IETF Logo Mail Archive

Re: [stir] Roman Danyliw's Discuss on draft-ietf-stir-passport-divert-08: (with DISCUSS and COMMENT)

Roman Danyliw <rdd@cert.org> Thu, 23 July 2020 21:21 UTC

Return-Path: <rdd@cert.org>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F8C73A0DF2; Thu, 23 Jul 2020 14:21:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R9xv4SOjJr7x; Thu, 23 Jul 2020 14:21:41 -0700 (PDT)
Received: from taper.sei.cmu.edu (taper.sei.cmu.edu [147.72.252.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 718973A0DEF; Thu, 23 Jul 2020 14:21:41 -0700 (PDT)
Received: from delp.sei.cmu.edu (delp.sei.cmu.edu [10.64.21.31]) by taper.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 06NLLdp8002817; Thu, 23 Jul 2020 17:21:40 -0400
DKIM-Filter: OpenDKIM Filter v2.11.0 taper.sei.cmu.edu 06NLLdp8002817
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1595539300; bh=XQQjLlprno/BXFHYCKNsZVxkRjlO2el/jdgiuwqiXnA=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=h7Ij0qxyEKkcgyTjiqEkGcqvocLwK97W7T9Fyf5/MJa+k5nhIWttV1GMeXhqjLK0z fJCqQtNgTXlAYzFzx63OZDB0wiC3pQMI2Wlt2X3Na2UQEqDqLsDkxUkZE+PFEvpBee up0LnUHNlWSPV7sDq0WmePo+JNdZAfYgdQ3Crb2o=
Received: from CASCADE.ad.sei.cmu.edu (cascade.ad.sei.cmu.edu [10.64.28.248]) by delp.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 06NLLaxk023047; Thu, 23 Jul 2020 17:21:36 -0400
Received: from MORRIS.ad.sei.cmu.edu (147.72.252.46) by CASCADE.ad.sei.cmu.edu (10.64.28.248) with Microsoft SMTP Server (TLS) id 14.3.487.0; Thu, 23 Jul 2020 17:21:36 -0400
Received: from MORRIS.ad.sei.cmu.edu (147.72.252.46) by MORRIS.ad.sei.cmu.edu (147.72.252.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1979.3; Thu, 23 Jul 2020 17:21:35 -0400
Received: from MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb]) by MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb%13]) with mapi id 15.01.1979.003; Thu, 23 Jul 2020 17:21:35 -0400
From: Roman Danyliw <rdd@cert.org>
To: "Peterson, Jon" <jon.peterson@team.neustar>, The IESG <iesg@ietf.org>
CC: "draft-ietf-stir-passport-divert@ietf.org" <draft-ietf-stir-passport-divert@ietf.org>, "stir-chairs@ietf.org" <stir-chairs@ietf.org>, "stir@ietf.org" <stir@ietf.org>, Russ Housley <housley@vigilsec.com>
Thread-Topic: Roman Danyliw's Discuss on draft-ietf-stir-passport-divert-08: (with DISCUSS and COMMENT)
Thread-Index: AQHWDRO22bvVjHncxEG2etgqsSydqakGcGkAgA/jmLA=
Date: Thu, 23 Jul 2020 21:21:34 +0000
Message-ID: <86c8afb58f3f436daeb1dc94e8686c88@cert.org>
References: <158628812675.31223.5976532284560812662@ietfa.amsl.com> <905688A3-7259-4AE3-8AF5-22102A1FF1B6@team.neustar>
In-Reply-To: <905688A3-7259-4AE3-8AF5-22102A1FF1B6@team.neustar>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.202.156]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/4b3s5pdIVXoS4x45twb19rQ4Ze0>
Subject: Re: [stir] Roman Danyliw's Discuss on draft-ietf-stir-passport-divert-08: (with DISCUSS and COMMENT)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2020 21:21:44 -0000

Hi Jon!

Thanks for the explanations below and the updated text in -09.  It addresses my concerns and I will clear my ballot.

