[stir] stir 95 meeting notes - raw

"A. Jean Mahoney" <mahoney@nostrum.com> Wed, 06 April 2016 14:56 UTC

Return-Path: <mahoney@nostrum.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4322F12D5DE for <stir@ietfa.amsl.com>; Wed, 6 Apr 2016 07:56:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r9KmiL77dOuG for <stir@ietfa.amsl.com>; Wed, 6 Apr 2016 07:56:20 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D752812D57E for <stir@ietf.org>; Wed, 6 Apr 2016 07:56:16 -0700 (PDT)
Received: from dhcp-8915.meeting.ietf.org ([IPv6:2001:67c:370:136:748f:23e3:67bb:9a35]) (authenticated bits=0) by nostrum.com (8.15.2/8.14.9) with ESMTPSA id u36EuDtJ042339 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for <stir@ietf.org>; Wed, 6 Apr 2016 09:56:15 -0500 (CDT) (envelope-from mahoney@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host [IPv6:2001:67c:370:136:748f:23e3:67bb:9a35] claimed to be dhcp-8915.meeting.ietf.org
To: stir@ietf.org
From: "A. Jean Mahoney" <mahoney@nostrum.com>
Message-ID: <5705238B.4060408@nostrum.com>
Date: Wed, 06 Apr 2016 11:56:11 -0300
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:38.0) Gecko/20100101 Thunderbird/38.7.1
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/stir/38zjqFsnRVj-JtUNrx8Cr_7m2X4>
Subject: [stir] stir 95 meeting notes - raw
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Apr 2016 14:56:22 -0000

Below are my raw notes from the meeting. I marked places where I missed 
stuff with ellipses (...).

Thanks,

Jean


-----------------------------------------------------------------------------------
STIR: IETF 95

Tuesday, Afternoon Session III 1740-1910
Quebracho B

-----------------------------------------------------------------------------------
5m Administrivia

presenter: Robert Sparks
slides:    https://www.ietf.org/proceedings/95/slides/slides-95-stir-0.pdf


Note takers: Brian Rosen and Jean Mahoney
Jabber relay: Sean Turner

Jabber log: http://www.ietf.org/jabber/logs/stir/2016-04-05.html

Note well and agenda were presented. No changes to the agenda.


-----------------------------------------------------------------------------------
10m  Overview of changes across the WG documents

presenter: Sean Turner
slides:    https://www.ietf.org/proceedings/95/slides/slides-95-stir-1.pdf


Brian Rosen asked if it was still true that anyone on path can do the 
verification.
Sean said that it was still true.

No actions.


-----------------------------------------------------------------------------------
30m draft-ietf-stir-rfc4474bis

presenter: Jon Peterson
slides:    https://www.ietf.org/proceedings/95/slides/slides-95-stir-2.pdf


slide 1: Title


slide 2: Divide and Conquer


slide 3: Changes since -06


slide 4: Date Fix

Jonathan Lennox - You need to check for copy-n-paste attacks.

Jon - It's there in the text.

Jon (to the room) - we're cool? The Date fix is the biggest change.

Room had no objections.


slide 5: Extensibility

Chris Wendt - The worst case would be 2 identity headers with two 
tokens. It would nice to combine those.

Jon - Either we build it into ppt or create a MIME type. We can do 
either. There's no good reason to do one or the other. Now we're doing 
nothing. If PASSporT decides to make the MIME type a component of ppt, 
then we don't need to change.

Eric Burger - There might be different network elements that put them 
in. Having multiple headers may be desirable.

Jon - It could. we'll talk about it when we talk about extending with CNAM.

Chris - We want something that can combine them like CNAM.

Jon - It would be nice not to have 15 of these things.


slide 6: Opportunistic STIR

Jon - This is of marginal benefit but still offers some benefit. This is 
not in the main path of deliverables.

Alan Johnston - This is orthogonal to OSRTP. I don't have an opinion on 
this.

Jon - The signature is only as good as the entity that signed over it. 
Can be added without knowledge or consent of the app, but not meddled 
with by a MITM.

Alan - It can't be used in place of OSRTP.

Jon - The draft in dispatch will just point to OSRTP. This doesn't 
replace it. It relies on it. Anyone have a problem with opportunistic STIR?

Room had no objections.


slide 7: Future work

Jon - Please review carefully because of swapping in passport.

Robert Sparks - You need to add a few words about backward compatibility 
into the next draft.

