IETF Logo Mail Archive

[stir] WGLC Review of draft-ietf-stir-messaging-02

Ben Campbell <ben@nostrum.com> Fri, 06 May 2022 21:03 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A858C159523; Fri, 6 May 2022 14:03:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.076
X-Spam-Level:
X-Spam-Status: No, score=-2.076 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nostrum.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9SQLiFRfUwa6; Fri, 6 May 2022 14:02:58 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D031DC157B48; Fri, 6 May 2022 14:02:54 -0700 (PDT)
Received: from smtpclient.apple (mta-70-120-133-87.satx.rr.com [70.120.133.87] (may be forged)) (authenticated bits=0) by nostrum.com (8.17.1/8.16.1) with ESMTPSA id 246L2pSl066712 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 6 May 2022 16:02:53 -0500 (CDT) (envelope-from ben@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1651870973; bh=3FW4jzOVx909JQIoi6t/2gJmaHrzDBQZZNpaMn9xT2g=; h=From:Subject:Date:Cc:To; b=LpmBa24SrtbzekHRk8UmCh0hA0ZOsK7QQwxBt0OgWkuq9Hqm5pxccgGXuf+ubGE3f 2I5/631K4M8F5n+4tkCdL3bGPHQip7tAmRP8+fK3c+7OiuFAdrn1V5xJcWDHMqnt/S 9as9Z3UqF9ODrIpd07cgz0sH77IXRvqMOVc7oWiA=
X-Authentication-Warning: raven.nostrum.com: Host mta-70-120-133-87.satx.rr.com [70.120.133.87] (may be forged) claimed to be smtpclient.apple
From: Ben Campbell <ben@nostrum.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.80.82.1.1\))
Message-Id: <6CEAEB75-6BC5-4BA9-9FCA-1B1F971655DE@nostrum.com>
Date: Fri, 06 May 2022 16:02:46 -0500
Cc: draft-ietf-stir-messaging@ietf.org
To: IETF STIR Mail List <stir@ietf.org>
X-Mailer: Apple Mail (2.3696.80.82.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/17GVJzyfMdzGGWkQSZ5AR_xCVBk>
Subject: [stir] WGLC Review of draft-ietf-stir-messaging-02
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 May 2022 21:03:03 -0000

(As individual)

Hi,

This is a WGLC review of draft-ietf-stir-messaging-02. I think this is pretty much ready to progress. I have a few minor comments that don’t necessarily need to block progress.

Thanks!

Ben.

Substantive:
----------------

§3.2: 
	• “msgi" MUST NOT appear in PASSporTs with a type other than "msg”…”
		• Why is that? I guess if a VS that does not understand “msgi”, it might verify the sender number but not check integrity even though it was offered. Given that the fallback position is to do neither, is that really a fail?

	• Do we want to say anything about “msgi” interaction with encrypted messages? I assume one would calculate the msgi digest post-encryption.

§3.2.1: “in which case something like out-of-band [RFC8816] conveyance”
	• Would it make sense to also reference servprovider-oob?  (I can be convinced not to make this depend on a WIP draft, but I assume we are talking about an informative reference.)

§7:
	• It might be worth noting that this mechanism does not add any privacy protection to the original message content that wasn’t there in the first place.

§8: 
	• It might be good for the sec cons to refer back to the text about store-and-forward (and any other place we see the messaging use case differ from the calling user case). (No strong feelings on this except that the sec cons feel a bit light.)
	• It might be worth observing that, while “msgi” can contribute to replay prevention for the passport, it does not help with replay of the same identical message.

Editorial:
----------

General: There’s still quite a bit of “could be” language that perhaps “could be” recast as “can be” or even “is”.

Abstract: 

	• s/Persona/Personal
	• Last sentence: I propose “… both for messages carried as a payload in SIP requests and for messages sent in sessions negotiated with SIP.”

§1:
	•  2nd paragraph, first sentence: “… however...” needs commas fore and aft.
	• “… not currently widespread”: That statement is already becoming dated. I propose we just say “Spammers and fraudsters are increasingly turning to…”

§3.2
	• First paragraph, 2nd sentence: “for example” needs commas.
	• “MUST support the following hash algorithms: "SHA256", "SHA384", or "SHA512", which are defined as part of the SHA-2 set of cryptographic hash functions by the NIST.”
		• Is there a reasonable citation?

v2.23.0 | Report a Bug | By Email