diff) >>> https://www.rfc-editor.org/authors/rfc9475-auth48diff.html (AUTH48 changes only) >>> https://www.rfc-editor.org/authors/rfc9475-lastdiff.html (last to current version only) >>> >>> Please contact us with any further updates/questions/comments you may have. >>> >>> We will await overt approvals from each of the parties listed on the AUTH48 status page prior to moving forward to publication. >>> >>> The AUTH48 status page for this document is available here: >>> >>> https://www.rfc-editor.org/auth48/rfc9475 >>> >>> Thank you. >>> >>> RFC Editor/mf >>> >>>>> On Nov 17, 2023, at 9:57 AM, Peterson, Jon <Jon.Peterson@transunion.com> wrote: >>>> >>>> >>>> Sounds good to me. >>>> >>>> - J >>>> >>>> From: Ben Campbell <ben@nostrum.com> >>>> Date: Friday, November 17, 2023 at 10:30 AM >>>> To: Murray S. Kucherawy <superuser@gmail.com>, Megan Ferguson <mferguson@amsl.com> >>>> Cc: Peterson, Jon <Jon.Peterson@transunion.com>, jon.peterson@team.neustar <jon.peterson@team.neustar>, chris-ietf@chriswendt.net <chris-ietf@chriswendt.net>, stir-ads@ietf.org <stir-ads@ietf.org>, stir-chairs@ietf.org <stir-chairs@ietf.org>, auth48archive@rfc-editor.org <auth48archive@rfc-editor.org>, RFC Editor <rfc-editor@rfc-editor.org> >>>> Subject: Re: [AD] AUTH48: RFC-to-be 9475 <draft-ietf-stir-messaging-08> for your review >>>> >>>> 4648 is a PS, so I assume this change takes no additional process other than the AD approval that Murray just gave. Is that correct? Thanks! Ben. On Nov 17, 2023, at 9: 11 AM, Murray S. Kucherawy <superuser@ gmail. com> wrote: Hi,Please make >>>> 4648 is a PS, so I assume this change takes no additional process other than the AD approval that Murray just gave. Is that correct? >>>> >>>> Thanks! >>>> >>>> Ben. >>>> >>>> >>>>> On Nov 17, 2023, at 9:11 AM, Murray S. Kucherawy <superuser@gmail.com> wrote: >>>> >>>> Hi, >>>> >>>> Please make it normative. >>>> >>>> -MSK, ART AD >>>> >>>>> On Mon, Oct 16, 2023 at 4:45 PM Megan Ferguson <mferguson@amsl.com> wrote: >>>> Greetings, >>>> >>>> *AD - please review the following question and provide guidance to the authors on this point: >>>> >>>>>> --> >>>>>> >>>>>> >>>>>> 10) <!-- [rfced] We have added RFC 4648 as an Informative Reference. Please let us know if it should be Normative instead. >>>>>> >>>>>> Original: >>>>>> The subsequent characters in the claim value are the base64 encoded >>>>>> [RFC4648] digest of a canonicalized and concatenated string or binary data >>>>>> based MIME body of the message. --> >>>>>> >>>>> >>>>> Um, I believe that’s okay as Informative, but I might ask our AD if he agrees. >>>>> >>>> >>>> Jon, >>>> >>>> Thank you for your reply. We have updated accordingly. >>>> >>>> Please review the files carefully as we do not make changes after publication. >>>> >>>> The files have been posted here (please refresh): >>>> https://www.rfc-editor.org/authors/rfc9475.txt >>>> https://www.rfc-editor.org/authors/rfc9475.pdf >>>> https://www.rfc-editor.org/authors/rfc9475.html >>>> https://www.rfc-editor.org/authors/rfc9475.xml >>>> >>>> The relevant diff files have been posted here (please refresh): >>>> https://www.rfc-editor.org/authors/rfc9475-diff.html (comprehensive diff) >>>> https://www.rfc-editor.org/authors/rfc9475-auth48diff.html (AUTH48 changes only) >>>> >>>> Please contact us with any further updates/questions/comments you may have. >>>> >>>> We will await approvals from each of the parties listed on the AUTH48 status page prior to moving forward to publication. >>>> >>>> The AUTH48 status page for this document is available here: >>>> >>>> https://www.rfc-editor.org/auth48/rfc9475 >>>> >>>> Thank you. >>>> >>>> RFC Editor/mf >>>> >>>>> On Oct 12, 2023, at 8:34 AM, Peterson, Jon <Jon.Peterson@transunion.com> wrote: >>>>> >>>>> Sorry for the late reply, some comments inline. >>>>> >>>>> >>>>>> On Sep 8, 2023, at 4:05 PM, rfc-editor@rfc-editor.org wrote: >>>>>> >>>>>> Authors, >>>>>> >>>>>> While reviewing this document during AUTH48, please resolve (as necessary) the following questions, which are also in the XML file. >>>>>> >>>>>> 1) <!