Re: [stir] Review of: draft-ietf-stir-passport-05
"Peterson, Jon" <jon.peterson@neustar.biz> Sat, 30 July 2016 01:44 UTC
Return-Path: <prvs=1019f4ad4b=jon.peterson@neustar.biz>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C83C712D13B for <stir@ietfa.amsl.com>; Fri, 29 Jul 2016 18:44:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.601
X-Spam-Level:
X-Spam-Status: No, score=-102.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kw0jrjmGTPfA for <stir@ietfa.amsl.com>; Fri, 29 Jul 2016 18:44:16 -0700 (PDT)
Received: from mx0b-0018ba01.pphosted.com (mx0b-0018ba01.pphosted.com [67.231.157.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4849A12B029 for <stir@ietf.org>; Fri, 29 Jul 2016 18:44:16 -0700 (PDT)
Received: from pps.filterd (m0049401.ppops.net [127.0.0.1]) by m0049401.ppops.net-0018ba01. (8.16.0.17/8.16.0.17) with SMTP id u6U1iDdT020346; Fri, 29 Jul 2016 21:44:13 -0400
Received: from stntexhc10.cis.neustar.com ([156.154.17.216]) by m0049401.ppops.net-0018ba01. with ESMTP id 24c4wc7atx-1 (version=TLSv1 cipher=AES128-SHA bits=128 verify=NOT); Fri, 29 Jul 2016 21:44:12 -0400
Received: from STNTEXMB10.cis.neustar.com ([169.254.5.94]) by stntexhc10.cis.neustar.com ([169.254.4.225]) with mapi id 14.03.0279.002; Fri, 29 Jul 2016 21:44:11 -0400
From: "Peterson, Jon" <jon.peterson@neustar.biz>
To: "dcrocker@bbiw.net" <dcrocker@bbiw.net>
Thread-Topic: [stir] Review of: draft-ietf-stir-passport-05
Thread-Index: AQHR6Pa+qcjKJ8B9hE+IbOWpflw+YqAwC2aA///iyICAACbTAIAAF6MAgAAuNYCAAADFAIAAPsMA
Date: Sat, 30 Jul 2016 01:44:11 +0000
Message-ID: <D3C1C117.1A6A9F%jon.peterson@neustar.biz>
References: <07e0eb16-6758-cdf1-c571-1f1ed768e741@dcrocker.net> <D3C152B2.1A69BA%jon.peterson@neustar.biz> <b096b541-c8af-9617-c9d7-5a1beb5230e8@dcrocker.net> <D3C16040.1A6A09%jon.peterson@neustar.biz> <d66d91f0-9ea2-6295-e749-e48ea37b4892@dcrocker.net> <D3C19686.1A6A4E%jon.peterson@neustar.biz> <dd60178b-fa24-5099-166c-f8a0093cb668@dcrocker.net>
In-Reply-To: <dd60178b-fa24-5099-166c-f8a0093cb668@dcrocker.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.3.160329
x-originating-ip: [10.96.13.16]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <7AC2612CC953CC45BF5296F97914641E@neustar.biz>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-07-30_01:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1604210000 definitions=main-1607300016
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/2Wk6do7uRonE8Jce9m-_Us56yYI>
Cc: IETF STIR Mail List <stir@ietf.org>
Subject: Re: [stir] Review of: draft-ietf-stir-passport-05
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jul 2016 01:44:18 -0000
>> JWT was chosen not because it has any >> exclusive or special applicability to SIP, but instead because it could >> have applicability both to SIP and other protocols. > >Sorry to be repetitious but I do not see that case made, discussed or >agreed to in the working group record. So, the summary of the virtual interim states that the original JWT verified token approach was compared with the concatenated string, but since it does not say in which specific respects they were compared, then I gather that this "working group record" is not sufficient for you to believe that we ever considered the applicability of JWT to multiple protocols in particular? Well, what if the original verified token I-D stated that a goal of the work "is to be separable from any specific signaling call logic, so creation and verification of information can be implemented in a flexible way with minimal dependence on specific signaling constructs." Maybe that's not good enough, the wording is a little wild. Perhaps it could come through a bit more clearly in passport-05, if it stated a goal that PASSporT be "independent of any specific personal communications signaling call logic, so that creation and verification of persona information can be implemented in a flexible way and can be used in many personal communications applications including end-to-end applications that require different signaling protocols." But we're jumping the gun here - when and where was this principle vetted in the working group, to measure whether or not such language belonged in a WG draft? How about if the slides on verified token in the Oct 9 virtual interim included a bullet on how the "separation of the token to signaling specific attributes" has the additional benefit of "applicability to future RTC applications and signaling protocols" (those slides are in the virtual interim proceedings). Still, that could be (ungenerously) read to mean exclusively future protocols, not currently existing ones. So what if the slides that Chris and I sent out for the Oct 16 design team meeting contained a slide called "Not So SIP Specific" that discusses the JWT surviving gateway SIP->XMPP calls as a design goal, and even enabling end-to-end SRTP through a gateway? That same design team slide would need to have been presented in Yokohama at the STIR WG meeting for the confirmation of the working group, of course. Actually, not only was that "Not So SIP Specific" slide reproduced (and presented), but the very first slide my presentation there talked about "a new (well, resurrected) requirement" that the "signature should be transportable outside of SIP" and observes that that wasn't really possible with RFC4474bis before PASSporT. You can read the proceedings/minutes of that discussion - oh wait, you were there, I see your name in the minutes, actually. The minutes also note that Adam