Re: [stir] Genart last call review of draft-ietf-stir-passport-rcd-22
worley@ariadne.com Fri, 11 November 2022 04:08 UTC
Return-Path: <worley@alum.mit.edu>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53B92C1524C9 for <stir@ietfa.amsl.com>; Thu, 10 Nov 2022 20:08:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.992
X-Spam-Level:
X-Spam-Status: No, score=-0.992 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_SOFTFAIL=0.665, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcastmailservice.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j7IzVZtIvuXE for <stir@ietfa.amsl.com>; Thu, 10 Nov 2022 20:08:49 -0800 (PST)
Received: from resdmta-c1p-023852.sys.comcast.net (resdmta-c1p-023852.sys.comcast.net [96.102.19.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4EE7C1524B1 for <stir@ietf.org>; Thu, 10 Nov 2022 20:08:49 -0800 (PST)
Received: from resomta-c1p-023413.sys.comcast.net ([96.102.18.230]) by resdmta-c1p-023852.sys.comcast.net with ESMTP id tLIRoYjID7zdstLJXoTjTY; Fri, 11 Nov 2022 04:06:47 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcastmailservice.net; s=20211018a; t=1668139607; bh=EsRp7A51vLV/jqrvhewzr2Ss87DAlbcEBh7VGtAkz7s=; h=Received:Received:Received:Received:From:To:Subject:Date: Message-ID:Xfinity-Spam-Result; b=FZETrMfKcjF8RP/Mr+VcH4JSptTJ7/Z0q4HWef+SNpJa6uSnRqNAun8LpxsidFUl4 7jGTvWe9f6mo+crdtNvbHCz5Ah/dZDP0ACK0M6egV2zzIuFK0WB3/vm9ZmeTY4FA29 NakUOHtZrN1gFg68Zuv1AUbsHD5kHOdRSW+8lUYp0idtP3m1hL/Dkj8JP7YaIupKD/ if3XhVR7pPaW9q7yCGFp27sWpDQF7pQM0WIdf00bZT5qul/m9NpXI5SLSxBza0r1r1 snTkiTYCR2CJBqOrowN9GI0WijGchee0yx2OdUTDbprJv4pTt/ZGUMM8PqQ5KWQKjo BBMNH/b6c3q6w==
Received: from hobgoblin.ariadne.com ([IPv6:2601:192:4a00:430::39a6]) by resomta-c1p-023413.sys.comcast.net with ESMTPA id tLJ7opKlq5CtptLJBo5n24; Fri, 11 Nov 2022 04:06:26 +0000
X-Xfinity-VMeta: sc=0.00;st=legit
Received: from hobgoblin.ariadne.com (localhost [127.0.0.1]) by hobgoblin.ariadne.com (8.16.1/8.16.1) with ESMTPS id 2AB46LNL1831350 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Thu, 10 Nov 2022 23:06:21 -0500
Received: (from worley@localhost) by hobgoblin.ariadne.com (8.16.1/8.16.1/Submit) id 2AB46Lde1831347; Thu, 10 Nov 2022 23:06:21 -0500
X-Authentication-Warning: hobgoblin.ariadne.com: worley set sender to worley@alum.mit.edu using -f
From: worley@ariadne.com
To: Chris Wendt <chris-ietf@chriswendt.net>
Cc: worley@ariadne.com, gen-art@ietf.org, draft-ietf-stir-passport-rcd.all@ietf.org, last-call@ietf.org, stir@ietf.org
In-Reply-To: <9B944626-ED72-4FC3-B892-99F96ED09C57@chriswendt.net> (chris-ietf@chriswendt.net)
Sender: worley@ariadne.com
Date: Thu, 10 Nov 2022 23:06:21 -0500
Message-ID: <87leoi16f6.fsf@hobgoblin.ariadne.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/4cK3MK01T2JAXdINmRvHARcfJFo>
Subject: Re: [stir] Genart last call review of draft-ietf-stir-passport-rcd-22
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Nov 2022 04:08:54 -0000
Chris Wendt <chris-ietf@chriswendt.net> writes: > Thank you very much for the very comprehensive review, comments inline: Omitting most of the items, as I have nothing to add. Prioritizing the technical issue: >> Section 6 tells that the "rcdi" datum is used to record hashes of the >> components and subcomponents of the "rcd" datum. Some questions arise >> when a referenced datum is a string which has the format of a URI. >> Section 6 requires that if the datum is a URI, then the hash is taken >> of the resource retrieved using the URI, but if the datum is a string, >> then the hash is taken of the Json representation of the string. [omitting part] >> Section 6 seems to assume that the hashing algorithm knows whether >> such a datum is a URI or not, but Json does not mark URIs specially. >> Is the hashing algorithm required to know a priori which keys have >> values that are URIs? Does this cause problems with extensibility of >> the Passport? > > As far as I can see, at least for jcard specifically which is > currently the only use-case defined that this is relevant, the use of > URI is always prescriptively defined, so the a priori knowledge > follows the specifications. I don't believe the extensibility defined > is inteded to be as flexible as you are interpreting it where strings > vs URIs are interchangeable for different jcard fields. My concern is if jcard is extended in the future. As the specification now reads, if I am correct, for every field of the jcard that might be referenced by an rcdi item, the verifier has to have knowledge of whether the field is to be treated as a string or a URI. If we can be assured that jcard won't be extended, that's not an issue, but in my experience, things are always extended and protocols should be designed to be robust against extensions that an endpoint is not aware of. In the case of Passport, it seems the only thing the verifier has to know about any field is one bit, whether it needs to be dereferenced before the hash is taken. And it seems that the syntax could be modified slightly so that the "rcdi" items signal that explicitly. >> And given that the "jcd" datum is a Jcard, any extension elements of a >> Jcard must be similarly understood by the hashing algorithm. Looking >> at the example "Rendezvous for Little Nellie" in section 9.3, I see >> that /jcd/1/3/2 is the string "uri", which I suspect is what flags >> that /jcd/1/3/3 should be interpreted as a URI. To what degree are >> behaviors like this embedded in Jcard, and therefore must be >> understood by the hashing algorithm? > > I'm having trouble finding an example with 1/3/2, but