[stir] Pay Attention (was Re: Robert Wilton's No Objection on draft-ietf-stir-enhance-rfc8226-03: (with COMMENT))
Robert Sparks <rjsparks@nostrum.com> Mon, 28 June 2021 19:16 UTC
Return-Path: <rjsparks@nostrum.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id A8EC13A09E0
for <stir@ietfa.amsl.com>; Mon, 28 Jun 2021 12:16:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.079
X-Spam-Level:
X-Spam-Status: No, score=-2.079 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, T_SPF_HELO_PERMERROR=0.01,
T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=nostrum.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id ZNr9_7IovXEB for <stir@ietfa.amsl.com>;
Mon, 28 Jun 2021 12:16:31 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 988853A09E7
for <stir@ietf.org>; Mon, 28 Jun 2021 12:16:31 -0700 (PDT)
Received: from unformal.localdomain ([47.186.34.206]) (authenticated bits=0)
by nostrum.com (8.16.1/8.16.1) with ESMTPSA id 15SJGTiH083520
(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO)
for <stir@ietf.org>; Mon, 28 Jun 2021 14:16:29 -0500 (CDT)
(envelope-from rjsparks@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com;
s=default; t=1624907789;
bh=YGTu1xidp6Qokt7fc3b4OZndfjsgJBqRnSb5/FTNqpc=;
h=Subject:To:References:From:Date:In-Reply-To;
b=Rcr23070EdX+j9JoflRSHB/ihQTDWo9roViogmoDjwWWSZeNVaxvhHKxa4gAyBG0m
XhFnCMZiPZqAXJkIHXEMvaaUEpt7Nml0AwVFnDBjjpoNGi5gMgiy12gKmYc7Sk4G8s
iCegOJWdR9pSwKH4cBPkaNU4weXzad8Ujim1fLjk=
X-Authentication-Warning: raven.nostrum.com: Host [47.186.34.206] claimed to
be unformal.localdomain
To: IETF STIR Mail List <stir@ietf.org>
References: <162487263632.15104.7075847684500025031@ietfa.amsl.com>
<A65B0F2A-AAF4-4FC8-87A7-3A40144CEBBB@vigilsec.com>
From: Robert Sparks <rjsparks@nostrum.com>
Message-ID: <4bb5eba6-ddc8-e441-972e-52415f49a65c@nostrum.com>
Date: Mon, 28 Jun 2021 14:16:23 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0)
Gecko/20100101 Thunderbird/78.11.0
MIME-Version: 1.0
In-Reply-To: <A65B0F2A-AAF4-4FC8-87A7-3A40144CEBBB@vigilsec.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/0Ngf4SRv1M6dtxYC7Gioya0_MaM>
Subject: [stir] Pay Attention (was Re: Robert Wilton's No Objection on
draft-ietf-stir-enhance-rfc8226-03: (with COMMENT))
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>,
<mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>,
<mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Jun 2021 19:16:37 -0000
STIR WG - There's a small bit of normative text that is going into this document based on IESG discussion - you've already seen it on list, but I've copied it here for your convenience. I want to make sure you don't miss it (fwiw, I'm fine with it). If anyone has problems with it, reply very soon. RjS On 6/28/21 1:30 PM, Russ Housley wrote: > Rob: > >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> Hi, >> >> Thanks for the document, despite not being my area of expertise I found it easy >> to read and understand. >> >> A couple of minor comments: >> >> (1) Like Erik, when reading section 4, I was wondering whether it would be >> helpful to have an example that included both mustInclude and permittedValues. >> But of course, I note that you effectively do that in section 5. > I hope the change proposed to resolve Erik's comment is also sufficient to resolve your comment. > >> (2) In the security section, it states: >> >> Certificate issuers should not include an entry in mustExclude for >> the "rcdi" claim for a certificate that will be used with the >> PASSporT Extension for Rich Call Data defined in >> [I-D.ietf-stir-passport-rcd]. Excluding this claim would prevent the >> integrity protection mechanism from working properly. >> >> I was wondering whether it would be helpful to include this as RFC 2119 SHOULD >> NOT in 3, or perhaps have a forward reference from the section 3 description of >> mustExclude to the "rcdi" consideration in the security section. > Sure: > > Certificate issuers SHOULD NOT include an entry in mustExclude for > the "rcdi" claim for a certificate that will be used with the > PASSporT Extension for Rich Call Data defined in > [I-D.ietf-stir-passport-rcd]. Excluding this claim would prevent the > integrity protection mechanism from working properly. > > Russ >
- [stir] Robert Wilton's No Objection on draft-ietf… Robert Wilton via Datatracker
- Re: [stir] Robert Wilton's No Objection on draft-… Russ Housley
- [stir] Pay Attention (was Re: Robert Wilton's No … Robert Sparks
- Re: [stir] Pay Attention (was Re: Robert Wilton's… Chris Wendt
- Re: [stir] Robert Wilton's No Objection on draft-… Rob Wilton (rwilton)