Robert - I see some implementers in room, will you sign up to review?

Martin Dolly, Eric Burger, John Mattsson volunteered

Robert - Is anyone going to SIPit?

Eric Burger - We'll have something.


ACTIONs: Authors to add text on backward compatibility. Martin Dolly, 
Eric Burger, John Mattsson to review draft-ietf-stir-rfc4474bis.


-----------------------------------------------------------------------------------
30m draft-ietf-stir-passport

presenter: Chris Wendt
slides:    https://www.ietf.org/proceedings/95/slides/slides-95-stir-3.pdf


slide 1: Title


slide 2: Overview


slide 3: PASSporT Header

Sean - Have you already registered the MIME Type? It's really easy. Just 
send me email and I can help with that.


slide 4: PASSporT Payload


slide 5: PASSporT Payload


slide 6: PASSporT Payload - Identity Types

Jon - What about Dr. Hardie's comment that they need to be strictly 
typed and extensible? We're not excluding WEBRTC.

Richard Barnes - What about Tel URIs?

Jon - We using otn and dtn. We won't do tel URIs because we want it to 
be canonicalized.

Chris - Should we forbid tel URIs? A passport can have tel URIs, but it 
wouldn't be for 4474bis.

Brian Rosen - a ... is a pretty straight forward thing to canonicalize.

Jon - I'd rather see a phone number in otn and dtn and explain what we 
mean. I would prefer not to see a tel URI.

Chris - You don't have an option for telephone numbers. Must use otn and 
dtn.

Jon - Let me look at it.


slide 7: PASSporT Payload - Media Key

Jon - If it's a telephone number, then use otn and dtn. 4474bis allows 
ouri and dturi.

Christer Holmberg - There are multiple fingerprints.

Chris - It's covered in the text.

Jon - They're alphabetized and concatenated. This is a misalignment 
between passport and 4474bis now. When we'll get to serializing, I'll 
get to it.


slide 8: Multi-Party Communications

Richard - When doing .... you may be tempted to do a string and then 
array, don't.

Chris - There's nothing to prevent it. That can happen in passport and 
4474bis.


slide 9: Extension to PASSporT base claims


slide 10: Extending base claims


slide 11: Extending base claims


slide 12: Defining new set of claims


slide 13: Registering PASSporT extensions

Chris - Any opinions on registering extensions?

Jon - We want to make sure we understand what we're asking people to do. 
People need sufficient guidance when extending passport. What are 
pitfalls? We need to get that language correct.


slide 14: Deterministic JSON serialization

Jon - We can replace the whitespace with a dot or something.

Chris - Or we can just remove it.

Jon - With non-SIP protocols this may be the only place the info is. If 
we want people to be able to look at it. It's not terribly confusing. If 
there was a new session negotiation protocol, and it chose to use 
passport, what would be the form to use? Our responsibility is to be 
more semantically clear. One part gives the algo for the keying. 
Multiple algos listed. The other part, separate.

Chris - a JSON array.

Jon - If it's a one-way hash, it can be crunched together.

Robert - For debugging, I can't think of many cases of visual ambiguity, 
but SHA25 and the first characters are 25 is one.

Chris - ...

Jon - If we're passing the entire object outside of SIP, then base 64 
could be appropriate. In SIP, it should be as human readable as 
possible. Not base 64. I think this is an open issue. We can take a 
couple of cracks at it. We can explore alternate key mechanisms. New 
keys for JWS. It may be sufficient for STIR. We need to get this done. 
We may revise this with an array going forward.

Chris - We should have guidelines for future claims. But we don't have 
text yet. Other than "no whitespace".

Jon - JWS gives guidance. Need to think of semantics. I would prefer to 
see separable characters. Keep the semicolon. Good enough. Anyone here 
upset?

Richard - Don't worry about whitespace in the the JSON string, you'll 
have other problems.

Eric - We can deal with the space.

Chris - I'm ok with the period.

Jon - Have a separator.

Richard - I see no reason why a decoder would want to enforce that.

Russ - It's so that it can hash the same string. Go away.

Chris - Space or period?

Eric - period or vertical bar?

Brian - vertical bar looks too much like an I.

Richard - Use template filling. Write the template in the draft. ...

Jon sends Richard to the corner.

Chris - We'll use a period.

Jon - We need to provide an example. Last meeting, someone was on the 
hook on this. We need to show whole shebang.

