Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-stir-messaging-08> for your review

"Peterson, Jon" <Jon.Peterson@transunion.com> Thu, 12 October 2023 14:34 UTC

Return-Path: <Jon.Peterson@transunion.com>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3876C1519B1; Thu, 12 Oct 2023 07:34:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transunion.com header.b="XdjBvVYx"; dkim=pass (1024-bit key) header.d=transunion.onmicrosoft.com header.b="kzoyBIY9"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TTf57kQURwlR; Thu, 12 Oct 2023 07:34:45 -0700 (PDT)
Received: from mx0a-00030c01.pphosted.com (mx0a-00030c01.pphosted.com [148.163.156.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 694A4C151710; Thu, 12 Oct 2023 07:34:45 -0700 (PDT)
Received: from pps.filterd (m0216093.ppops.net [127.0.0.1]) by mx0a-00030c01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 39CEQHnY023553; Thu, 12 Oct 2023 09:34:39 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transunion.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=tuppdkim; bh=0nVz3wMWi4L5sXTWsGE2yDV/ehayT5Z5fvP4D/CgdR4=; b=XdjBvVYxACmqaz6ni+Pvn27Z5tzTWqyoQ7ubx8vgrdm5vd5d6CRL/oeks+Lpj32YaF0Q LAmLdgak8y2+5pHiJWt2ic93C4QxsQHP1ACPM8DKPHJKWqi9rlVR3A4CFw8uDolnsH1j WA/u39DeydqBjPJo1npyZ2Uo0+XUycBSmoumRn3mYFPnH7oUP2gxHBKyX5MTVBiROlN6 01NnYwdzuQusCOnEmXJNHwWLI3JoI6QvIYAUYI2G+tlFI/wxwz6JF+wOUKKwxSZ08ZuO 3CfxKZVhG+bxy9gk5ddwN/XkrO39RPqrwFrG/W4RCm7Z5oBVbrV0ME/6OuLTqbLFteXi 0A==
Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-00030c01.pphosted.com (PPS) with ESMTPS id 3tpjdu04ct-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 12 Oct 2023 09:34:38 -0500
Received: from m0216093.ppops.net (m0216093.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 39CEYbmT012985; Thu, 12 Oct 2023 09:34:37 -0500
Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11lp2169.outbound.protection.outlook.com [104.47.56.169]) by mx0a-00030c01.pphosted.com (PPS) with ESMTPS id 3tpjdu046w-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 12 Oct 2023 09:34:37 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=N76vN4Yb64oSf7NcCu4g4jgDiDNd55O3L1CYL/3TcyEWu1EsCDQCsk8ORk0xObxpLwyUtY/ZBH+IH5NKxhdPh8HLOhtFl5AHM6L8H1wGlCqP3okfXhXO6k1EjvendwLXHG86Fc/WAnUsewSqRv01p1/QGrjUYCFuLRi74MoVLOn0daqAxDs+jKCjiXGIg+dnhMYBWmN3IgFbe0P3eMGaPW2s+Wg9MJ/38uAHFTqU6FlWmxNpzlhCibeRmJntfTXZBP3E2EUWIxUhK3x1My8mNTnh6pTf3uHq/dBiX69kQeIWFr2f8HtZSeWzckGgWXfW1auFAdpEUM2Simeo2vvp8g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0nVz3wMWi4L5sXTWsGE2yDV/ehayT5Z5fvP4D/CgdR4=; b=PjJbvAdN+FoiYI9i/tMN8TmS3Z1fOn/RMPYFzHFDQlScuWR7tgt1I8RiWJV2gTDcFT3r9Q0cPN9Wxgi6uWLGjz5LFtVJnx1dZn1F0cf+Fe/sRFXt6XX1AbYzanQm7bD5x6yue8tmVP0iRNDcBpXldXwX1HnJ148ABnt19mMEcw9IeoT4cRClR6/RB1G8kEdChXlDP6EVlJ8JYyaKl49hqBg5AoLq/8Z7o+c9ekOYXme4/sjhYFCcOuLSjye41lx0dEnjnlmD2H/gA3lusKO9xUUNLxtUrqErzZKDnpfmxGWo9yfwuP4R9vv0OLtAFoMrJ/qiKDfy0nqmn4iljfXTrQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=transunion.com; dmarc=pass action=none header.from=transunion.com; dkim=pass header.d=transunion.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transunion.onmicrosoft.com; s=selector2-transunion-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0nVz3wMWi4L5sXTWsGE2yDV/ehayT5Z5fvP4D/CgdR4=; b=kzoyBIY9SLpwfpZ5fYBYUKpMUetANU+JNdGiJ+7xqZ9XqybuVcFpCjPYPeq9D4n9le8cbMAA4wu1XpueDY/gDBF1NCbkDwSnfrmKaRf9RSaaxNHyUp1HNJYmo6Ta/soobvgPnF5MkZYo1i7CKYhl8zNFQ+BeE7VIhUnT5k64lO8=
