[stir] Review of draft-ietf-stir-passport-09

Eric Rescorla <ekr@rtfm.com> Sat, 29 October 2016 11:32 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 11F351294C3 for <stir@ietfa.amsl.com>; Sat, 29 Oct 2016 04:32:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id Neh0KaGGPyh6 for <stir@ietfa.amsl.com>; Sat, 29 Oct 2016 04:32:57 -0700 (PDT)
Received: from mail-yw0-x22c.google.com (mail-yw0-x22c.google.com [IPv6:2607:f8b0:4002:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E43C1294C1 for <stir@ietf.org>; Sat, 29 Oct 2016 04:32:57 -0700 (PDT)
Received: by mail-yw0-x22c.google.com with SMTP id r204so3047980ywb.0 for <stir@ietf.org>; Sat, 29 Oct 2016 04:32:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=6MwMX7cxB7Ch0TsmiW86ojCYsOOX9mCe+HGZtodVJYc=; b=IC5ub3zeWrWYfjFYaf62uuV0G/yMVMUcvtKBVEKMYn5LB5mV0LEUnfpXRB9fBQiT5+ h+XJlu803bzTDgnTeQ/7XYlxeAFTRsgSVoWvw+p9IHW+8NrEF5DmC0zS5O3EDo2xJy5M pdWnmziGsYqptcFkQMdOTOM9vT23GxnSV+LHCpAXRVKiSAAXltaGXYO69AhcNdYxjNw/ kJA/fM7phLKBIYpSbPvUQtpgfJ7s0M15wy/BkTZGi6M02dpZZ7BjqueRVgLLc5va3061 zN+WWPafRCNgSFbaRYL+Yr+L2QaX4fQg0Kuhc+xgqAEwrY4f+O2EGZtMoG1T8FCbZKkS Pkyw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=6MwMX7cxB7Ch0TsmiW86ojCYsOOX9mCe+HGZtodVJYc=; b=HTKPiRQ+bJHGMOTr97Wuzet4Kv/HwQTY3rKaHomwLGynvoyPMT0w/qGnR2PAIQJHss /RPaWYTSKQww2IxvDbFwRNq189PEt+3v7i+8vztt3pfb9cAalPJodSGQdjAJgCDLOmkD NM7hwtoIvgW0/dvujAEaucUgIhZ/HsBjYdzIDTgyfVCGh35v3cgkQtFkamm5oP8kWsGK c3oYEYaEmjYDZMN4dRSvj+LYkgy+QXQm1OiSnBYX0HtMcQeD8zw6s1ytrtvYJaqzEPJg rb+6sq7jS6l3DGEJLkF2Wy1ihHxKoXX8scfCwaWqksZ7Hj3SJIEP4ei0HVLTj9FVA36/ flEw==
X-Gm-Message-State: ABUngvcGLQu/JnSRTcPGkrFsP7lkEIMygXdPlqEFfOTkIC30zNbikgsJJMnot1LrI+SxbPguF5ZR+uFROFirPA==
X-Received: by with SMTP id c185mr9680014ywa.205.1477740776466; Sat, 29 Oct 2016 04:32:56 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Sat, 29 Oct 2016 04:32:16 -0700 (PDT)
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 29 Oct 2016 22:32:16 +1100
Message-ID: <CABcZeBOH+L+AJC40s00tj5QLMOr4XHCkMckFh8tQ5Opsn5qtsQ@mail.gmail.com>
To: "stir@ietf.org" <stir@ietf.org>
Content-Type: multipart/alternative; boundary="001a114214780d61a9053fff5605"
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/03HLzGRQ2T_bBSkuLX4dGeSdbY8>
Subject: [stir] Review of draft-ietf-stir-passport-09
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Oct 2016 11:32:59 -0000

This document would be easier to read if it came with an example
at the beginning (perhaps the one in 9.1).

I've also been thinking about the use of a URL here. This has
the result that it doesn't bind the certificate itself into the
digital signature, but only the URL. So this implies that it's
at least potentially possible to substitute one certificate
for another with the same private key. Is that a concern here?

S 4.3.
Certificate chains are generally self-validating, so can you explain
why you need HTTPS here? Clearly, it's good practice for confidentiality
and to prevent other forms of attack, but still.

S 5.2.

This indentation seems weird. Should you be outdenting the "uri" line.

S 5.2.2.
Given the ambiguity about multiple fingerprints, you should probably
cite the 4572-bis draft.

S 7.
    The using protocol of the compact form of PASSporT MUST

This "using protocol" language is pretty odd. Maybe define a specific
term somewhere else? "application protocol"?

S 9.
   JSON, as a canonical format, can include spaces and line breaks, and
   key value pairs can occur in any order.

Doesn't this mean that JSON isn't canonical?

S A.1, A.2

These aren't actually X.509 structure. Also, the private key in S 8.1
is in an OpenSSL-specific structure. Could you encode it in PKCS#8.