IETF Logo Mail Archive

Re: [stir] I-D Action: draft-ietf-stir-passport-shaken-02.txt

Chris Wendt <chris-ietf@chriswendt.net> Fri, 14 September 2018 12:31 UTC

Return-Path: <chris-ietf@chriswendt.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE71F130E36 for <stir@ietfa.amsl.com>; Fri, 14 Sep 2018 05:31:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=chriswendt-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iJN38ZmDHzEq for <stir@ietfa.amsl.com>; Fri, 14 Sep 2018 05:31:12 -0700 (PDT)
Received: from mail-qk1-x742.google.com (mail-qk1-x742.google.com [IPv6:2607:f8b0:4864:20::742]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08D02130E37 for <stir@ietf.org>; Fri, 14 Sep 2018 05:31:12 -0700 (PDT)
Received: by mail-qk1-x742.google.com with SMTP id g13-v6so5021133qki.9 for <stir@ietf.org>; Fri, 14 Sep 2018 05:31:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chriswendt-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=fE3P2IEnCRJ7HYn/RJSdYudXYIkp7vzUhBTL7BV8TOw=; b=q9GbP4X0Y+/m/SX3/IdTAonPxrKjJqjceXjFOXSnEUfqszsJRIAo9ht6bWxphhQnc2 xta4GRcC2dQFpRyWWdi12u2sTs6ebTEYvi5ARCJgTaadGzTPRUb/kRvJZoIuIjTBRKeu SYVdi+kZCn9Ghhfpz/S/zuzYHuW6LPJMkKgMSZTPRrQOJIyi5BCf4KsfW1SI7dK8lsfh 8cx0kPBm54aHv6+LNfyUC2IzzK7Xeh9okQKP6826qZHSay9iXGbQSdyWv8s626UTvY3l kz+Fc8y3CozyyZFfv/cOFOUUjJ3dwRv/7jingp2EqWWnFyMg5SgqI0/wn5ohH2cpn+fy EYLA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=fE3P2IEnCRJ7HYn/RJSdYudXYIkp7vzUhBTL7BV8TOw=; b=L4ezng+VwyL5gEsHglyyDx2WgnagyUXNP0rlinZd3UEIlS8D5uop8KEEIuZkrvc+vp dW68OrZsZkHFZ3C5iieKBgEJYA9lqI1NDB2Hc/UxIhjswa2rNVMb/VXC/Lah+vWqK4F1 PD41PxZO22up/wZXJMwmG8ADscj9VxQwaLin6S+cGsH4eK48jRZ9QzWr5nMOkfhxwXm7 Cz/l8+xGXFtY+nVz9GFtJZURYf3Yzu/fvNoMVIQHU7nXyEV9YVGbxajqfnlYtD0t9b7R sNJ0rXqoURML6RQnFAg9WpiWfCqEE2QUkS5JP/wLFSQ3FIn5cSRn82uk5RCxa8hzksBe /kjA==
X-Gm-Message-State: APzg51AdqC3nr6FCxPkr/kDFdHZalH/WWOuGzVJjpqLA4+H+YGC80ciS TFPL4E0tjVSPGEa1GTw5b5g4aeG2VOw=
X-Google-Smtp-Source: ANB0VdajZiC4+/1ve0XG9aLDkkyHvWQ0BMUcTD8e8+Rq33uFVMbRDMzIf75QWvw/W0l8coLH3fbakw==
X-Received: by 2002:a37:aa91:: with SMTP id t139-v6mr8536276qke.217.1536928271020; Fri, 14 Sep 2018 05:31:11 -0700 (PDT)
Received: from ?IPv6:2601:a40::21c:f93d:abed:cea0:819c? ([2601:a40:0:21c:f93d:abed:cea0:819c]) by smtp.gmail.com with ESMTPSA id o15-v6sm4785159qtj.46.2018.09.14.05.31.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 14 Sep 2018 05:31:10 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\))
From: Chris Wendt <chris-ietf@chriswendt.net>
In-Reply-To: <E91D3297-FCD7-442B-BEB5-A78357473DFD@vigilsec.com>
Date: Fri, 14 Sep 2018 08:31:09 -0400
Cc: IETF STIR Mail List <stir@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <1B91A5B6-E016-434F-BEEA-7E5E2A023B56@chriswendt.net>
References: <152147952053.31056.3563220954085220104@ietfa.amsl.com> <B9ED4B68-7DFF-4802-A7EA-4B48CE25772C@chriswendt.net> <E91D3297-FCD7-442B-BEB5-A78357473DFD@vigilsec.com>
To: Russ Housley <housley@vigilsec.com>
X-Mailer: Apple Mail (2.3445.100.39)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/39RfkaFBOf63uxLy_jLKJUS0eus>
Subject: Re: [stir] I-D Action: draft-ietf-stir-passport-shaken-02.txt
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Sep 2018 12:31:15 -0000

Thanks Russ, I agree with your edits and will include in a forthcoming update.