-- [rfced] Please note that the title of the document has been >>>>>> updated as follows: >>>>>> >>>>>> Abbreviations have been expanded per Section 3.6 of RFC 7322 (“RFC >>>>>> Style Guide”). Please review. >>>>>> >>>>>> Original: >>>>>> Messaging Use Cases and Extensions for STIR >>>>>> >>>>>> Current: >>>>>> Messaging Use Cases and Extensions for Secure Telephone Identity >>>>>> Revisited (STIR) >>>>>> >>>>>> --> >>>>> >>>>> OK >>>>> >>>>> >>>>>> >>>>>> >>>>>> 2) <!--[rfced] We had two questions about the first sentence in the >>>>>> Abstract: >>>>>> >>>>>> a) Should "protocol" or "problem statement" or some other noun follow >>>>>> the expansion of STIR in this text? If we cut "STIR" and just read >>>>>> with the expansion, this sounds a bit odd. >>>>>> >>>>>> b) May we break up this sentence as suggested below for the ease of >>>>>> the reader? >>>>>> >>>>>> Original: >>>>>> Secure Telephone Identity Revisited (STIR) provides a means of >>>>>> attesting the identity of a telephone caller via a signed token in >>>>>> order to prevent impersonation of a calling party number, which is a >>>>>> key enabler for illegal robocalling. >>>>>> >>>>>> Perhaps: >>>>>> The Secure Telephone Identity Revisited (STIR) protocol provides a >>>>>> means of attesting the identity of a telephone caller via a signed >>>>>> token. This prevents impersonation of a calling party number, which >>>>>> is a key enabler for illegal robocalling. >>>>>> >>>>> >>>>> I think the original is better. >>>>> >>>>> >>>>>> >>>>>> --> >>>>>> >>>>>> >>>>>> 3) <!--[rfced] FYI - we have broken up the information in the following >>>>>> sentence to make it easier for the reader to digest. Please let >>>>>> us know if these changes have deviated from your intended >>>>>> meaning. >>>>>> >>>>>> Original: >>>>>> For the first case, where SIP negotiates a session where the media >>>>>> will be text messages or MIME content, as, for example, with the >>>>>> Message Session Relay Protocol (MSRP) [RFC4975], the usage of STIR >>>>>> would deviate little from [RFC8224]. >>>>>> >>>>>> Current: >>>>>> In the first case described in Section 3, SIP negotiates a >>>>>> session in which the media will be text messages or MIME content, as, >>>>>> for example, with the Message Session Relay Protocol (MSRP) >>>>>> [RFC4975]. This usage of STIR would deviate little from [RFC8224]. >>>>>> --> >>>>>> >>>>> >>>>> I would eliminate “described in Section 3” since this is the first sentence of Section 3.1 – we know where we are. “In the first case, Sip negotiates a session” etc. Otherwise current is fine. >>>>> >>>>> >>>>>> >>>>>> 4) <!--[rfced] Can the timestamp itself order things? Or can the >>>>>> timestamp be used to order things? >>>>>> >>>>>> Original: >>>>>> ...duplicate messages are easily detected, >>>>>> and the timestamp can order messages displayed to the user inbox in a >>>>>> way that precludes showing stale messages as fresh. >>>>>> >>>>>> Perhaps: >>>>>> ...duplicate messages are easily detected, and the timestamp can be >>>>>> used to order messages displayed in the user inbox in a way that >>>>>> precludes showing stale messages as fresh. >>>>>> --> >>>>>> >>>>> >>>>> Your perhaps option looks good. >>>>> >>>>> >>>>>> >>>>>> 5) <!