Roach expressed interest in using STIR for RTCWeb in particular, so I could furthermore point to Cullen's recent draft (draft-jennings-stir-rtcweb-identity-00) as a "working group record" of our multi-protocol direction, though admittedly that hasn't been discussed outside of the RTCWeb working group - we're trying to get this core work done before we start nailing down the applicability to other protocols, as our charter effectively requires us to do the SIP using protocol for PASSporT first. And lastly, I do seem to recall concluding the STIR working group meeting in Berlin by advertising the forthcoming pivot to these out-of-band use cases. I don't think we need to meet this unusual bar for "working group record" evidence that the case for JWT's applicability to multiple protocols was made, or discussed, or agreed to - though I suspect we would happen to meet it. More importantly, we have agreement among interested and active parties on the PASSporT approach that has led to some initial implementation - or as they call it around here, rough consensus and running code. >What I did see was a repeated claim that using JWT was simpler, which I >suspect is quite simply wrong, if only because it requires more >mechanism that directly adding the necessary information to a SIP header >field. (cf, DKIM, of course.) At last we have identified the root problem here: we didn't use DKIM. I should have guessed - you brought it up in Yokohama too, as I see in the STIR minutes. DKIM was an option we considered for SIP a long time ago... around the time that Domain Keys and IIM were merging, if I recall, though I doubt I could find you a "working group record" of that decision back when RFC4474 was under development. I do see some record that we discussed at least one of aspect of the trade-off between DKIM and PASSporT in Yokohama, but it doesn't seem to have undermined our consensus to use PASSporT. I see no reason to give this much further consideration. Jon Peterson Neustar, Inc.
- Re: [stir] Robocall Strike Force Richard Shockey
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] Robocall Strike Force Paul Kyzivat
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] Robocall Strike Force Tony Rutkowski
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] Robocall Strike Force Tony Rutkowski
- Re: [stir] Robocall Strike Force Richard Shockey
- Re: [stir] Robocall Strike Force Tony Rutkowski
- [stir] Robocall Strike Force Tony Rutkowski
- Re: [stir] Setting Direction for the STIR WG Last… Christer Holmberg
- Re: [stir] Setting Direction for the STIR WG Last… Russ Housley
- Re: [stir] Setting Direction for the STIR WG Last… Russ Housley
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] Setting Direction for the STIR WG Last… DOLLY, MARTIN C
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] Setting Direction for the STIR WG Last… Tony Rutkowski
- Re: [stir] Setting Direction for the STIR WG Last… Brian Rosen
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] Setting Direction for the STIR WG Last… Brian Rosen
- [stir] Setting Direction for the STIR WG Last Call Russ Housley
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Richard Shockey
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Paul Kyzivat
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- [stir] JWT/JSON (was - Re: Review of: draft-ietf-… Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Christer Holmberg
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] Review of: draft-ietf-stir-passport-05 Christer Holmberg
- Re: [stir] Review of: draft-ietf-stir-passport-05 Richard Shockey
- Re: [stir] Review of: draft-ietf-stir-passport-05 Victor Pascual
- Re: [stir] Review of: draft-ietf-stir-passport-05 Christer Holmberg
- Re: [stir] Review of: draft-ietf-stir-passport-05 Chris Wendt
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Peterson, Jon
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Peterson, Jon
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Peterson, Jon
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Peterson, Jon
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Richard Shockey
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Eric Burger
- [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Robocall Strike Force Dave Crocker
- Re: [stir] Robocall Strike Force Dave Crocker
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] Robocall Strike Force Richard Shockey
- Re: [stir] Robocall Strike Force Tony Rutkowski
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] Robocall Strike Force Richard Shockey
- Re: [stir] Robocall Strike Force Paul Kyzivat
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Eric Rescorla
- Re: [stir] Setting Direction for the STIR WG Last… Russ Housley
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Eric Rescorla
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Chris Wendt
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Eric Rescorla
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Eric Rescorla
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Eric Rescorla
- Re: [stir] Review of: draft-ietf-stir-passport-05 Michael Hammer
- Re: [stir] Review of: draft-ietf-stir-passport-05 Eric Rescorla
- Re: [stir] Review of: draft-ietf-stir-passport-05 Chris Wendt
- Re: [stir] Review of: draft-ietf-stir-passport-05 Alex Bobotek
- Re: [stir] Review of: draft-ietf-stir-passport-05 Stephen Farrell
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Chris Wendt