Received: from CO6PR17MB4978.namprd17.prod.outlook.com (2603:10b6:303:139::23) by PH0PR17MB6511.namprd17.prod.outlook.com (2603:10b6:510:299::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.38; Thu, 12 Oct 2023 14:34:05 +0000
Received: from CO6PR17MB4978.namprd17.prod.outlook.com ([fe80::d2bd:ac51:deb2:6f8b]) by CO6PR17MB4978.namprd17.prod.outlook.com ([fe80::d2bd:ac51:deb2:6f8b%4]) with mapi id 15.20.6863.043; Thu, 12 Oct 2023 14:34:05 +0000
From: "Peterson, Jon" <Jon.Peterson@transunion.com>
To: Megan Ferguson <mferguson@amsl.com>, "jon.peterson@team.neustar" <jon.peterson@team.neustar>, "chris-ietf@chriswendt.net" <chris-ietf@chriswendt.net>
CC: "stir-ads@ietf.org" <stir-ads@ietf.org>, "stir-chairs@ietf.org" <stir-chairs@ietf.org>, "ben@nostrum.com" <ben@nostrum.com>, "Murray S. Kucherawy" <superuser@gmail.com>, "auth48archive@rfc-editor.org" <auth48archive@rfc-editor.org>, RFC Editor <rfc-editor@rfc-editor.org>
Thread-Topic: AUTH48: RFC-to-be 9475 <draft-ietf-stir-messaging-08> for your review
Thread-Index: AQHZ4qCnDgoYMJOhZEyI8bijdynVsrAnY0iAgB73cVU=
Date: Thu, 12 Oct 2023 14:34:04 +0000
Message-ID: <CO6PR17MB4978C738B2E68B613628A2E7FDD3A@CO6PR17MB4978.namprd17.prod.outlook.com>
References: <20230908220539.01450631CA3@rfcpa.amsl.com> <C7170A35-B3DB-4E08-B2DE-E532335B3FF1@amsl.com>
In-Reply-To: <C7170A35-B3DB-4E08-B2DE-E532335B3FF1@amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CO6PR17MB4978:EE_|PH0PR17MB6511:EE_
x-ms-office365-filtering-correlation-id: ba03c964-3ab0-488e-c562-08dbcb30493c
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: faJNsh7YgWq79pYh0wBa/gKU4HJjrhnTBfcvRmz/xXehobe8CcG4pnDem1vBlSNYVLp9zM8Yaed7G2QpJhcCa38PCmIOoVlY419FprbUvrnibicDpnDskOOGrkjlny0grkJ4Ejd5gipZ0qlTcwyW/61+OaLiZWCn4AgAt9rKbBj4qTzxcFlOxUh7qXGdE20EbJh8irMgLRvx7D7NVjlu8i3v2f3qEbsdRF89sWaB2KOzuxVvA7NhHvL14n4Yb+Gd/OfF73IiYrh6NL5gZ5YH5dfET3Szrb+glySOEtDluPRoxDjTNtLqnD4edjtKo1RfBrW4m3SW/dX4e/NJUfy6ik12IhxrQZCpJkBAeYiTVvo5WzxQTryWokW1sWKumlaBMeYuuzRpmO6NpSmBahwqdtdIxvXw2o+WPHBlsOiGYGVHZe+EBNTYiQEOK6G1WiiC/12Xd7w3E5xML0HpXcPlgADuLBsdHgGAB8goD+9UPlPp06bnkGR0QzSfv5m/wd8CuZ/YfjPT5PXWTLey2+puadw7cy5LpHj/jaJzVE+2/1tkhyqEvgA72dT49iX2jvVT2HSf0nihIG7L399btdRiN7YEMbmgwaDs3M0QTTH6+E0=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO6PR17MB4978.namprd17.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(39860400002)(376002)(366004)(346002)(136003)(396003)(230922051799003)(186009)(451199024)(1800799009)(64100799003)(38100700002)(55016003)(66899024)(66556008)(8936002)(166002)(33656002)(5660300002)(122000001)(26005)(9686003)(66574015)(8676002)(110136005)(64756008)(4326008)(6506007)(83380400001)(66946007)(54906003)(66446008)(76116006)(41300700001)(53546011)(2906002)(478600001)(38070700005)(966005)(52536014)(7696005)(71200400001)(86362001)(30864003)(316002)(66476007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: uePfv4HNywDnuXv/NxOHr+BzlV4EP+3vbo1oHUHcHtY9gWbBmGUfXYr+quq54cNDKKxFoU9AH08iysVZ8lgG+lRAIMs82g6Aquwwzg7tXuLI0Hl83lUGsYcSIAwIEwCUF5Vznd6tCLWuY52OaHxHZrNv21mdBk2VDM+UYCaJgGciJRqbZAt21Z5ueovqMhnahVw5ViMmT0txs/OPqSS8zT2bOmziyOFKliCet+cbjgJdl9Pu02+ZRPY/YCla59yGr8o5unxZ32REvnmFCEtca7MxMiCgxaGm30XbdztLml/6mD0WfHRQaxSvMJqY41sS/LemWV36A0Bs2u7gioeRbLmOOj7l3zTaLUTlIxU0QrNwu6aBRpqFCLnnLhpbqjnbuSIqv44oS44EoXH8hcgC1uxlpPKKQKVcGvLWFBXWvHhWBEwqhu2vwVmF+N7hHYnWc0cyLf4zY64MPAYXPfSe5wO8iuN/r5RaOyZTjru+NcspfKb3ZpCab8pb9/kndfBnxaIq8QAbI1eDgKUXjgPIwTX5IMGSIfN1FoDS4pjOvKuFV+xrr+D6IXec2DzmTd8dzozJfMs4/nreLjl1bHiNWbZVTYBIgAF7bPd79kz3v3Cu7gHI69AKi4YIOlLoaUA1U+k5VqqmC0z3Clc3XqVg0jwsUSCIDti17QCR/KE8QihBE0cu+l2qpzktgyTq7Av8loIFdpju5C8yMnBVPokVgsDOLLf7iCu3rgAd4HLq3vgowhUmc8SAXbDIJDuZdlrK8htng0QYjDG1uz8dm3M++5paRahzFN9/WDj+C+8Mw9Av3al8cm7NRpNSTtBw1Mgu4GyvpZsoLK3w3PJHbBxJITWTKMF3DE+fw/7X0iKpX0khUliSWfwTXLJGYDYK5Aa6yxz4HSmlg6MLd8YVcIvNvJ5bxYLGLxTf8Nx8kUIvsmf+5/aZYR7Lf4RViN0bpTIaOQ54tw5LkfsIkNKNzePf0MMTpP2Cku21cCIj/dWp2dbXqv7DpopSGlnmO5jk8b0XWmAYMEgchwf1Hy2ENuG5v2FV0oF5rtom6bUpJsUOSuK6FQ1Pn6yw6XSl6sgjjdaGXvJ/pCLksTZI+pKt1ZTzrvZ8k6xSBSCcGJ3gexYcWiw78vSycxe4iUGS43sJTaBhamxFj9s0rImKesICTuK0MigN3JWXVMiC6bdUWKdLdhfKzkTpr2QyAEwHBG1FgbwCAalBGNESFh7NXsW84qvvBMR4h/wokUqZNfINzWJS2/n/pNOfeN27bj+qfIB9Srw9NaiC6+MzpztpcsL0u+e3SZATK8Xfl9VC9HBVA4hrBe+164v0dWnEkaBrk48ESka2ZREdbRk+CoTft5/1nBPwU0MGuUuiCCpYR7VxAlxbwJfBepyzskigjhVn6ibuI5+U9Vy9bHkA+x6nno/fw//bshH0BhCWwXUUZlhx7y6fzbNSlTsnz627LDzvdgDHs+fjfqGSpB6k+cGw9ZoUVFKADUiCyWu0OaRhjfOlu9f4m3ah6ecjAyYgIhvx5ryY6mBvsYKR0PsY/GAgT3eWv+Kvv0i1/c69pMBJrc1luq4D83JfI6wPFcHQKOUolDgLSQOOhu/T81JAGx7Y3R/5KeyqwRgMqWpU//A93cUxAE0B9gs=
Content-Type: multipart/alternative; boundary="_000_CO6PR17MB4978C738B2E68B613628A2E7FDD3ACO6PR17MB4978namp_"
MIME-Version: 1.0
X-OriginatorOrg: transunion.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO6PR17MB4978.namprd17.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ba03c964-3ab0-488e-c562-08dbcb30493c
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Oct 2023 14:34:04.9737 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0685d760-4332-4f24-b2ea-ffbbc2383f15
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: hGOz2I8efRLQDKjQuQ2R2sRqDGaKOS+5H4WuKwS+dEqiyaIFKMKo8eThTiH1a9uOKFJDElMIhHwETu9BNXYuGVBKxH1lZbLQGMUam2WTuMc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR17MB6511
X-Proofpoint-GUID: WIwaR52gWHMNpkGllSL0FJuWk9Y9qa4C
X-Proofpoint-ORIG-GUID: urVGByR_OafXUYa4PS8kGkXj2hNADmu-
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.267,Aquarius:18.0.980,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-10-12_05,2023-10-12_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 malwarescore=0 bulkscore=0 priorityscore=1501 impostorscore=0 mlxlogscore=999 adultscore=0 mlxscore=0 spamscore=0 suspectscore=0 clxscore=1011 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2309180000 definitions=main-2310120120
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/n6BIYzZ5VbmVdBijgQO4c473i-c>
Subject: Re: [auth48] AUTH48: RFC-to-be 9475 <draft-ietf-stir-messaging-08> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Oct 2023 14:34:49 -0000