--[rfced] FYI - We have updated the expansion of MMS as follows to >>>>>> match more common use in recent RFCs. Please let us know any >>>>>> objections: >>>>>> >>>>>> Original: >>>>>> multimedia message system (MMS) >>>>>> >>>>>> Current: >>>>>> Multimedia Messaging Service (MMS) >>>>>> --> >>>>> >>>>> OK >>>>> >>>>> >>>>>> >>>>>> >>>>>> 6) <!--[rfced] How may we update this text for clarity? We do not see >>>>>> "profiles" in RFC 8226. (Note that we have made the change from >>>>>> "profiles defines" to "profiles define" pending more >>>>>> information). >>>>>> >>>>>> Original: >>>>>> The [RFC8226] STIR certificate profiles defines... >>>>>> >>>>>> Perhaps: >>>>>> "Secure Telephone Identity Credentials: Certificates" [RFC8226] defines... >>>>>> >>>>>> Or perhaps: >>>>>> The STIR certificate profiles defined in [RFC8226]... >>>>>> --> >>>>>> >>>>> >>>>> I think “profiles” and “defines” in the original were just a redundant typo. Your “Perhaps” is correct: “[RFC8226] defines”. >>>>> >>>>> >>>>>> >>>>>> 7) <!--[rfced] This sentence describes a lot of things being "contain"ed. >>>>>> Might a rephrase benefit the reader? If so, please let us know >>>>>> how we may update. >>>>>> >>>>>> Original: >>>>>> As the "orig" and "dest" field of PASSporTs may contain URIs >>>>>> containing SIP URIs without telephone numbers, the STIR for messaging >>>>>> mechanism contained in this specification is not inherently >>>>>> restricted to the use of telephone numbers. >>>>>> >>>>>> >>>>> >>>>> Yeah that’s pretty bad. How about: >>>>> >>>>> As the “orig” and “dest” field of PASSporTs may contain SIP URIs without telephone numbers, the STIR for… >>>>> >>>>> >>>>>> >>>>>> --> >>>>>> >>>>>> >>>>>> 8) <!--[rfced] May we update the following to avoid awkward hyphenation? >>>>>> >>>>>> Original: >>>>>> This specification offers no guidance on certification authorities who >>>>>> are appropriate to sign for non-telephone number "orig" values. >>>>>> >>>>>> Perhaps: >>>>>> This specification offers no guidance on certification authorities who >>>>>> are appropriate to sign for "orig" values that are not for use with >>>>>> telephone numbers. >>>>>> >>>>> >>>>> How about: This specification offers no guidance on appropriate certification authorities for desigining “orig” values that do not contain telephone numbers. >>>>> >>>>> >>>>>> --> >>>>>> >>>>>> >>>>>> 9) <!--[rfced] Please note the following about the IANA Considerations >>>>>> and IANA-related text in the document: >>>>>> >>>>>> a) Please note that we have changed IESG to be IETF for the Change >>>>>> Controller of the "msgi" registration at >>>>>> https://urldefense.com/v3/__https://www.iana.org/assignments/jwt/jwt.xhtml__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97iEEp1K0A$ . This is in accordance >>>>>> with the following note we received from IANA: >>>>>> >>>>>> "Note: in accordance with recent practice, the change controller for >>>>>> this registration has been changed from the IESG to the IETF." >>>>> >>>>> OK >>>>> >>>>> >>>>>> >>>>>> b) We have cut the URL to the registry mentioned in Section 6.2 to >>>>>> match Section 6.1. Please let us know any objections. >>>>> >>>>> OK >>>>> >>>>> >>>>>> >>>>>> c) We have removed the quote marks as they do not appear in the >>>>>> corresponding registries. >>>>> >>>>> OK >>>>> >>>>> >>>>>> >>>>>> --> >>>>>> >>>>>> >>>>>> 10) <!