IETF Logo Mail Archive

Re: [stir] Second WGLC: draft-ietf-stir-passport-divert-05

Sean Turner <sean@sn3rd.com> Tue, 16 April 2019 01:35 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52C981202C7 for <stir@ietfa.amsl.com>; Mon, 15 Apr 2019 18:35:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lbwXLjwCV8Kk for <stir@ietfa.amsl.com>; Mon, 15 Apr 2019 18:35:55 -0700 (PDT)
Received: from mail-qt1-x830.google.com (mail-qt1-x830.google.com [IPv6:2607:f8b0:4864:20::830]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56753120222 for <stir@ietf.org>; Mon, 15 Apr 2019 18:35:55 -0700 (PDT)
Received: by mail-qt1-x830.google.com with SMTP id w5so21505318qtb.11 for <stir@ietf.org>; Mon, 15 Apr 2019 18:35:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:mime-version:subject:date:references :to:in-reply-to:message-id; bh=DpyYrUs2AhOibdNswnWD3vuONEcaOfjKUFCTmh279XU=; b=Yfvn5nVJJZZGV+1g9gt5gpNxP5IFV3/0J4wOTbbK0x3AFR4pC5uh3AtR97QMxKOn5+ dRu6iDZQ2hYEYB13kK5UEYTK0tBhBQrkALjyBNR22RRT+W7vOa3dqECC59Y/Doedrwhr ZnlTqS7c9Irj+CjWTWSgg3TWwRZ5F6oi0SUgc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:date:references:to:in-reply-to:message-id; bh=DpyYrUs2AhOibdNswnWD3vuONEcaOfjKUFCTmh279XU=; b=V9HD94F1vZ5uvUaPr0uVu6LqL4ExRkEmNZjCjjWUZAlykpjTzVJgEXbfUQMCE2n9O3 VjQaIcNV4Wa+Y7SgCfV8qXC20EIWxQEeSZteEWNAdcbqJTgsOH/3OnCJ6LSHtN+fAEX+ 13HI+bg+6cgDlYyfZ6IpWRlodToX90Fe0NlmVGp5MjplmroMNfj00ZawEFMYnhljn6dF YbBS/89DNpAEGvcjhCCaqqYjDGYUzHS+TiYkTxSHtNi7fN7rQhMBgyXwWgyvbMiJA5ko hQ3TpUBDM/B+vbIkE/pgdFrHCJPKe2LSLYhbZL4d7wV507Pvs5vfIbHhDhEHsmx33ILD gDWA==
X-Gm-Message-State: APjAAAXaWvC7Xo8mM7mmY/hpyGirb8ops2huKQxJbltyZGxiaBoa3bWv uGllqezwbAo1N1/TyPgkPR4lcOrzPvs=
X-Google-Smtp-Source: APXvYqz4vJhQGu93O+ynQBq3XbylLciYNRY6nFgrKhU9Li5J9mnXmmwEw25DRdE17nHQBOqzMXwAnA==
X-Received: by 2002:a0c:8a2e:: with SMTP id 43mr63237104qvt.198.1555378554088; Mon, 15 Apr 2019 18:35:54 -0700 (PDT)
Received: from sn3rd.lan ([75.102.131.36]) by smtp.gmail.com with ESMTPSA id x12sm4181979qtk.95.2019.04.15.18.35.53 for <stir@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 15 Apr 2019 18:35:53 -0700 (PDT)
From: Sean Turner <sean@sn3rd.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\))
Date: Mon, 15 Apr 2019 21:35:51 -0400
References: <9E2381A8-F39F-425D-BB64-EB39AE1018F6@vigilsec.com>
To: IETF STIR Mail List <stir@ietf.org>
In-Reply-To: <9E2381A8-F39F-425D-BB64-EB39AE1018F6@vigilsec.com>
Message-Id: <31B1DE4C-97A8-496B-809C-5B1496B771CA@sn3rd.com>
X-Mailer: Apple Mail (2.3445.104.8)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/1kPMD9U7oWIcUGtkIF8O4ok84tY>
Subject: Re: [stir] Second WGLC: draft-ietf-stir-passport-divert-05
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2019 01:35:57 -0000

I just had nits and Russ caught most of them.  Here are mine:

0) Example in s3 and s5 should use .cer not .pkx to algin with RFC8225->RFC2985.

1) s3: I think this:

  PASSporTs of type "div-o" (see Section 5)
  MUST contain an "opt”.

Should go in s5 and not in s3 since s3 is just about “div”?

2) s7 - I know UAC is in RFC 8224, but I am not sure that most will know what it is so maybe spell this one out: User Agent Client (UAC). And, should “user agent” in the penultimate para be UAC?

3) s8 - Where is “hi” defined?

4) s10 - There are two sets of registrations so maybe add a new heading level:

10. IANA Considerations

  This documents includes registration for JSON Web Token Claims (see Section 10.1) and PASSporT Type Registrations (see Section 10.2).

10.1 JSON Web Token Claims

   This specification requests that the IANA add two new claims to the
   JSON Web Token Claims registry as defined in [RFC7519].

renumber 10.1. to 10.1.1
renumber 10.2. to 10.1.2

5)  Appendix A has an example key pair and to stop people from being silly and using it anywhere in a production system we should warn them not to:

   WARNING: Do not use the key pair in production systems.

or something like that.

spt


> On Mar 31, 2019, at 16:01, Russ Housley <housley@vigilsec.com> wrote:
> 
> This is the second Working Group Last Call for draft-ietf-stir-passport-divert, which is now at revision -05.
> 
> Please send your comments to the list or the chairs by Friday, 19 April 2019. (This leaves a little over three weeks since many have travel plans after the IETF week).
> 
> Robert and Russ
> _______________________________________________
> stir mailing list
> stir@ietf.org
> https://www.ietf.org/mailman/listinfo/stir

v2.23.0 | Report a Bug | By Email