Sorry for the late reply, some comments inline.

> On Sep 8, 2023, at 4:05 PM, rfc-editor@rfc-editor.org wrote:
>
> Authors,
>
> While reviewing this document during AUTH48, please resolve (as necessary) the following questions, which are also in the XML file.
>
> 1) <!-- [rfced] Please note that the title of the document has been
>     updated as follows:
>
> Abbreviations have been expanded per Section 3.6 of RFC 7322 (“RFC
> Style Guide”). Please review.
>
> Original:
> Messaging Use Cases and Extensions for STIR
>
> Current:
> Messaging Use Cases and Extensions for Secure Telephone Identity
> Revisited (STIR)
>
> -->
OK

>
>
> 2)  <!--[rfced] We had two questions about the first sentence in the
>      Abstract:
>
> a) Should "protocol" or "problem statement" or some other noun follow
> the expansion of STIR in this text?  If we cut "STIR" and just read
> with the expansion, this sounds a bit odd.
>
> b) May we break up this sentence as suggested below for the ease of
> the reader?
>
> Original:
> Secure Telephone Identity Revisited (STIR) provides a means of
> attesting the identity of a telephone caller via a signed token in
> order to prevent impersonation of a calling party number, which is a
> key enabler for illegal robocalling.
>
> Perhaps:
> The Secure Telephone Identity Revisited (STIR) protocol provides a
> means of attesting the identity of a telephone caller via a signed
> token.  This prevents impersonation of a calling party number, which
> is a key enabler for illegal robocalling.
>
I think the original is better.