-- [rfced] We have added RFC 4648 as an Informative Reference. Please let us know if it should be Normative instead. >>>>>> >>>>>> Original: >>>>>> The subsequent characters in the claim value are the base64 encoded >>>>>> [RFC4648] digest of a canonicalized and concatenated string or binary data >>>>>> based MIME body of the message. --> >>>>>> >>>>> >>>>> Um, I believe that’s okay as Informative, but I might ask our AD if he agrees. >>>>> >>>>> >>>>>> >>>>>> 11) <!--[rfced] We had the following questions related to terminology use >>>>>> throughout the document: >>>>>> >>>>>> a) We note the use of the following similar terms: >>>>>> >>>>>> SIP Identity header >>>>>> Identity header >>>>>> Identity >>>>>> identity >>>>>> >>>>>> Please review these instances and let us know if any updates are >>>>>> necessary for clarity (e.g., should all "Identity header"s be called >>>>>> "SIP Identity header"s). >>>>>> >>>>> >>>>> I mean, I tend to favor being readable over strict on these matters. Scanning through the doc, I think it’s clear that referring to “Identity” in these contexts means the SIP Identity header from the remainder of the sentences in question. >>>>> >>>>> >>>>>> b) We see both: >>>>>> >>>>>> "orig" field >>>>>> "orig" values >>>>>> >>>>>> Should the latter be made "orig" field values? >>>>> >>>>> Where “orig” and “dest” and “iat” are referred to as “fields” (like in 4) that should more properly be “claims”. Claims have a value, so talking about the ‘“orig” value’ is fine. But we should say “claims” instead of “fields” for the few instances where PASSporT elements are referred to as “fields”: >>>>> >>>>> … the “dest” field of the PASSporT … >>>>> >>>>> … so that the “iat” field can be … >>>>> >>>>> … As the “orig” and “dest” field of… >>>>> >>>>> And also the last sentence in 1: … that specifies new fields for use in PASSporTs… >>>>> >>>>> Those should be “claim” or “claims.” (No changes to places where “Identity field” appears, though). >>>>> >>>>> >>>>>> >>>>>> c) We see the following uses of "baseline": >>>>>> >>>>>> i) At a high level, baseline PASSporT [RFC8225] claims provide similar >>>>>> value to... >>>>>> >>>>>> ii) Current usage of baseline [RFC8224] Identity is largely confined to >>>>>> INVITE requests that initiate telephone calls. >>>>>> >>>>>> iii) Per baseline [RFC8224], this specifications leaves it to local policy >>>>>> to determine how messages are handled after verification succeeds or >>>>>> fails. >>>>> >>>>> “Baseline” is being used in all three of cases in its naïve sense, to mean just “as the specification is written.” I would just eliminate the word in all three cases, it isn’t adding much value. >>>>> >>>>> >>>>>> >>>>>> For i), we see the use of "baseline claims" in RFC 8225, so we would >>>>>> simply suggest moving the citation tag as follows: >>>>>> >>>>>> Perhaps: >>>>>> At a high level, baseline PASSporT claims (see [RFC8225]) provide similar >>>>>> value to... >>>>>> >>>>>> For ii), we note that "baseline Identity" is not mentioned in RFC >>>>>> 8224. Please review this text and let us know how to update. >>>>>> >>>>>> For iii), we see RFC 8225 referred to as "the baseline PASSporT >>>>>> specification" in RFC 8224. Please review this text and let us know >>>>>> how to update. >>>>>> >>>>>> Perhaps: >>>>>> Per the guidance in the baseline PASSporT specification [RFC8225], this >>>>>> specification leaves it to local policy to determine how messages >>>>>> are handled after verification succeeds or fails. >>>>>> >>>>>> d) We see both PASSporT Type and PASSporT type. We updated to use the >>>>>> lowercase "type" throughout. Please let us know any objections. >>>>> >>>>> OK >>>>> >>>>> >>>>>> >>>>>> --> >>>>>> >>>>>> >>>>>> 12) <!