in general one > URI reference should not influence how another JSON pointer hash > should be interpreted. By definition each JSON pointer in "rcdi" > should have a hash build on only URI references. I was referring to part of one of the "rendezvous for Little Nellie" examples: { "crn": "Rendezvous for Little Nellie", "orig": { "tn": "12025551000"}, "dest": { "tn": ["12155551001"]}, "iat": 1443208345, "rcd": { "jcd": ["vcard", [ ["version",{},"text","4.0"], ["fn",{},"text","Q Branch"], ["org",{},"text","MI6;Q Branch Spy Gadgets"], ["photo",{},"uri","https://example.com/photos/q-256x256.png"], ["logo",{},"uri","https://example.com/logos/mi6-256x256.jpg"], ["logo",{},"uri","https://example.com/logos/mi6-64x64.jpg"] ] ], "nam": "Q Branch Spy Gadgets" }, "rcdi": { "/jcd/1/3/3": "sha256-RojgWwU6xUtI4q82+kHPyHm1JKbm7+663bMvzymhkl4", "/jcd/1/4/3": "sha256-jL4f47fF82LuwcrOrSyckA4SWrlElfARHkW6kYo1JdI", "/jcd/1/5/3": "sha256-GKNxxqlLRarbyBNh7hc/4lbZAdK6B0kMRf1AMRWPkSo" } } The rcdi item "/jcd/1/3/3" refers to the datum "https://example.com/photos/q-256x256.png" in the "photo" contentline. Tracing back to the jcard definition (RFC 7095 section 3.5.2), the 3rd item on that line, "uri", specifies that the 4th item on that line is a URI. That is, the 4th item on that line *need not be a URI*, that the verifier can only tell that "/jcd/1/3/3" should be processed as a URI, that is, dereferenced before hashing, by looking at "/jcd/1/3/2". This is a coupling between the verifier and the details of the jcard data structure that it seems should be avoid ed. Taking these together, it seems to me that a lot of trouble will be avoided by marking rcdi items explicitly whether dereferencing should be done. >> From my point of view, it would be helpful to provide an example >> showing all the moving parts, e.g. how a SIP INVITE message is >> assembled using this mechanism [...] > [...] I think the second part of your > comment is really covered fully by RFC8224 specific to SIP call flow > and how PASSporTs are inserted into identity header fields, etc., so > we didn't want to repeat all of that in this document. [...] I probably overstated what I'm looking for. Clearly, if one reads RFCs 8224, 8225, and 8226, then the reader will have the framework for understanding this document. But it seems to me that providing a clear example of a SIP INVITE that contains this mechanism, with an enumeration of its features (and which RFCs define them) would allow a reader to digest the essentials of this mechanism without first having to read RFCs 8224, 8225, and 8226. Indeed, I've discovered that even when I already know the prerequisites for an RFC, a clearly presented example makes it a lot easier to absorb the details as I read them. It seems to me that an example and a brief description of its points should only take 1/2 to 1 page and would be very valuable for non-expert readers. >> - Use only one term for each concept. A particularly confusing >> example are these, which seem to me to be intended to have the same >> meaning, but are all different, and only one has a non-trivial word >> to describe the relationship between "ppt" and "rcd": >> >> a "ppt" value of "rcd" >> a "ppt" for "rcd" >> a "ppt" of "rcd" >> "ppt" does contain an "rcd" >> >> A "Terminology" section helps ensure that there is a set term for >> each concept. > > Yes, agree i was using that shortcut a lot, i cleaned up avoiding > using "ppt" as the equivalent of "PASSporT extension" I don't expect you to make further changes for this, but I do want to clarify my point: I didn't find e.g. 'a "ppt" value of "rcd"' to be unclear. Indeed, as a naive reader, that would be clearer than referring to "Passport extension" as it is referring to a concrete thing in the protocol. What I was complaining about was that the same condition was described with several different sets of words in different places. That requires the reader to digest well the meaning of each passage before realizing that they all mean the same thing. Much better is to use exactly the same words to describe the condition in every situation so that the reader knows that they all mean the same thing, even if the reader hasn't fully grasped what the meaning *is*. Indeed, the reader can often learn a considerable amount about an item by cross-correlating several mentions it. >> Datatracker says it expired on 2022-09-08: >> >> [I-D.ietf-sipcore-callinfo-rcd] >> Wendt, C. and J. Peterson, "SIP Call-Info Parameters for >> Rich Call Data", Work in Progress, Internet-Draft, draft- >> ietf-sipcore-callinfo-rcd-04, 7 March 2022, >> <https://www.ietf.org/archive/id/draft-ietf-sipcore- >> callinfo-rcd-04.txt>. > > Yes, we were trying to update and work on both documents in parallel, > but it became clear that until this document settled it wasn't > useful/efficient to keep modifying both. I will be updating the > sipcore document very shortly to correspond with the state of > passport-rcd document, so we can finish the work on that document in > sipcore. You don't have to *change* the document to refresh its validity date, just update the version number and update exactly the same text. If you're detail-oriented add a sentence at the beginning stating it is identical to the previous version. Refreshing the document records that it is still being actively considered. Dale
- [stir] Genart last call review of draft-ietf-stir… Dale Worley via Datatracker
- Re: [stir] Genart last call review of draft-ietf-… Chris Wendt
- Re: [stir] Genart last call review of draft-ietf-… worley