>
> -->
>
>
> 3) <!--[rfced] FYI - we have broken up the information in the following
>     sentence to make it easier for the reader to digest.  Please let
>     us know if these changes have deviated from your intended
>     meaning.
>
> Original:
>   For the first case, where SIP negotiates a session where the media
>   will be text messages or MIME content, as, for example, with the
>   Message Session Relay Protocol (MSRP) [RFC4975], the usage of STIR
>   would deviate little from [RFC8224].
>
> Current:
>   In the first case described in Section 3, SIP negotiates a
>   session in which the media will be text messages or MIME content, as,
>   for example, with the Message Session Relay Protocol (MSRP)
>   [RFC4975].  This usage of STIR would deviate little from [RFC8224].
> -->
>
I would eliminate “described in Section 3” since this is the first sentence of Section 3.1 – we know where we are.  “In the first case, Sip negotiates a session” etc. Otherwise current is fine.

>
> 4) <!--[rfced] Can the timestamp itself order things?  Or can the
>     timestamp be used to order things?
>
> Original:
> ...duplicate messages are easily detected,
>   and the timestamp can order messages displayed to the user inbox in a
>   way that precludes showing stale messages as fresh.
>
> Perhaps:
> ...duplicate messages are easily detected, and the timestamp can be
>   used to order messages displayed in the user inbox in a way that
>   precludes showing stale messages as fresh.
> -->
>
Your perhaps option looks good.

>
> 5) <!--[rfced] FYI - We have updated the expansion of MMS as follows to
>     match more common use in recent RFCs.  Please let us know any
>     objections:
>
> Original:
> multimedia message system (MMS)
>
> Current:
> Multimedia Messaging Service (MMS)
> -->
OK

>
>
> 6) <!--[rfced] How may we update this text for clarity?  We do not see
>     "profiles" in RFC 8226.  (Note that we have made the change from
>     "profiles defines" to "profiles define" pending more
>     information).
>
> Original:
> The [RFC8226] STIR certificate profiles defines...
>
> Perhaps:
> "Secure Telephone Identity Credentials: Certificates" [RFC8226] defines...
>
> Or perhaps:
> The STIR certificate profiles defined in [RFC8226]...
> -->
>
I think “profiles” and “defines” in the original were just a redundant typo. Your “Perhaps” is correct: “[RFC8226] defines”.

>
> 7) <!--[rfced] This sentence describes a lot of things being "contain"ed.
>     Might a rephrase benefit the reader?  If so, please let us know
>     how we may update.
>
> Original:
> As the "orig" and "dest" field of PASSporTs may contain URIs
> containing SIP URIs without telephone numbers, the STIR for messaging
> mechanism contained in this specification is not inherently
> restricted to the use of telephone numbers.
>
>
Yeah that’s pretty bad. How about:
As the “orig” and “dest” field of PASSporTs may contain SIP URIs without telephone numbers, the STIR for…

>
> -->
>
>
> 8) <!--[rfced] May we update the following to avoid awkward hyphenation?
>
> Original:
> This specification offers no guidance on certification authorities who
> are appropriate to sign for non-telephone number "orig" values.
>
> Perhaps:
> This specification offers no guidance on certification authorities who
> are appropriate to sign for "orig" values that are not for use with
> telephone numbers.
>
How about: This specification offers no guidance on appropriate certification authorities for desigining “orig” values that do not contain telephone numbers.

> -->
>
>
> 9) <!--[rfced] Please note the following about the IANA Considerations
>     and IANA-related text in the document:
>
> a) Please note that we have changed IESG to be IETF for the Change
> Controller of the "msgi" registration at
> https://urldefense.com/v3/__https://www.iana.org/assignments/jwt/jwt.xhtml__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97iEEp1K0A$<https://urldefense.com/v3/__https:/www.iana.org/assignments/jwt/jwt.xhtml__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97iEEp1K0A$> .  This is in accordance
> with the following note we received from IANA:
>
> "Note: in accordance with recent practice, the change controller for
> this registration has been changed from the IESG to the IETF."
OK

>
> b) We have cut the URL to the registry mentioned in Section 6.2 to
> match Section 6.1.  Please let us know any objections.
OK

>
> c) We have removed the quote marks as they do not appear in the
> corresponding registries.
OK

>
> -->
>
>
> 10) <!-- [rfced] We have added RFC 4648 as an Informative Reference. Please let us know if it should be Normative instead.
>
> Original:
>   The subsequent characters in the claim value are the base64 encoded
>   [RFC4648] digest of a canonicalized and concatenated string or binary data
>   based MIME body of the message. -->
>
Um, I believe that’s okay as Informative, but I might ask our AD if he agrees.

