[secdir] Secdir last call review of draft-ietf-stir-enhance-rfc8226-04

Phillip Hallam-Baker via Datatracker <noreply@ietf.org> Wed, 30 June 2021 16:37 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C44CB3A2266; Wed, 30 Jun 2021 09:37:32 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Phillip Hallam-Baker via Datatracker <noreply@ietf.org>
To: <secdir@ietf.org>
Cc: draft-ietf-stir-enhance-rfc8226.all@ietf.org, last-call@ietf.org, stir@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.33.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <162507105275.13238.11164075795882105631@ietfa.amsl.com>
Reply-To: Phillip Hallam-Baker <hallam@gmail.com>
Date: Wed, 30 Jun 2021 09:37:32 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/hzZ3FmvvW0OMhUYCRgdhrPsny-4>
Subject: [secdir] Secdir last call review of draft-ietf-stir-enhance-rfc8226-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jun 2021 16:37:33 -0000

Reviewer: Phillip Hallam-Baker
Review result: Ready

This document presents an extension to the JWT Claim Constraints capabilities
described in  RFC 8226. The changes proposed do not substantially change the
security model of the original, they merely provide additional expressive power.

This document is part of an effort to establish a post-facto security
infrastructure for the legacy telephone system which predates any security
technology that could have been used to secure it. As such the principal source
of insecurity is going to be in the quality of the data being used to make
security assertions rather than the expressive power of the assertions
themselves.