-- [rfced] Please review the "Inclusive Language" portion of the >>>>>> online Style Guide >>>>>> <https://urldefense.com/v3/__https://www.rfc-editor.org/styleguide/part2/*inclusive_language__;Iw!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97ip7soJ18$ > >>>>>> and let us know if any changes are needed. >>>>>> >>>>>> For example, please consider whether the following should be updated: >>>>>> >>>>>> >>>>>> ...authorized to use the calling party number (or, for native SIP cases,... >>>>> >>>>> I would delete “native”, yes. >>>>> >>>>> >>>>>> >>>>>> >>>>>> In addition, please consider whether "tradition" should be updated for >>>>>> clarity. While the NIST website >>>>>> <https://urldefense.com/v3/__https://www.nist.gov/nist-research-library/nist-technical-series-publications-author-instructions*table1__;Iw!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97iC0E6QT4$ > >>>>>> indicates that this term is potentially biased, it is also ambiguous. >>>>>> "Tradition" is a subjective term, as it is not the same for everyone. >>>>>> >>>>>> >>>>>> ...value to number-based messaging as they do to traditional >>>>>> telephone... >>>>>> >>>>>> ...treatment that differs from traditional delivery expectations of >>>>>> SIP... >>>>>> >>>>>> ...the traditional telephone network and those based on >>>>>> over-the-top... >>>>>> --> >>>>> >>>>> I might just remove “traditional” in all three cases. >>>>> >>>>> Thanks, >>>>> >>>>> - J >>>>> >>>>> >>>>>> >>>>>> >>>>>> Thank you. >>>>>> >>>>>> RFC Editor/kf/mf >>>>>> >>>>>> *****IMPORTANT***** >>>>>> >>>>>> Updated 2023/09/08 >>>>>> >>>>>> RFC Author(s): >>>>>> -------------- >>>>>> >>>>>> Instructions for Completing AUTH48 >>>>>> >>>>>> Your document has now entered AUTH48. Once it has been reviewed and >>>>>> approved by you and all coauthors, it will be published as an RFC. >>>>>> If an author is no longer available, there are several remedies >>>>>> available as listed in the FAQ (https://urldefense.com/v3/__https://www.rfc-editor.org/faq/__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97i6VbbRHo$ ). >>>>>> >>>>>> You and you coauthors are responsible for engaging other parties >>>>>> (e.g., Contributors or Working Group) as necessary before providing >>>>>> your approval. >>>>>> >>>>>> Planning your review >>>>>> --------------------- >>>>>> >>>>>> Please review the following aspects of your document: >>>>>> >>>>>> * RFC Editor questions >>>>>> >>>>>> Please review and resolve any questions raised by the RFC Editor >>>>>> that have been included in the XML file as comments marked as >>>>>> follows: >>>>>> >>>>>> <!-- [rfced] ... --> >>>>>> >>>>>> These questions will also be sent in a subsequent email. >>>>>> >>>>>> * Changes submitted by coauthors >>>>>> >>>>>> Please ensure that you review any changes submitted by your >>>>>> coauthors. We assume that if you do not speak up that you >>>>>> agree to changes submitted by your coauthors. >>>>>> >>>>>> * Content >>>>>> >>>>>> Please review the full content of the document, as this cannot >>>>>> change once the RFC is published. Please pay particular attention to: >>>>>> - IANA considerations updates (if applicable) >>>>>> - contact information >>>>>> - references >>>>>> >>>>>> * Copyright notices and legends >>>>>> >>>>>> Please review the copyright notice and legends as defined in >>>>>> RFC 5378 and the Trust Legal Provisions >>>>>> (TLP – https://urldefense.com/v3/__https://trustee.ietf.org/license-info/__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97ivv60mCc$ ). >>>>>> >>>>>> * Semantic markup >>>>>> >>>>>> Please review the markup in the XML file to ensure that elements of >>>>>> content