Re: WG Review: Secure Telephone Identity Revisited (stir)
Dave Crocker <dhc@dcrocker.net> Wed, 21 August 2013 19:07 UTC
Return-Path: <dhc@dcrocker.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2114011E811E; Wed, 21 Aug 2013 12:07:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.528
X-Spam-Level:
X-Spam-Status: No, score=-6.528 tagged_above=-999 required=5 tests=[AWL=0.071, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fMpuxIGZl91G; Wed, 21 Aug 2013 12:07:41 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by ietfa.amsl.com (Postfix) with ESMTP id 4FF5A21F9E68; Wed, 21 Aug 2013 12:07:40 -0700 (PDT)
Received: from [192.168.1.66] (76-218-9-215.lightspeed.sntcca.sbcglobal.net [76.218.9.215]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id r7LJ7RLA024392 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 21 Aug 2013 12:07:30 -0700
Message-ID: <52150FD6.8010306@dcrocker.net>
Date: Wed, 21 Aug 2013 12:07:02 -0700
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: ietf@ietf.org
Subject: Re: WG Review: Secure Telephone Identity Revisited (stir)
References: <20130821175202.24713.10458.idtracker@ietfa.amsl.com>
In-Reply-To: <20130821175202.24713.10458.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Wed, 21 Aug 2013 12:07:31 -0700 (PDT)
Cc: stir WG <stir@ietf.org>, The IESG <iesg-secretary@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Aug 2013 19:07:47 -0000
The following mostly are points that I raised within the group's mailing list discussion, during charter development. In my view, they have not yet been adequately resolved: On 8/21/2013 10:52 AM, The IESG wrote: > Please send your comments to the IESG mailing list (iesg > at ietf.org) by 2013-08-28. ... > The STIR working group will specify Internet-based mechanisms that allow > verification of the calling party's authorization to use a particular > telephone number for an incoming call. "use a particular telephone number for an incoming call" has no obvious and unambiguous technical meaning. In fact, it seems to imply the meaning of "authorization to call a particular number". However of course that's not the intended meaning. Since this is the only text in this paragraph that says what the working group will /do/ it should make its statement with clarity and technical substance. That is, the charter needs to use a precise term for specifying the specific role of the number of interest. In earlier drafts, "caller id" was used. The next sentence uses "source telephone number". Perhaps that is acceptable. > Since it has become fairly easy > to present an incorrect source telephone number, a growing set of > problems have emerged over the last decade. As with email, the claimed > source identity of a SIP request is not verified, permitting unauthorized As a matter of form, I'll note the SIP's community's use of "identity" is what is called "identifier" in the identity community. ... > As its priority mechanism work item, the working group will specify a SIP Reference to work priority is only meaningful in the face of a list of tasks that will be considered simultaneously and what it means to give priority to one over another. Based on the lengthy mailing list discussion of in-band vs. out-of-band, it appears that the current charter is actually intended to support simultaneous work on alternative mechanisms, rather than pursuing them sequentially. This should be made explicit. If the requirement is to work on them sequentially, then state that. If the intent is to work on both approaches simultaneously, then say that. ... > In addition to its priority mechanism work item, the working group will > consider a mechanism for verification of the originator during session > establishment in an environment with one or more non-SIP hops, most > likely requiring an out-of-band authorization mechanism. However, the > in-band and the out-of-band mechanisms should share as much in common as > possible, especially the credentials. The in-band mechanism must be sent > to the IESG for approval and publication prior to the out-of-band > mechanism. "in-band and the out-of-band mechanisms should share as much in common as possible" This is the essential text that mandates working on both approaches simultaneously and makes the earliet assertion about priority moot. (Note how far down in the charter this is buried, yet how fundamental a requirement is establishes.) ... > Input to working group discussions shall include: > That's a lengthy list of documents. Why has it left out other documents discussed during charter development and clearly of continuing interest to the effort, namely: A proposal for Caller Identity in a DNS-based Entrusted Registry (CIDER) draft-kaplan-stir-cider-00 An Identity Key-based and Effective Signature for Origin-Unknown Types draft-kaplan-stir-ikes-out-00 d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
- Re: WG Review: Secure Telephone Identity Revisite… Dave Crocker
- Re: WG Review: Secure Telephone Identity Revisite… Christopher Morrow
- Re: WG Review: Secure Telephone Identity Revisite… Christopher Morrow
- Re: WG Review: Secure Telephone Identity Revisite… Hadriel Kaplan
- Re: WG Review: Secure Telephone Identity Revisite… Hannes Tschofenig
- Re: WG Review: Secure Telephone Identity Revisite… Cullen Jennings (fluffy)