>
> 11) <!--[rfced] We had the following questions related to terminology use
>     throughout the document:
>
> a) We note the use of the following similar terms:
>
> SIP Identity header
> Identity header
> Identity
> identity
>
> Please review these instances and let us know if any updates are
> necessary for clarity (e.g., should all "Identity header"s be called
> "SIP Identity header"s).
>
I mean, I tend to favor being readable over strict on these matters. Scanning through the doc, I think it’s clear that referring to “Identity” in these contexts means the SIP Identity header from the remainder of the sentences in question.

> b) We see both:
>
> "orig" field
> "orig" values
>
> Should the latter be made "orig" field values?
Where “orig” and “dest” and “iat” are referred to as “fields” (like in 4) that should more properly be “claims”. Claims have a value, so talking about the ‘“orig” value’ is fine. But we should say “claims” instead of “fields” for the few instances where PASSporT elements are referred to as “fields”:
… the “dest” field of the PASSporT …
… so that the “iat” field can be …
… As the “orig” and “dest” field of…
And also the last sentence in 1:  … that specifies new fields for use in PASSporTs…
Those should be “claim” or “claims.” (No changes to places where “Identity field” appears, though).

>
> c) We see the following uses of "baseline":
>
>   i) At a high level, baseline PASSporT [RFC8225] claims provide similar
>   value to...
>
>   ii) Current usage of baseline [RFC8224] Identity is largely confined to
>   INVITE requests that initiate telephone calls.
>
>   iii) Per baseline [RFC8224], this specifications leaves it to local policy
>   to determine how messages are handled after verification succeeds or
>   fails.
“Baseline” is being used in all three of cases in its naïve sense, to mean just “as the specification is written.” I would just eliminate the word in all three cases, it isn’t adding much value.

>
> For i), we see the use of "baseline claims" in RFC 8225, so we would
> simply suggest moving the citation tag as follows:
>
>   Perhaps:
>   At a high level, baseline PASSporT claims (see [RFC8225]) provide similar
>   value to...
>
> For ii), we note that "baseline Identity" is not mentioned in RFC
> 8224.  Please review this text and let us know how to update.
>
> For iii), we see RFC 8225 referred to as "the baseline PASSporT
> specification" in RFC 8224.  Please review this text and let us know
> how to update.
>
>   Perhaps:
>   Per the guidance in the baseline PASSporT specification [RFC8225], this
>   specification leaves it to local policy to determine how messages
>   are handled after verification succeeds or fails.
>
> d) We see both PASSporT Type and PASSporT type.  We updated to use the
> lowercase "type" throughout.  Please let us know any objections.
OK

>
> -->
>
>
> 12) <!-- [rfced] Please review the "Inclusive Language" portion of the
>     online Style Guide
>     <https://urldefense.com/v3/__https://www.rfc-editor.org/styleguide/part2/*inclusive_language__;Iw!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97ip7soJ18$ >
>     and let us know if any changes are needed.
>
> For example, please consider whether the following should be updated:
>
>
> ...authorized to use the calling party number (or, for native SIP cases,...
I would delete “native”, yes.

>
>
> In addition, please consider whether "tradition" should be updated for
> clarity.  While the NIST website
> <https://urldefense.com/v3/__https://www.nist.gov/nist-research-library/nist-technical-series-publications-author-instructions*table1__;Iw!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97iC0E6QT4$ >
> indicates that this term is potentially biased, it is also ambiguous.
> "Tradition" is a subjective term, as it is not the same for everyone.
>
>
> ...value to number-based messaging as they do to traditional
> telephone...
>
> ...treatment that differs from traditional delivery expectations of
> SIP...
>
> ...the traditional telephone network and those based on
> over-the-top...
> -->
I might just remove “traditional” in all three cases.
Thanks,
- J

