Re: [stir] wglc comment: draft-ietf-stir-passport-divert-05
"Peterson, Jon" <jon.peterson@team.neustar> Mon, 15 April 2019 19:00 UTC
Return-Path: <prvs=3008334a6e=jon.peterson@team.neustar>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E9E6120428 for <stir@ietfa.amsl.com>; Mon, 15 Apr 2019 12:00:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.638
X-Spam-Level:
X-Spam-Status: No, score=-0.638 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, KHOP_DYNAMIC=1.363, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=team.neustar
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dg1VP4NoCicY for <stir@ietfa.amsl.com>; Mon, 15 Apr 2019 12:00:50 -0700 (PDT)
Received: from mx0b-0018ba01.pphosted.com (mx0a-0018ba01.pphosted.com [67.231.149.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB27F12043F for <stir@ietf.org>; Mon, 15 Apr 2019 12:00:44 -0700 (PDT)
Received: from pps.filterd (m0078664.ppops.net [127.0.0.1]) by mx0a-0018ba01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x3FIqnxs013474; Mon, 15 Apr 2019 15:00:44 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=team.neustar; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=selector1; bh=hq5NZA/4J+8B0Va8pLkRt2ru/H7SGUNo/hZL32EhVS4=; b=VSpcMC3ePN3LOiOkiKJEqSlEoX6sUCHIIb3FMHwuCA61pT2b/BBXGYi1CG9FR217e+Dq yd+YtyhW2a6XOitRgugI+VmIGkVUfK9KxmdqWqn27QutMEz4bYBKnKV4XnLTuciWxW1J bNk6+Mprk7QRRQiG2uGVHvte2pWj7OdkjRXv6C8tIsepuCWKpSOz9LapjxpTnafxun6t 7KcIrkwQE124G6JmzBaiUXLSQdv8LR0JxHfhQL80hCRxwljfU9jVX3xIPJggj22nCp15 HboGtXKc2Ny5buf7H/UALEh4kKdrfVwyUpTtRPGplh7TKmuUaRrtirkHtiYCPeh/Jpvq nA==
Received: from stntexhc12.cis.neustar.com ([156.154.17.216]) by mx0a-0018ba01.pphosted.com with ESMTP id 2ruadw4gep-1 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 15 Apr 2019 15:00:43 -0400
Received: from STNTEXMB101.cis.neustar.com ([fe80::a831:d3b4:fb4e:e45b]) by stntexhc12.cis.neustar.com ([::1]) with mapi id 14.03.0439.000; Mon, 15 Apr 2019 15:00:42 -0400
From: "Peterson, Jon" <jon.peterson@team.neustar>
To: Robert Sparks <rjsparks@nostrum.com>, "stir@ietf.org" <stir@ietf.org>
Thread-Topic: [stir] wglc comment: draft-ietf-stir-passport-divert-05
Thread-Index: AQHU8XC5ERqnAMLDvk+5Z1JNBTSE3aY9Zd0A
Date: Mon, 15 Apr 2019 19:00:41 +0000
Message-ID: <616C6425-1E2E-44F4-A28D-D4EDB8BAB8F3@team.neustar>
References: <739ed9d7-79f3-867b-6dda-4664b23e971f@nostrum.com>
In-Reply-To: <739ed9d7-79f3-867b-6dda-4664b23e971f@nostrum.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.8.190312
x-originating-ip: [10.96.12.236]
Content-Type: text/plain; charset="utf-8"
Content-ID: <5CD967744F997B4FACBA65C79A1E0364@neustar.biz>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-04-15_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 lowpriorityscore=0 mlxlogscore=785 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1904150130
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/0wb6rf_rJ7zmwS48Ws_3DGKDap4>
Subject: Re: [stir] wglc comment: draft-ietf-stir-passport-divert-05
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Apr 2019 19:00:58 -0000
Well, I’d treat that as a case where there are effectively two chains in the request, each ending with an outermost "div" (as the last sentence of the first paragraph of 4.2 states). If the outermost "div" in one of those chains is malicious, which is to say its signature or attestation doesn't check out, that chain is treated as invalid. The key point is that each chain has an outermost "div", at least with the rough definition of "chain" that I'm trying to use here. If there's a useful way for me to clarify the intention, happy to do it. Jon Peterson Neustar, Inc. On 4/12/19, 1:45 PM, "stir on behalf of Robert Sparks" <stir-bounces@ietf.org on behalf of rjsparks@nostrum.com> wrote: This is a bit of an edge condition thing. Section 4.2 talks about normal verification, and states (maybe implies) that there will only be one outermost PASSport in a chain of "div"s. What if there are two (from someone trying to be malicious)? RjS _______________________________________________ stir mailing list stir@ietf.org https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_stir&d=DwICAg&c=MOptNlVtIETeDALC_lULrw&r=dQ51tLfoGuuFjanmfeKC0weXHNMl9xZnnsIiwRd6IgY&m=JKplr8xRHUpP2VMY3J4NzGLWPjruHaLKAAuv2XwT9d0&s=Wu6Jh31lewMk0RBcsI56rUNDVPBAneE4Mfl3DKGMab4&e=
- [stir] wglc comment: draft-ietf-stir-passport-div… Robert Sparks
- Re: [stir] wglc comment: draft-ietf-stir-passport… Peterson, Jon