Re: [Gen-art] Genart last call review of draft-ietf-stir-passport-shaken-04

Francesca Palombini <francesca.palombini@ericsson.com> Mon, 05 November 2018 02:49 UTC

Return-Path: <francesca.palombini@ericsson.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DF45129619 for <gen-art@ietfa.amsl.com>; Sun, 4 Nov 2018 18:49:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.771
X-Spam-Level:
X-Spam-Status: No, score=-4.771 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=fM5uIjon; dkim=pass (1024-bit key) header.d=ericsson.com header.b=UVBmwbxT
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CBQQp3NiXTWU for <gen-art@ietfa.amsl.com>; Sun, 4 Nov 2018 18:49:07 -0800 (PST)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 565FF1292AD for <gen-art@ietf.org>; Sun, 4 Nov 2018 18:49:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1541386142; x=1543978142; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=p3J5IXBPDhSIQciD3yTP1EmrlPFEbJbypmDui46OuTY=; b=fM5uIjonM6c/UquFjaTlnoK0VjxPH0YLRRN/zgciZFa3J5sNUM4IrgMMNyg4uowD 6QVyVW7et8cQiODbGtBfouRDsOScfrNL7VqzzW6ZtW2CbfAG53rP4DMJIEtIL9n0 nwQ/XSlmi9il5gaB0Qbsrkyf0fsVe6WrGRHCN9q1iv0=;
X-AuditID: c1b4fb2d-425ff7000000434d-43-5bdfaf9e65da
Received: from ESESSMB501.ericsson.se (Unknown_Domain [153.88.183.119]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id 16.6C.17229.E9FAFDB5; Mon, 5 Nov 2018 03:49:02 +0100 (CET)
Received: from ESESBMB505.ericsson.se (153.88.183.172) by ESESSMB501.ericsson.se (153.88.183.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Mon, 5 Nov 2018 03:49:01 +0100
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (153.88.183.157) by ESESBMB505.ericsson.se (153.88.183.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Mon, 5 Nov 2018 03:49:01 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=p3J5IXBPDhSIQciD3yTP1EmrlPFEbJbypmDui46OuTY=; b=UVBmwbxTQBH1mp6qZvJYORMx3q6MTLFRUYjhVOmzVKY62MFI0L+V4olzSSmDjN0PgIgd1pyu0JHWXyBeDaoY0qoYsabeMtkcxo5UjkB2GpP+fD/Ik+yNV7HULPJIdGkXHTj5x7R2RRx2u4J2j+Zuo7NnR67fMAYLGlhGTelft/c=
Received: from AM5PR0701MB2737.eurprd07.prod.outlook.com (10.173.93.139) by AM5PR0701MB2628.eurprd07.prod.outlook.com (10.173.92.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1294.16; Mon, 5 Nov 2018 02:48:59 +0000
Received: from AM5PR0701MB2737.eurprd07.prod.outlook.com ([fe80::b832:cefa:fd12:dfdb]) by AM5PR0701MB2737.eurprd07.prod.outlook.com ([fe80::b832:cefa:fd12:dfdb%3]) with mapi id 15.20.1294.032; Mon, 5 Nov 2018 02:48:59 +0000
From: Francesca Palombini <francesca.palombini@ericsson.com>
To: Chris Wendt <chris-ietf@chriswendt.net>