I’d also like to update the group on the status of compact form for SHAKEN.

After a little more consideration, while it would be nice to have an approach that can save some bits on the wire, one of the original agreed mandates of SHAKEN was to exclusively use full form of passport.  The reason for this was concern of middle boxes that might change DATE header, for whatever reason right or wrong although mostly the latter, but we could not guarantee this wouldn’t happen.  We felt this was important to make sure we are doing our best to avoid failing the verification of the calling identity inadvertently and potentially causing a blocked call or perception of a spam call or whatever the treatment of failed verification might be.

Therefore, I plan, rather than define compact form, to include text in the new update that states that compact form is not defined for SHAKEN passport extension.
I have discussed this with Jon directly as well.

Please let me know if you have any comments regarding this, otherwise i will provide an updated document shortly.

Thanks

-Chris


> On Aug 22, 2018, at 12:02 PM, Russ Housley <housley@vigilsec.com> wrote:
> 
> Section 8, Order of Claim Keys, now says:
> 
>   The order of the claim keys MUST follow the rules of [RFC8225]
>   Section 9 and be in lexixgraphic order.  Therefore, the claim keys
>   MUST appear in the PASSporT Payload in the following order,
> 
>   o  attest
> 
>   o  dest
> 
>   o  iat
> 
>   o  orig
> 
>   o  origid
> 
> I assume that other extensions will be specified in the future,  so I am wondering if it would be better to say:
> 
> 8.  Order of Claim Keys
> 
>   The order of the claim keys MUST follow the rules of [RFC8225]
>   Section 9; the claim keys MUST appear in lexicographic order.
>   Therefore, the claim keys discussed in this document appear in
>   the PASSporT Payload in the following order:
> 
>   o  attest
> 
>   o  dest
> 
>   o  iat
> 
>   o  orig
> 
>   o  origid
> 
> Russ
> 
> 
>> On Mar 19, 2018, at 1:20 PM, Chris Wendt <chris-ietf@chriswendt.net> wrote:
>> 
>> Hi All,
>> 
>> I have updated the draft with some fixes based on comments from Christer, both editorial and related to ordering comments.
>> 
>> Summary of changes:
>> 
>> - addressing Christer’s comments around order of claims adding a brief new section
>> - clarified the definition of “customer” in the PASSporT ‘attest’ claim section 4
>> - clarified that it is calling party telephone number that is being attested to in same section
>> - removed last sentence in section 7, it’s repetitive and not needed.
>> 
>> I figured i would include these changes and update document for efficiency, but will review these in meeting on Thursday in either case.
>> 
>> -Chris
>> 
>> 
>> 
>>> On Mar 19, 2018, at 5:12 PM, internet-drafts@ietf.org wrote:
>>> 
>>> 
>>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>>> This draft is a work item of the Secure Telephone Identity Revisited WG of the IETF.
>>> 
>>>      Title           : PASSporT SHAKEN Extension (SHAKEN)
>>>      Authors         : Chris Wendt
>>>                        Mary Barnes
>>> 	Filename        : draft-ietf-stir-passport-shaken-02.txt
>>> 	Pages           : 7
>>> 	Date            : 2018-03-19
>>> 
>>> Abstract:
>>> This document extends PASSporT, which is a token object that conveys
>>> cryptographically-signed information about the participants involved
>>> in communications, to include information defined as part of the
>>> SHAKEN specification from ATIS (Alliance for Telecommunications
>>> Industry Solutions) and the SIP Forum IP-NNI Joint Task Force.  These
>>> extensions provide a level of confidence in the correctness of the
>>> originating identity for a telephone network that has communications
>>> coming from both STIR participating originating communications as
>>> well as communications that does not include STIR information.
>>> 
>>> 
>>> The IETF datatracker status page for this draft is:
>>> https://datatracker.ietf.org/doc/draft-ietf-stir-passport-shaken/
>>> 
>>> There are also htmlized versions available at:
>>> https://tools.ietf.org/html/draft-ietf-stir-passport-shaken-02
>>> https://datatracker.ietf.org/doc/html/draft-ietf-stir-passport-shaken-02
>>> 
>>> A diff from the previous version is available at:
>>> https://www.ietf.org/rfcdiff?url2=draft-ietf-stir-passport-shaken-02
>>> 
>>> 
>>> Please note that it may take a couple of minutes from the time of submission
>>> until the htmlized version and diff are available at tools.ietf.org.
>>> 
>>> Internet-Drafts are also available by anonymous FTP at:
>>> ftp://ftp.ietf.org/internet-drafts/
>>> 
>>> _______________________________________________
>>> stir mailing list
>>> stir@ietf.org
>>> https://www.ietf.org/mailman/listinfo/stir
>> 
>> _______________________________________________
>> stir mailing list
>> stir@ietf.org
>> https://www.ietf.org/mailman/listinfo/stir
>

v2.23.0 | Report a Bug | By Email