are correctly tagged. For example, ensure that <sourcecode> >>>>>> and <artwork> are set correctly. See details at >>>>>> <https://urldefense.com/v3/__https://authors.ietf.org/rfcxml-vocabulary__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97i3kdQ3dg$ >. >>>>>> >>>>>> * Formatted output >>>>>> >>>>>> Please review the PDF, HTML, and TXT files to ensure that the >>>>>> formatted output, as generated from the markup in the XML file, is >>>>>> reasonable. Please note that the TXT will have formatting >>>>>> limitations compared to the PDF and HTML. >>>>>> >>>>>> >>>>>> Submitting changes >>>>>> ------------------ >>>>>> >>>>>> To submit changes, please reply to this email using ‘REPLY ALL’ as all >>>>>> the parties CCed on this message need to see your changes. The parties >>>>>> include: >>>>>> >>>>>> * your coauthors >>>>>> >>>>>> * rfc-editor@rfc-editor.org (the RPC team) >>>>>> >>>>>> * other document participants, depending on the stream (e.g., >>>>>> IETF Stream participants are your working group chairs, the >>>>>> responsible ADs, and the document shepherd). >>>>>> >>>>>> * auth48archive@rfc-editor.org, which is a new archival mailing list >>>>>> to preserve AUTH48 conversations; it is not an active discussion >>>>>> list: >>>>>> >>>>>> * More info: >>>>>> https://urldefense.com/v3/__https://mailarchive.ietf.org/arch/msg/ietf-announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97iYlnOK50$ >>>>>> >>>>>> * The archive itself: >>>>>> https://urldefense.com/v3/__https://mailarchive.ietf.org/arch/browse/auth48archive/__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97i78oCEgc$ >>>>>> >>>>>> * Note: If only absolutely necessary, you may temporarily opt out >>>>>> of the archiving of messages (e.g., to discuss a sensitive matter). >>>>>> If needed, please add a note at the top of the message that you >>>>>> have dropped the address. When the discussion is concluded, >>>>>> auth48archive@rfc-editor.org will be re-added to the CC list and >>>>>> its addition will be noted at the top of the message. >>>>>> >>>>>> You may submit your changes in one of two ways: >>>>>> >>>>>> An update to the provided XML file >>>>>> — OR — >>>>>> An explicit list of changes in this format >>>>>> >>>>>> Section # (or indicate Global) >>>>>> >>>>>> OLD: >>>>>> old text >>>>>> >>>>>> NEW: >>>>>> new text >>>>>> >>>>>> You do not need to reply with both an updated XML file and an explicit >>>>>> list of changes, as either form is sufficient. >>>>>> >>>>>> We will ask a stream manager to review and approve any changes that seem >>>>>> beyond editorial in nature, e.g., addition of new text, deletion of text, >>>>>> and technical changes. Information about stream managers can be found in >>>>>> the FAQ. Editorial changes do not require approval from a stream manager. >>>>>> >>>>>> >>>>>> Approving for publication >>>>>> -------------------------- >>>>>> >>>>>> To approve your RFC for publication, please reply to this email stating >>>>>> that you approve this RFC for publication. Please use ‘REPLY ALL’, >>>>>> as all the parties CCed on this message need to see your approval. >>>>>> >>>>>> >>>>>> Files >>>>>> ----- >>>>>> >>>>>> The files are available here: >>>>>> https://urldefense.com/v3/__https://www.rfc-editor.org/authors/rfc9475.xml__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97iEylmKUA$ >>>>>> https://urldefense.com/v3/__https://www.rfc-editor.org/authors/rfc9475.html__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97iWg_ouFg$ >>>>>> https://urldefense.com/v3/__https://www.rfc-editor.org/authors/rfc9475.pdf__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97iTy29TMw$ >>>>>> https://urldefense.com/v3/__https://www.rfc-editor.org/authors/rfc9475.txt__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97ilLQIE8A$ >>>>>> >>>>>> Diff file of the text: >>>>>> https://urldefense.com/v3/__https://www.rfc-editor.org/authors/rfc9475-diff.html__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97it_L51nM$ >>>>>> https://urldefense.com/v3/__https://www.rfc-editor.org/authors/rfc9475-rfcdiff.html__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97i-zUhmzc$ (side by side) >>>>>> >>>>>> Diff of the XML: >>>>>> https://urldefense.com/v3/__https://www.rfc-editor.org/authors/rfc9475-xmldiff1.html__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97i9m1ultE$ >>>>>> >>>>>> The following files are provided to facilitate creation of your own >>>>>> diff files of the XML. >>>>>> >>>>>> Initial XMLv3 created using XMLv2 as input: >>>>>> https://urldefense.com/v3/__https://www.rfc-editor.org/authors/rfc9475.original.v2v3.xml__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97iZpfo5Z8$ >>>>>> >>>>>> XMLv3 file that is a best effort to capture v3-related format updates >>>>>> only: >>>>>> https://urldefense.com/v3/__https://www.rfc-editor.org/authors/rfc9475.form.xml__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97igEa1vTg$ >>>>>> >>>>>> >>>>>> Tracking progress >>>>>> ----------------- >>>>>> >>>>>> The details of the AUTH48 status of your document are here: >>>>>> https://urldefense.com/v3/__https://www.rfc-editor.org/auth48/rfc9475__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97izp6fZsY$ >>>>>> >>>>>> Please let us know if you have any questions. >>>>>> >>>>>> Thank you for your cooperation, >>>>>> >>>>>> RFC Editor >>>>>> >>>>>> -------------------------------------- >>>>>> RFC9475 (draft-ietf-stir-messaging-08) >>>>>> >>>>>> Title : Messaging Use Cases and Extensions for STIR >>>>>> Author(s) : J. Peterson, C. Wendt >>>>>> WG Chair(s) : Ben Campbell, Robert Sparks, Russ Housley >>>>>> Area Director(s) : Murray Kucherawy, Francesca Palombini >>>>>> >>>>>> >>>>> >>>> >>> >> >
- [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-stir-… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-s… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-s… Megan Ferguson
- Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-s… Megan Ferguson
- Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-s… Megan Ferguson
- Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-s… Peterson, Jon
- Re: [auth48] [AD] AUTH48: RFC-to-be 9475 <draft-i… Megan Ferguson
- Re: [auth48] [AD] AUTH48: RFC-to-be 9475 <draft-i… Megan Ferguson
- Re: [auth48] [AD] AUTH48: RFC-to-be 9475 <draft-i… Megan Ferguson
- Re: [auth48] [AD] AUTH48: RFC-to-be 9475 <draft-i… Ben Campbell
- Re: [auth48] [AD] AUTH48: RFC-to-be 9475 <draft-i… Megan Ferguson
- Re: [auth48] [AD] AUTH48: RFC-to-be 9475 <draft-i… Peterson, Jon
- Re: [auth48] [AD] AUTH48: RFC-to-be 9475 <draft-i… Murray S. Kucherawy
- Re: [auth48] [AD] AUTH48: RFC-to-be 9475 <draft-i… Ben Campbell
- Re: [auth48] [AD] AUTH48: RFC-to-be 9475 <draft-i… Peterson, Jon
- Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-s… Megan Ferguson
- Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-s… Megan Ferguson
- Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-s… Ben Campbell
- Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-s… Chris Wendt
- Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-s… Megan Ferguson
- Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-s… Peterson, Jon
- Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-s… Megan Ferguson