CC: "gen-art@ietf.org" <gen-art@ietf.org>, "draft-ietf-stir-passport-shaken.all@ietf.org" <draft-ietf-stir-passport-shaken.all@ietf.org>, "stir@ietf.org Mail List" <stir@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
Thread-Topic: Genart last call review of draft-ietf-stir-passport-shaken-04
Thread-Index: AQHUdD2q0tuEP8FRI02bTGQ0/H8A+KVA8RAA
Date: Mon, 05 Nov 2018 02:48:59 +0000
Message-ID: <1352291F-B58F-42BC-913E-A7159CE19531@ericsson.com>
References: <154117528787.7013.6199833371829068074@ietfa.amsl.com> <50F64DCF-E897-4C3F-B77A-6FBA4F8955C5@chriswendt.net>
In-Reply-To: <50F64DCF-E897-4C3F-B77A-6FBA4F8955C5@chriswendt.net>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=francesca.palombini@ericsson.com;
x-originating-ip: [110.170.235.6]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM5PR0701MB2628; 6:juUKYvcG646bozXdbLOF87rm+Zezby5Jfhc++pjdnNw7bJuYhWWuEBUasGjzBQSISYYBWSgJ5F2C89Vu0i2HCvvCLlc9Rg6GjLhhc0NbXkTa+z5BbvQsUbrGtB7p8JLC5vfEcy2daM5FC7nG6a/64lKyZdgXn05hZO51Gc5qVyjnqGp9W4NZHG5Vw2rWRU/ZPOLuTTScdxbAXFovHGpnZxXzK2NyBOUoYfQdULMvkrZN8q0r1PBcibtPKTBEu2qG+PGGHDB88JthLKbTFkRt2pnG8ArNINDjzv/Bnzplzi7zDimTzCyve+tO5i+D2dC8/X8kOCu35bpm/IZ6bSje321Pw1uGyt7Coql+Jv5RogH1RAwPbeX33VJraFlP1oMSPZhuWNQbACzVi49pygWuKiz+lnLMvphjowu18Vun1WSGnwXP8mVbuL7SB1utLrXeLWPDSmtBkG1gASdqbfoaYg==; 5:90hqdkAqGabMsJlmXxMfguR7dSiJReALFTyUGFlNiE7WTcaQVLIEKW3bGqKEUXz/ZQOFmDgB4FHyTbP5Y7uhwq1A+/E6YwGoFbFyl7aMPneqMidj8ZsUeSlrbOBrOyN1g6exPBWxhQ/3jUC/iMYs7o6fOCnNzk+IP8yAzaJoNtk=; 7:EihARmBKHDhccbxaFu/ZbDyWtyvmqnbfc4ucuzF4mocS4VErOKxmWV6EgF6XLc6DU9SaX6S0qe6piP/G9qvDk1nkkKoIFtl40ztm/D1GyXoxJSGT9vWQDN0SBVq33IodZWSdxfMccc6c1QMSZ1y3SQ==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 9f313bac-9feb-4d42-b2d6-08d642c93cca
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:AM5PR0701MB2628;
x-ms-traffictypediagnostic: AM5PR0701MB2628:
x-microsoft-antispam-prvs: <AM5PR0701MB2628F72F91D20242F478A7E598CA0@AM5PR0701MB2628.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(72170088055959)(100405760836317)(248295561703944)(37575265505322);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231382)(944501410)(52105095)(93006095)(93001095)(3002001)(10201501046)(148016)(149066)(150057)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(20161123562045)(201708071742011)(7699051)(76991095); SRVR:AM5PR0701MB2628; BCL:0; PCL:0; RULEID:; SRVR:AM5PR0701MB2628;