>
>
> Thank you.
>
> RFC Editor/kf/mf
>
> *****IMPORTANT*****
>
> Updated 2023/09/08
>
> RFC Author(s):
> --------------
>
> Instructions for Completing AUTH48
>
> Your document has now entered AUTH48.  Once it has been reviewed and
> approved by you and all coauthors, it will be published as an RFC.
> If an author is no longer available, there are several remedies
> available as listed in the FAQ (https://urldefense.com/v3/__https://www.rfc-editor.org/faq/__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97i6VbbRHo$ ).
>
> You and you coauthors are responsible for engaging other parties
> (e.g., Contributors or Working Group) as necessary before providing
> your approval.
>
> Planning your review
> ---------------------
>
> Please review the following aspects of your document:
>
> *  RFC Editor questions
>
>   Please review and resolve any questions raised by the RFC Editor
>   that have been included in the XML file as comments marked as
>   follows:
>
>   <!-- [rfced] ... -->
>
>   These questions will also be sent in a subsequent email.
>
> *  Changes submitted by coauthors
>
>   Please ensure that you review any changes submitted by your
>   coauthors.  We assume that if you do not speak up that you
>   agree to changes submitted by your coauthors.
>
> *  Content
>
>   Please review the full content of the document, as this cannot
>   change once the RFC is published.  Please pay particular attention to:
>   - IANA considerations updates (if applicable)
>   - contact information
>   - references
>
> *  Copyright notices and legends
>
>   Please review the copyright notice and legends as defined in
>   RFC 5378 and the Trust Legal Provisions
>   (TLP – https://urldefense.com/v3/__https://trustee.ietf.org/license-info/__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97ivv60mCc$<https://urldefense.com/v3/__https:/trustee.ietf.org/license-info/__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97ivv60mCc$> ).
>
> *  Semantic markup
>
>   Please review the markup in the XML file to ensure that elements of
>   content are correctly tagged.  For example, ensure that <sourcecode>
>   and <artwork> are set correctly.  See details at
>   <https://urldefense.com/v3/__https://authors.ietf.org/rfcxml-vocabulary__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97i3kdQ3dg$ >.
>
> *  Formatted output
>
>   Please review the PDF, HTML, and TXT files to ensure that the
>   formatted output, as generated from the markup in the XML file, is
>   reasonable.  Please note that the TXT will have formatting
>   limitations compared to the PDF and HTML.
>
>
> Submitting changes
> ------------------
>
> To submit changes, please reply to this email using ‘REPLY ALL’ as all
> the parties CCed on this message need to see your changes. The parties
> include:
>
>   *  your coauthors
>
>   *  rfc-editor@rfc-editor.org (the RPC team)
>
>   *  other document participants, depending on the stream (e.g.,
>      IETF Stream participants are your working group chairs, the
>      responsible ADs, and the document shepherd).
>
>   *  auth48archive@rfc-editor.org, which is a new archival mailing list
>      to preserve AUTH48 conversations; it is not an active discussion
>      list:
>
>     *  More info:
>        https://urldefense.com/v3/__https://mailarchive.ietf.org/arch/msg/ietf-announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97iYlnOK50$<https://urldefense.com/v3/__https:/mailarchive.ietf.org/arch/msg/ietf-announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97iYlnOK50$>
>
>     *  The archive itself:
>        https://urldefense.com/v3/__https://mailarchive.ietf.org/arch/browse/auth48archive/__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97i78oCEgc$<https://urldefense.com/v3/__https:/mailarchive.ietf.org/arch/browse/auth48archive/__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97i78oCEgc$>
>
>     *  Note: If only absolutely necessary, you may temporarily opt out
>        of the archiving of messages (e.g., to discuss a sensitive matter).
>        If needed, please add a note at the top of the message that you
>        have dropped the address. When the discussion is concluded,
>        auth48archive@rfc-editor.org will be re-added to the CC list and
>        its addition will be noted at the top of the message.
>
> You may submit your changes in one of two ways:
>
> An update to the provided XML file
> — OR —
> An explicit list of changes in this format
>
> Section # (or indicate Global)
>
> OLD:
> old text
>
> NEW:
> new text
>
