Re: [stir] Next Draft of the Charter -- 6-Aug-2013
"Richard Shockey" <richard@shockey.us> Tue, 06 August 2013 21:19 UTC
Return-Path: <richard@shockey.us>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19F2B21F9EC9 for <stir@ietfa.amsl.com>; Tue, 6 Aug 2013 14:19:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.916
X-Spam-Level:
X-Spam-Status: No, score=-101.916 tagged_above=-999 required=5 tests=[AWL=0.683, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3qSwEsMecwBi for <stir@ietfa.amsl.com>; Tue, 6 Aug 2013 14:19:14 -0700 (PDT)
Received: from oproxy12-pub.mail.unifiedlayer.com (oproxy12-pub.mail.unifiedlayer.com [50.87.16.10]) by ietfa.amsl.com (Postfix) with SMTP id 3700A21F9980 for <stir@ietf.org>; Tue, 6 Aug 2013 14:19:14 -0700 (PDT)
Received: (qmail 3189 invoked by uid 0); 6 Aug 2013 21:18:52 -0000
Received: from unknown (HELO box462.bluehost.com) (74.220.219.62) by oproxy12.mail.unifiedlayer.com with SMTP; 6 Aug 2013 21:18:52 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=shockey.us; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:Subject:In-Reply-To:References:Cc:To:From; bh=IgoRVJSVgDJB1OzW/3DE9OoCRedhg9ybT1Sr0zFeXLQ=; b=n0qqf2ocDod49zr7kV9547kx32StgzmkegA1ll5hx7YfwMYHhLgxd82leuD4Lvf2QUrPPl31DXzFwJZR8eonCaTyOUyK7ygiTzQ9vD6vQyUmCBnvIW7Eu+SFMpUXIjxI;
Received: from [71.114.100.16] (port=54955 helo=RSHOCKEYPC) by box462.bluehost.com with esmtpa (Exim 4.80) (envelope-from <richard@shockey.us>) id 1V6oea-0002N1-6R; Tue, 06 Aug 2013 15:18:52 -0600
From: Richard Shockey <richard@shockey.us>
To: dcrocker@bbiw.net, 'Russ Housley' <housley@vigilsec.com>
References: <4E3AFB6B-692D-46A7-A374-74F14E2AE1C5@vigilsec.com> <520159BD.1070305@dcrocker.net>
In-Reply-To: <520159BD.1070305@dcrocker.net>
Date: Tue, 06 Aug 2013 17:18:49 -0400
Message-ID: <017f01ce92ea$8c3773d0$a4a65b70$@shockey.us>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Content-Language: en-us
Thread-Index: AQNCuy+Qvci1ZBFw4jHhzJPK25st2AIQEox6lo/d6PA=
X-Identified-User: {3286:box462.bluehost.com:shockeyu:shockey.us} {sentby:smtp auth 71.114.100.16 authed with richard@shockey.us}
Cc: 'IETF STIR Mail List' <stir@ietf.org>
Subject: Re: [stir] Next Draft of the Charter -- 6-Aug-2013
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stir>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Aug 2013 21:19:19 -0000
Dave nit picking .. the language is fine with me. Increased confidence is IMHO a goal. We know we do not possess silver bullets. -----Original Message----- From: stir-bounces@ietf.org [mailto:stir-bounces@ietf.org] On Behalf Of Dave Crocker Sent: Tuesday, August 06, 2013 4:17 PM To: Russ Housley Cc: IETF STIR Mail List Subject: Re: [stir] Next Draft of the Charter -- 6-Aug-2013 On 8/6/2013 12:46 PM, Russ Housley wrote: > > The STIR working group will specify mechanisms that greatly increase > confidence in the source telephone number for an incoming call. Replace this first sentence. In its current form: 1) It is purely marketing language, with a tone approaching hype; 2) it guarantees a human outcome that we cannot guarantee; 3) there's actually some evidence that it won't affect confidence at all; 4) it's vague. Let's keep this an engineering exercise, rather than a human attitudes/opinions exercise. So: The STIR working group will specify mechanisms to validate the presented source telephone number for an incoming SIP call. > Since it > has become fairly easy to present an incorrect source telephone number, a > growing set of problems have emerged over the last decade. As with > email, the claimed source identity of a SIP request is not verified, > permitting unauthorized use of the source identity as part of deceptive > and coercive activities, such as robocalling (bulk unsolicited commercial > communications), vishing (voicemail hacking, and impersonating banks) and > swatting (impersonating callers to emergency services to stimulate > unwarranted large scale law enforcement deployments). In addition, use > of an incorrect source telephone number facilitates wire fraud or lead to > a return call at premium rates. This working group will define > mechanisms that verify the authorization of the calling party to use a > particular telephone number. > > SIP is one of the main VoIP technologies used by parties that want to > present an incorrect origin, in this context an origin telephone number. > Several previous efforts have tried to secure the origins of SIP > communications, including RFC 3325, RFC 4474, and the VIPR working group. > To date, however, true validation of the source of SIP calls has not seen > any appreciable deployment. Several factors contributed to this lack of > success, including: failure of the problem to be seen as critical at the > time; lack of any technical means of producing a proof of authority over > telephone numbers; misalignment of the mechanisms proposed by RFC 4474 > with the complex deployment environment that has emerged for SIP; lack of > end-to-end SIP session establishment; and inherent operational problems > with a transitive trust model. To make deployment of this solution more > likely, consideration must be given to latency, real-time performance, > computational overhead, and administrative overhead for the legitimate > call source and all verifiers. > > As its priority mechanism work item, the working group will specify a SIP "Priority mechanism work item"? That's rather strange phrasing. Is there something wrong with simpler, more-direct language: The first work item will specify a SIP header-based... > header-based mechanism to verify the originator of a SIP session is > authorized to use the claimed source telephone number, where the session > is established with SIP end to end. This is