x-forefront-prvs: 08476BC6EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(39860400002)(136003)(396003)(346002)(366004)(199004)(189003)(6436002)(6246003)(71190400001)(2906002)(2616005)(86362001)(36756003)(476003)(5660300001)(6306002)(71200400001)(575784001)(6486002)(25786009)(81156014)(478600001)(229853002)(14444005)(446003)(11346002)(6512007)(256004)(99286004)(68736007)(55236004)(486006)(76176011)(54906003)(6506007)(6916009)(26005)(97736004)(106356001)(966005)(105586002)(8936002)(53546011)(4326008)(82746002)(33656002)(8676002)(53936002)(14454004)(81166006)(3846002)(2900100001)(186003)(305945005)(66066001)(316002)(83716004)(44832011)(102836004)(6116002)(7736002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM5PR0701MB2628; H:AM5PR0701MB2737.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: V/2uvb7YilPbZ8XLYsoxj/yuPljr5FKaYPdRojEsriJuc7K2U4AbDtx5PWMj4K4CUnQzX51Pf84u351yj5TqutttJuVNWDkzi6446QxYdnix8ZlCZglArO2r/6Dz0bDEFbZ3xBhggg2tHo5AZnWsRzuKCl9LMLQphm5Gqfq6tDf8aGyJ+5uxnuY0fPorIXWGGGimbdYUbiB16JRoOebzzNhhB/29kE7rCb+dgXAdD40h+X9z4IjdO3Z+rJwcKxL9gGGBkIL0hasrbURGzsYSIUG2BQv2BlFrGb9IjNi57dd2QCv7M6s1vMFSLZ9FcxZqLGyS41TQWYjZOVzmxng2qWJ/p37lJWAyAQpDr5jMJP4=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <1A485839E222A248A533C457FFF9A0F7@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 9f313bac-9feb-4d42-b2d6-08d642c93cca
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Nov 2018 02:48:59.4389 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5PR0701MB2628
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02Sa0hTYRjHec85OzvTFu+m4pOywNGXLlPzAhOkVAy0CCwiQiEbevI+bce8 0QdNQ1Nn85ZosBmJykysTDOdmhpZaShikjdsaJZdvFRSUmkez4K+/d7n/3ve93ngZUi5UeTC xGlTWZ1Wk6ik7ajqc4/SVcaWuQjP3BmluuprF6nuHSsm1a8/fqPUi/dNlLqhuZ0IEIUYSu6K QurqNogwItzOP5pNjEtjdR5HLtjFNpYvEinFPhlXf47Q2eitVyGSMIB9oKhCTxUiO0aOnyLo y74h5gM5XkdQPB0i8B0ChvK8eYnCBhKG21rEQsdNAoYfN9PC4R2C3Nkegm+hsT+MWldEPDvi gzAwnI14icRTCNYsxTQfOODjYCo3IUE6AfmbXbTAXjBpMO/MQeF90PhqfpsZRoqPwsT6KWGk LFifrKZ4luAgmGhd2nkLYQV8z2kieSaxM0wtmAhhTwx1lhFSYCdYmt+0+VEwPl0iFupuMFC/ avMVMGYq2pkZ8BsammtrkRCoYLWy0nbRSTD+WCEFaQxB3u1WW3AIZus/2BqSwaK30gInQs7v dpuzF8x6K2VAXjX/DVuzvSeJ90NLp4eAIVBmDRIMN6gosop5lmIZvKheoGqRyIycOJbjkmK8 vN1ZXVwUxyVr3bVs6gO0/Wv6Hv5SdaCmT4H9CDNIuUtqaJqLkIs0aVxmUj8ChlQ6SgeCt0vS aE1mFqtLjtRdTmS5fuTKUEpnqbvZEi7HMZpUNoFlU1jdv5RgJC7ZKM/+0p3KwQ0GJN1Gk3Et 3yF6prOuX+xHBzSNn95SaK/lRYq3lhXzpUkF5+OHbilC9W2SLwuuM3OD3WVuXNJzP71nacaZ 94z958CKe5UqtxlVY+5mlV6W/kxW/ichpjZ0MGxZ/3L5ybGw0R6JS/zZi7LrvruDO/Y0+Bp6 LVcKZEqKi9UcPkDqOM1fzzyx2jEDAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/OeXPtscPbt8bzYlbT6ctQnemRx8>
Subject: Re: [Gen-art] Genart last call review of draft-ietf-stir-passport-shaken-04
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Nov 2018 02:49:10 -0000