> You do not need to reply with both an updated XML file and an explicit
> list of changes, as either form is sufficient.
>
> We will ask a stream manager to review and approve any changes that seem
> beyond editorial in nature, e.g., addition of new text, deletion of text,
> and technical changes.  Information about stream managers can be found in
> the FAQ.  Editorial changes do not require approval from a stream manager.
>
>
> Approving for publication
> --------------------------
>
> To approve your RFC for publication, please reply to this email stating
> that you approve this RFC for publication.  Please use ‘REPLY ALL’,
> as all the parties CCed on this message need to see your approval.
>
>
> Files
> -----
>
> The files are available here:
>   https://urldefense.com/v3/__https://www.rfc-editor.org/authors/rfc9475.xml__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97iEylmKUA$<https://urldefense.com/v3/__https:/www.rfc-editor.org/authors/rfc9475.xml__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97iEylmKUA$>
>   https://urldefense.com/v3/__https://www.rfc-editor.org/authors/rfc9475.html__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97iWg_ouFg$<https://urldefense.com/v3/__https:/www.rfc-editor.org/authors/rfc9475.html__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97iWg_ouFg$>
>   https://urldefense.com/v3/__https://www.rfc-editor.org/authors/rfc9475.pdf__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97iTy29TMw$<https://urldefense.com/v3/__https:/www.rfc-editor.org/authors/rfc9475.pdf__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97iTy29TMw$>
>   https://urldefense.com/v3/__https://www.rfc-editor.org/authors/rfc9475.txt__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97ilLQIE8A$<https://urldefense.com/v3/__https:/www.rfc-editor.org/authors/rfc9475.txt__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97ilLQIE8A$>
>
> Diff file of the text:
>   https://urldefense.com/v3/__https://www.rfc-editor.org/authors/rfc9475-diff.html__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97it_L51nM$<https://urldefense.com/v3/__https:/www.rfc-editor.org/authors/rfc9475-diff.html__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97it_L51nM$>
>   https://urldefense.com/v3/__https://www.rfc-editor.org/authors/rfc9475-rfcdiff.html__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97i-zUhmzc$<https://urldefense.com/v3/__https:/www.rfc-editor.org/authors/rfc9475-rfcdiff.html__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97i-zUhmzc$>  (side by side)
>
> Diff of the XML:
>   https://urldefense.com/v3/__https://www.rfc-editor.org/authors/rfc9475-xmldiff1.html__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97i9m1ultE$<https://urldefense.com/v3/__https:/www.rfc-editor.org/authors/rfc9475-xmldiff1.html__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97i9m1ultE$>
>
> The following files are provided to facilitate creation of your own
> diff files of the XML.
>
> Initial XMLv3 created using XMLv2 as input:
>   https://urldefense.com/v3/__https://www.rfc-editor.org/authors/rfc9475.original.v2v3.xml__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97iZpfo5Z8$<https://urldefense.com/v3/__https:/www.rfc-editor.org/authors/rfc9475.original.v2v3.xml__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97iZpfo5Z8$>
>
> XMLv3 file that is a best effort to capture v3-related format updates
> only:
>   https://urldefense.com/v3/__https://www.rfc-editor.org/authors/rfc9475.form.xml__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97igEa1vTg$<https://urldefense.com/v3/__https:/www.rfc-editor.org/authors/rfc9475.form.xml__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97igEa1vTg$>
>
>
> Tracking progress
> -----------------
>
> The details of the AUTH48 status of your document are here:
>   https://urldefense.com/v3/__https://www.rfc-editor.org/auth48/rfc9475__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97izp6fZsY$<https://urldefense.com/v3/__https:/www.rfc-editor.org/auth48/rfc9475__;!!N14HnBHF!-Go8giMg3oYK7EPYfukRw6EkY7aHj0rvYHbmI9FCnanwAGz_gT_tRpk8nMNJ7HikD5JH3xv-VATz_97izp6fZsY$>
>
> Please let us know if you have any questions.
>
> Thank you for your cooperation,
>
> RFC Editor
>
> --------------------------------------
> RFC9475 (draft-ietf-stir-messaging-08)
>
> Title            : Messaging Use Cases and Extensions for STIR
> Author(s)        : J. Peterson, C. Wendt
> WG Chair(s)      : Ben Campbell, Robert Sparks, Russ Housley
> Area Director(s) : Murray Kucherawy, Francesca Palombini
>
>