called an in-band mechanism. > The mechanism will use a canonical telephone number representation > specified by the working group, including any mappings that might be > needed between the SIP header fields and the canonical telephone number > representation. The working group will consider choices for protecting > identity information and credentials used, but will likely be based on a > digital signature mechanism that covers a set of information in the SIP > header fields, and verification will employ a credential that contains > the public key and is associated with the one or more telephone numbers. > In order to be authoritative, credentials used with this mechanism will > be derived from existing telephone number assignment and delegation > models. That is, when a telephone number or range of telephone numbers > is delegated to an entity, relevant credentials will be generated (or > modified) to reflect such delegation. The mechanism must allow a > telephone number holder to further delegate and revoke use of a telephone > number without compromising the global delegation scheme. > > The mechanism must allow parties who are not delegated a telephone > number, but are authorized by the entity who is delegated the number, to > place calls using the identity. This sentence appears to be wholly redundant with the sentence before it, at the end of the preceding paragraph. > In addition to its priority mechanism work item, the working group will > consider session establishment where there are one or more non-SIP hops, > most likely using an out-of-band mechanism. However, the in-band and the This sounds remarkably as if there has been a basic change from doing in-band first, to doing in-band and out-of-band together, albeit giving "priority" (whatever that means) to in-band. Please revert to the previous clear, simple, and more-typical sequencing. > out-of-band mechanisms should share as much in common as possible, > especially the credentials. The in-band mechanism must be sent to the > IESG for approval and publication prior to the out-of-band mechanism. Which, of course, continues to imply a finesse of how the work is actually done. For example: The in-band-mechanism must be sent to the IESG for approval, before work will begin on the out-of-band mechanism. The project management difference in this wording is fundamental. If there is a group insistence on doing in-band and out-of-band simultaneously -- which is really what this new language implies -- please make the consensus for this explicit. > Expansion of the authorization mechanism to identities using the > user@domain form deferred since the main focus of the working group is to > develop a solution for telephone numbers. > > The working group will coordinate with the Security Area on credential > management. > > The working group will coordinate with other working groups in the RAI > Area regarding signaling through existing deployments. > > Authentication and authorization of identity is closely linked to > privacy, and these security features frequently come at the cost of > privacy. Anonymous calls are already defined in SIP standards, and this > working group will not propose changes to these standards. Of course, an > anonymous call will not have a verifiable identity. This working group, > to the extent feasible, will specify privacy-friendly mechanisms that do > not reveal any more information to third parties than a call that does > not make use of these mechanisms. > > Input to working group discussions shall include: > > - Private Extensions to the Session Initiation Protocol (SIP) > for Asserted Identity within Trusted Networks > [RFC 3325] > > - Enhancements for Authenticated Identity Management in the > Session Initiation Protocol (SIP) > [RFC 4474] > > - Secure Call Origin Identification > [draft-cooper-iab-secure-origin-00] > > - Secure Origin Identification: Problem Statement, Requirements, > and Roadmap > [draft-peterson-secure-origin-ps-00] > > - Authenticated Identity Management in the Session Initiation > Protocol (SIP) > [draft-jennings-dispatch-rfc4474bis-00] > > The working group will deliver the following: > > - A problem statement detailing the deployment environment and > situation that motivate work on secure telephone identity > > - A threat model for the secure telephone identity mechanisms > > - A privacy analysis of the secure telephone identity mechanisms > > - A mechanism document describing the SIP end-to-end with telephone > number-based identities > > - A document describing the credentials required to support > telephone number identity authentication > > - A fallback mechanism to allow out-of-band identity establishment > during call setup > > Milestones > > Sep 2013 Submit problem statement for Informational > Nov 2013 Submit threat model for Informational > Nov 2013 Submit in-band mechanism for Proposed Standard > Feb 2014 Submit credential specification for Proposed Standard > Apr 2014 Submit Privacy analysis for Informational > Jun 2014 Submit out-of-band mechanism for Proposed Standard > > _______________________________________________ > stir mailing list > stir@ietf.org > https://www.ietf.org/mailman/listinfo/stir > -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ stir mailing list stir@ietf.org https://www.ietf.org/mailman/listinfo/stir
- [stir] Next Draft of the Charter -- 6-Aug-2013 Russ Housley
- Re: [stir] Next Draft of the Charter -- 6-Aug-2013 Dave Crocker
- Re: [stir] Next Draft of the Charter -- 6-Aug-2013 Russ Housley
- Re: [stir] Next Draft of the Charter -- 6-Aug-2013 Richard Shockey
- Re: [stir] Next Draft of the Charter -- 6-Aug-2013 Brian Rosen
- Re: [stir] Next Draft of the Charter -- 6-Aug-2013 Eric Burger