Thanks Chris, these changes address my review comments.

Francesca

On 04/11/2018, 19:55, "Chris Wendt" <chris-ietf@chriswendt.net> wrote:

    Thank Francesca for the review.  Comments inline.
    
    > On Nov 2, 2018, at 12:14 PM, Francesca Palombini <francesca.palombini@ericsson.com> wrote:
    > 
    > Reviewer: Francesca Palombini
    > Review result: Ready with Issues
    > 
    > I am the assigned Gen-ART reviewer for this draft. The General Area
    > Review Team (Gen-ART) reviews all IETF documents being processed
    > by the IESG for the IETF Chair.  Please treat these comments just
    > like any other last call comments.
    > 
    > For more information, please see the FAQ at
    > 
    > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.
    > 
    > Document: draft-ietf-stir-passport-shaken-04
    > Reviewer: Francesca Palombini
    > Review Date: 2018-11-02
    > IETF LC End Date: 2018-11-02
    > IESG Telechat date: Not scheduled for a telechat
    > 
    > Summary: This draft is on the right track but has open issues, described in the
    > review.
    > 
    > Major issues:
    > 
    > * This draft defines the new claim "origid" for the Personal Attestation Token
    > used in the SHAKEN framework, but does not give any privacy considerations
    > about it and its use. [RFC6973] suggests that the privacy considerations of
    > IETF protocols be documented. As required by [RFC7258], work on IETF protocols
    > needs to consider the effects of pervasive monitoring and mitigate them when
    > possible. I don't know SHAKEN well enough to comment on privacy issues on that,
    > but this draft, as part of the IETF work, should have privacy considerations,
    > particularly considering the "origid" claim.
    
    
    Here is my proposed privacy consideration section, looking for any comments if this addresses things properly given the nature of SIP privacy in general.
    
    Privacy Considerations 
    
    As detailed in {{RFC3261}} Section 26 as well as {{RFC3323}}, SIP as a protocol inherently carries identifying information of both the initiator or 'caller' as well as the terminating party or 'callee'. 'origid', as defined in SHAKEN {{ATIS-1000074}} and described in this document is intended to be an opaque and unique identifier that is used by an originating telephone service provider to trace and identify where within their network (e.g. from a gateway or a particular service within their network) the call was initiated, so that either bad actors that may be either trying to illegitamately spoof identities or making fraudulent calls can be identified and likely stopped or held responsibiliy for the fraudulent activities.  While the opaqueness of the 'origid' identifier is intended to keep any direct or implied information regarding the origination of a set of calls that may have the same 'origid' to a minimum, it should be recognized that potential patterns whether intended or not may be able to be discovered.
    
    > 
    > Minor issues:
    > 
    > * Section 4: the term "verified association" is not defined in this document,
    > nor in [RFC8225], nor in the SHAKEN spec referenced. Is there a way to clarify
    > what is meant by it? It could be a reference.
    
    I’ve included a new terminology text as follows to address above comment and comment below:
    
       In addition, the following terms are used in this document:
    
       o  Verified association: is typically defined as an authenticated
          relationship with a device that initiated a call, for example, a
          subscriber account with a specific SIM card or set of SIP
          credentials.
    
       o  PASSporT: Defined in [RFC8225] is a JSON Web Token defined
          specifically for securing the identity of an initiator of personal
          communication.  This document defines a specific extension to
          PASSporT.
    
    > 
    > Nits/editorial comments:
    > 
    > * Terminology: I would have appreciated a short sentence mentioning [RFC8225]
    > in the Terminology section.
    
    see above
    
    > 
    > * Section 9: [RFC8224] appears without link.
    
    fixed
    
    > 
    > * Acknowledgements: "The authors would like
    >   acknowledge the work of the ATIS/SIP Forum IP-NNI Task Force to
    >   develop the concepts behind this document." -> The authors would like to
    >   acknowledge …
    > 
    fixed
    
    > I do not repeat nits and editorials reported by Adam Roach in his review of
    > this version of the document (11-19-2018,
    > https://mailarchive.ietf.org/arch/msg/stir/HxVSCLPGfSgwFuvqLkWSVNI0PtQ )
    > 
    
    I have addressed these issues and plan to submit with list consensus on above text.