Robert - I was supposed to find someone to do the example. Cullen was to 
help me. I would like to borrow from the passport document. Show 
multiple fingerprints in an example.

Chris - I have a tn and uri in that example.

Sean - I want to see an elliptic curve example.


slide 15: Examples


slide 16: passport-02

Jon - I'd like to talk about ECC. There is an email saying we should 
move away from RS256. JWT uses this, which is why we are using it.

John Mattsson - ... both are required.

Jon - This is a certs issue as much as a passport issue. Can I get this 
from web CAs today? No. We can be forward-looking in our implementation. 
Will use existing web PKI from web CAs. There are people who want to use 
commercial web CAs. If we assume that we will build all new CAs for 
this, I've been told that will take too long. Telling regulators that 
we'll wait for implementers is unacceptable. If we can turn on this year.

Chris - EC256 has CPU benefits.

Richard - ECC is technically better.

Chris - can we say both with a preference?

Richard - ECC are generally available in the modern CA market. If you 
use Web PKI, you have to commit to move as fast they move. Getting 
behind means that the devices cannot work. It's worth having a system 
that has its own CAs.

Chris - For future proofing, should we recommend higher keys as well? 
384, 512?

Richard - I don't think I understand. You don't want to specify a single 
elliptic curve. You can say 256 is mandatory to implement and 384 is 
optional. Ensuring that your software is upgradable is an implementation 
issue.

John Mattsson - DHA (? ECDSA?) should be required and RSA is optional.

Chris - CPU

Sean - We need to get this out in 9 months. Would have to stick with 
RSA. You can get elliptic curves. Verify both - be liberal in what you 
receive.

Chris - I like that conclusion.

Jon - Small keys are great. I listen to Russ, Sean, and ekr. I don't 
know about when it's ready for runtime. Russ, please chime in. I don't 
have an opinion.

Russ - Do you need one mandatory to implement. Or can you verify both?

Jon - I'm cool with verifying both.

Richard - Let's Encrypt will have free ECC certs available in the time 
frame.

Eric - One and only one is the way to go. ECC certs will be available. 
Why should we make ourselves do more work?

Russ - Very few EC certs are available today.

Eric - Only one country will be doing this anytime soon, and in that 
market, it doesn't matter that it's a small handful.

Jon - It will matter when you are dragged in front of the FCC. Saying 
that we can't do this today makes me nervous. People want it done today.

Chris - Have it there and then move to ECC.

Jon - This sounds like a road block.

Robert, as chair - I'm not seeing pushback on verifiers having to 
implement more that one algo.

Eric - It's only money.

Robert - If you don't have a cert that uses the ECC, you won't exercise 
that code.

Russ - My sense of the room is that we have verification of both RSA and 
ECC signatures so that we can have a smooth transition to ECC.

Sean - .... why you didn't use the phone number. Add explicit text.

Jon - JWS registration for claims doesn't require a lot of text, but we 
can provide text.
Non-normative text about why we're aren't using the current JWT claim 
for telephone.

Jon - Need to align on MIME type versus ppt.

Chris - we can chat about it. A plus in between - can we settle on that?

Jon - let's just do that. Get this done.

Robert, as chair - There are just a few minutes left in the meeting. 
Should we break and pick it up next session?

Martin Dolly - You need to make extensibility very clear in the 
examples. For instance, I'll be writing up extending passport for the 
Resource-Priority header. I'd like to write that doc in ADIS and do the 
registration in the IETF.

Russ - We had planned to discuss this today, or we can discuss in the 
next session.

Jon - We can do it now.


ACTIONs: Authors to register the MIME type (Done). Have verification of 
both RSA and ECC signatures.


-----------------------------------------------------------------------------------
15m Passport extensibility

presenter: Jon Peterson
slides:    https://www.ietf.org/proceedings/95/slides/slides-95-stir-4.pdf


slide 1: Title


slide 2: Twofold STIR extensibility model


slide 3: Testing extensibility


slide 4: The "cna" extension


slide 5: Elaborating on "cna"

Brian Rosen - in your example, you didn't sign the display name in the 
SIP headers, you created a new CNAM thing.

Jon - the draft does, the slides don't.

Brian - all I care about is taking a base type and adding a subtype to it.

Jon - I think it does. If the new claim is not in the SIP message, you 
MUST include canon. Resource-Priority will not require canon.


slide 6: Should we test MIME as well?


slide 7: Sanity checking


ACTIONs: None


Russ - have a good evening.

EOM