Regards,
Roman

> -----Original Message-----
> From: Peterson, Jon <jon.peterson@team.neustar>
> Sent: Monday, July 13, 2020 10:42 AM
> To: Roman Danyliw <rdd@cert.org>rg>; The IESG <iesg@ietf.org>
> Cc: draft-ietf-stir-passport-divert@ietf.org; stir-chairs@ietf.org; stir@ietf.org;
> Russ Housley <housley@vigilsec.com>
> Subject: Re: Roman Danyliw's Discuss on draft-ietf-stir-passport-divert-08:
> (with DISCUSS and COMMENT)
> 
> 
> Hi Roman,
> 
> Thanks for the notes on this; sorry for taking a while to get around to them.
> 
>     Roman Danyliw has entered the following ballot position for
>     draft-ietf-stir-passport-divert-08: Discuss
> 
>     ----------------------------------------------------------------------
>     DISCUSS:
>     ----------------------------------------------------------------------
> 
>     Section 5.  The text notes that procedures for the authentication and
>     verification service for the “div-o” claim will be “left to future work”.  Can
>     the rational for this deferral be explained.  Creating an interoperable
>     solution without this guidance seem challenging as it would be crucial
> guidance
>     on processing this newly introduced claim.
> 
> This -08 text mostly resulted from a process matter. To get into the document
> history a bit, when we moved stir-oob off the Standards Track to an
> Informational in the late stages of its development, we still wanted "div" to be
> future-proof when/if standards-track work based on the OOB framework rolled
> around (like for example the new OOB servprovider draft in STIR). Our solution
> was to uplevel: to specify "div-o" as something not specifically coupled to OOB,
> but instead as a general mechanism that could be used by OOB or other
> protocols that might prefer to use nested "div-o" style PASSporTs. That isn't an
> entirely cynical move, as we anticipate that protocols other than SIP will use
> the PASSporT mechanism, and might want to use the nested approach of "div-
> o".
> 
> I think within those constraints, I can thread the needle with some useful text
> about the non-SIP AS/VS behavior associated with the creation of "div-o"
> PASSporTs in a way that makes no explicit reference to OOB as such, but would
> apply equally if say XMPP or RTCWeb or some similar mechanism wanted to
> make use of PASSporT and nested "div". I've added some text to this effect,
> which I hope is sufficient - let me know if it isn't.
> 
>     ----------------------------------------------------------------------
>     COMMENT:
>     ----------------------------------------------------------------------
> 
>     Please respond to Phillip Hallam-Baker SECDIR review (thanks Phillip!)
> 
> Done.
> 
>     ** Section 4.1.  Per “Provided that these PASSporTs share the same "orig"
> and
>     "dest" values, the retargeting entity's authentication service SHOULD
> generate
>     only one "div" PASSporT”, why not  MUST here?  What’s the corner case?
> 
> One corner case I can imagine is where diverts from special-use PASSporTs need
> to be signed with a certificate issued by a one-off trust anchor. Say, due to the
> government policy constraints of the "rph" header or something similar, you
> need to sign a "div" for its PASSporT with a different credential than you would
> use to sign a "div" for ordinary carrier calls. Not a common case, but, I don't
> want to close the door on it.
> 
>     ** Section 4.2.  Per “However, note that in some use cases, including  certain
>     ways that blind transfer is implemented, it is possible that an established
>     call will be retargeted long after it has originally been placed, and
>     verification services may want to allow a longer window for the freshness of
>     the innermost PASSporT if the call is transferred from a trusted party.”, are
>     there any recommendations or bounds that can be placed on the duration of
> this
>     “longer window of freshness”?
> 
> Unfortunately, not ones that are immensely useful - maybe like 3 hours?
> Attended transfer services can be triggered any time into a call - if you've ever
> gone through escalation with a bank company customer service line, you've
> probably experienced multiple such transfers during a single call which begins
> with you being on hold for 45 minutes, and you can easily spend ten minutes
> talking to one agent before you end up on the line with another. I think the
> "trusted party" portion here is the significant bit - that relying parties should
> only accept these kinds of stale PASSporTs within a closed circle of trust. Still,
> calls don't last for like a week, so there must be some upper bound here. I can
> put in 3 hours as a soft recommendation, I guess, if it helps...
> 
>     ** Editorial Nit:
> 
>     -- Section 3. Typo. s/identifiier/identifier/
> 
> Fixed. Thanks!
> 
> Jon Peterson
> Neustar, Inc.
> 
> 
> 
>

v2.8.7 | Report a Bug | By Email