Re: [stir] Roman Danyliw's Discuss on draft-ietf-stir-passport-rcd-23: (with DISCUSS and COMMENT)
Ben Campbell <ben@nostrum.com> Thu, 02 March 2023 22:02 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5F80C151AFB; Thu, 2 Mar 2023 14:02:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.276
X-Spam-Level:
X-Spam-Status: No, score=-1.276 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, KHOP_HELO_FCRDNS=0.399, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 220gorS7TPLP; Thu, 2 Mar 2023 14:02:47 -0800 (PST)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65D08C1516E3; Thu, 2 Mar 2023 14:02:23 -0800 (PST)
Received: from smtpclient.apple (mta-70-120-133-87.satx.rr.com [70.120.133.87] (may be forged)) (authenticated bits=0) by nostrum.com (8.17.1/8.17.1) with ESMTPSA id 322M29aU021313 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 2 Mar 2023 16:02:10 -0600 (CST) (envelope-from ben@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1677794534; bh=hNA/1JNNs04Ez2ty40la4V7xzwSOdZlMiPjXEtUk7Ko=; h=From:Subject:Date:In-Reply-To:Cc:To:References; b=M62gsvQV1HY/qf63/3DOFtTIPb4qJF7ZeB2Id7xK9z776unwbHD+d4mkFG0brt9Zt yobo4q8HLdkX/RRPOY3pnORCAPesiMtICulGGCex2WQDeUJOLRHnpniw7NjYsejD+V x50xaWGAv4F6ArHKbcxujRu5y6nyLVG1q+2FNC0U=
X-Authentication-Warning: raven.nostrum.com: Host mta-70-120-133-87.satx.rr.com [70.120.133.87] (may be forged) claimed to be smtpclient.apple
From: Ben Campbell <ben@nostrum.com>
Message-Id: <9C71358E-DB39-40FC-BA18-734175B6BEA3@nostrum.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_47D33257-257E-4028-8302-759F6355AE9D"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.400.51.1.1\))
Date: Thu, 02 Mar 2023 16:01:54 -0600
In-Reply-To: <B1A2B8C8-C478-4D67-86D1-5326E0206316@chriswendt.net>
Cc: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>, draft-ietf-stir-passport-rcd@ietf.org, STIR Chairs <stir-chairs@ietf.org>, IETF STIR Mail List <stir@ietf.org>, Russ Housley <housley@vigilsec.com>
To: Chris Wendt <chris-ietf@chriswendt.net>
References: <166977514888.24379.6431023985333578193@ietfa.amsl.com> <B1A2B8C8-C478-4D67-86D1-5326E0206316@chriswendt.net>
X-Mailer: Apple Mail (2.3731.400.51.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/3Tj0O36EPH6vt_vpSaQykUEzGic>
Subject: Re: [stir] Roman Danyliw's Discuss on draft-ietf-stir-passport-rcd-23: (with DISCUSS and COMMENT)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Mar 2023 22:02:50 -0000
(No hats) I have a context related comment on one item: Thanks! Ben. > On Mar 1, 2023, at 12:02 PM, Chris Wendt <chris-ietf@chriswendt.net> wrote: […] > >> >> ** 5.*. Inconsistent requirements for URIs >> >> -- icn: appears to be any URI per Section 5.1.3. This would make gopher://, >> ftp://, https:// all equally valid. These have different security >> characteristics. >> >> -- jcd: per Section 5.1.4 “is intended to directly match the Call-Info header >> field value defined in [I-D.ietf-sipcore-callinfo-rcd].” Section 4 of that >> document says it “MUST define the use HTTPS or a transport that can validate >> the integrity of the source of the resource as well as the transport channel >> through which the resource is retrieved”. >> >> -- jcl: is an HTTPS URL (per Section 5.1.5) >> >> Why are these different? Support different levels of transport security? > > You are correct, i fixed “icn” to specifically be an HTTPS URL vs generic URI. jcd is not a URI, it’s a directly included JSON jcard object in the “rcd" claim. > IIRC, a previous version did specify HTTPS URLs for “icn”, but we discussed the possibility that an icon could be imbedded in a body part of the SIP request and be referenced with a “cid” URL. I suppose that if that is true for “icn”, it is probably also true for “jcl”. That being said, I am not aware of anyone actually doing that (yet) will not object if we think it is better to limit it to HTTPS. (Or as a compromise, say it MUST be either HTTPS or CID?) > […]
- [stir] Roman Danyliw's Discuss on draft-ietf-stir… Roman Danyliw via Datatracker
- Re: [stir] Roman Danyliw's Discuss on draft-ietf-… Chris Wendt
- Re: [stir] Roman Danyliw's Discuss on draft-ietf-… Ben Campbell
- Re: [stir] Roman Danyliw's Discuss on draft-ietf-… Chris Wendt
- Re: [stir] Roman Danyliw's Discuss on draft-ietf-… pierce
- Re: [stir] Roman Danyliw's Discuss on draft-ietf-… Alec Fenichel
- Re: [stir] Roman Danyliw's Discuss on draft-ietf-… Ben Campbell
- Re: [stir] Roman Danyliw's Discuss on draft-ietf-… Ben Campbell
- Re: [stir] Roman Danyliw's Discuss on draft-ietf-… DOLLY, MARTIN C