IETF Logo Mail Archive

Re: [stir] "iat" value to use during PASSPorT construction

Chris Wendt <chris-ietf@chriswendt.net> Mon, 14 May 2018 14:31 UTC

Return-Path: <chris-ietf@chriswendt.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B3CF12D885 for <stir@ietfa.amsl.com>; Mon, 14 May 2018 07:31:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=chriswendt-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IM1PJMUP8mxw for <stir@ietfa.amsl.com>; Mon, 14 May 2018 07:30:58 -0700 (PDT)
Received: from mail-qt0-x232.google.com (mail-qt0-x232.google.com [IPv6:2607:f8b0:400d:c0d::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0355A12D87D for <stir@ietf.org>; Mon, 14 May 2018 07:30:57 -0700 (PDT)
Received: by mail-qt0-x232.google.com with SMTP id g13-v6so16341459qth.8 for <stir@ietf.org>; Mon, 14 May 2018 07:30:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chriswendt-net.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=+soCmJhsGHAbpqCuKB9r+hCV5cqVtZXrfyrokyipjg0=; b=dA/mConMEHb48HkSWKsivyZymOtHxpnTG4a2YcgVUxwEci68+eb7OgeigldlBzeJqi VPyEu/gL8QEG0ujj8xU9KMlZozBveF+m3nLd65tR5oxvRHi+e4Ardp30FYoACE+mvHiS yWhDTgsnQcw3GDsRFeoYARGgdtS0kndz1TD7yO1b0I1jopS6/B/9FGz9F+uXU8XzzC/o J38knfIcuP0NNo5i07LZYLZkQg4SeoP1KwuGe/HocmtyZReeFhFCu4mSA/+M7lh6BDFG iINQ5+qztdiqxdirofzAUbDs8onXP//NLOErtgxFGsh6yvjiG9ZuS+61XmP77XGYEhdQ NIew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=+soCmJhsGHAbpqCuKB9r+hCV5cqVtZXrfyrokyipjg0=; b=qoF6GMSacdpskD8L1deMPm0wqoHhJHAXa/gIpf3E8/lzQQmy4Xg+mGKg91ub+i63zm laRMBJTX6lzCbEndc2TG/TDdxaN2XdRKX8dXi1tbeMMUSpCfgKZqdfrJLmIn4bl1BGqO JF830SILt77eCX5O183Ytj35dGDU5LapGfwHkfOSP0x66vj4Z5d6IvS+F2MPbBJ2rhNV n6oIe12YJjZDUSeWKYxI/1rYNXOoD/2EyZQ7Ujf67mrPTZKlgO2oa31QaHrhgAmYiEs/ 4mhCXbUU26VRPvIyxC3P6326SM/nXDP4D6IsmZ4poZN+t2nL9+MbHSE8z6k3GfWNt6EY eYdQ==
X-Gm-Message-State: ALKqPwdr0VMSnrGVzExjFU9T0fmp29GbDje3Vx1bytc+qUdDxrRUPyMI Eox0ay/VtdGyCrXmV3ozibW2vVRjTNY=
X-Google-Smtp-Source: AB8JxZqA39WIFVoPNK+gr3IyfIzQvWYQQPRd5H7zLrlzFZL8fQdDcgIgi6BC79B8meGNcaozFUBR8Q==
X-Received: by 2002:ac8:38bd:: with SMTP id f58-v6mr9202142qtc.424.1526308257142; Mon, 14 May 2018 07:30:57 -0700 (PDT)
Received: from ?IPv6:2601:a40::1f2:2d14:8db2:ac8d:9f20? ([2601:a40:0:1f2:2d14:8db2:ac8d:9f20]) by smtp.gmail.com with ESMTPSA id l5-v6sm7117979qtp.25.2018.05.14.07.30.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 14 May 2018 07:30:54 -0700 (PDT)
From: Chris Wendt <chris-ietf@chriswendt.net>
Message-Id: <05192EB8-97F5-4AF5-B415-1A9ECB6514B9@chriswendt.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_0D4CA3CB-8D4F-437A-99CD-13C4ECC3E8FF"
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
Date: Mon, 14 May 2018 10:30:52 -0400
In-Reply-To: <CY4PR03MB3160EE4F4502CCF974B070CFA59C0@CY4PR03MB3160.namprd03.prod.outlook.com>
Cc: "stir@ietf.org" <stir@ietf.org>
To: "Asveren, Tolga" <tasveren@rbbn.com>
References: <CY4PR03MB3160EE4F4502CCF974B070CFA59C0@CY4PR03MB3160.namprd03.prod.outlook.com>
X-Mailer: Apple Mail (2.3445.6.18)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/5p9PfIg6H20Txb6ybcRC2QH4UEI>
Subject: Re: [stir] "iat" value to use during PASSPorT construction
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 May 2018 14:31:00 -0000

Hi Tolga,

I think the 60sec recommendation is a default, however, i think once we get more operational experience to see what the delta offsets of time typically are, we will have a better sense of what value to use and whether to move to a smaller time window or not.  This should in general be considered local policy what you believe is an acceptable time window. You may also want to implement secondary TDOS/replay attack types of protection to help here as well and not solely depend on “iat” freshness within that short time window.

In regards to the other part of your question, 8224 is saying to use the PASSporT “iat” to correspond to the DATE value of the SIP.  The assumption is that the PASSporT is being created at/close to the initiation of the INVITE.  I think whether you interpret that as taking the DATE and setting it exactly to the “iat” or if you are generating a PASSporT “iat” as a specifically 8225 compliant function in isolation, either will generally work if you are using full form of passport.  From what i’m personally aware of, most implementations are following the former vs the latter.

-Chris


> On May 14, 2018, at 5:17 AM, Asveren, Tolga <tasveren@rbbn.com> wrote:
> 
> RFC 8224 has the following in Section “4.1 PASSPorT Construction”:
>  
>       Third, the JSON key "iat" MUST appear.  The authentication service
>       SHOULD set the value of "iat" to an encoding of the value of the
>       SIP Date header field as a JSON NumericDate (as UNIX time, per
>       [RFC7519], Section 2), though an authentication service MAY set
>       the value of "iat" to its own current clock time.  If the
>       authentication service uses its own clock time, then the use of
>       the full form of PASSporT is REQUIRED.  In either case, the
>       authentication service MUST NOT generate a PASSporT for a SIP
>       request if the Date header is outside of its local policy for
>       freshness (sixty seconds is RECOMMENDED).
>  
> RFC 8225 has the following in Section “5.1.1 “iat” (Issued At) Claim”:
>  
>    The JSON claim MUST include the "iat" (Issued At) claim ([RFC7519],
>    Section 4.1.6).  As defined, the "iat" claim should be set to the
>    date and time of issuance of the JWT and MUST indicate the date and
>    time of the origination of the personal communications.  The time
>    value should be of the NumericDate format as defined in [RFC7519],
>    Section 2.  This is included for securing the token against replay
>    and cut-and-paste attacks, as explained further in Section 10
>    ("Security Considerations").
>  
> i- I see some conflict in RFC8225 text. It is mentioned that “iat” should be set based on issuance of JWT (which would be when PASSPorT is constructed). OTOH, it is also stated that it MUST indicate the date and time of the origination of the personal communication. The former seems to be  the right approach as what we would like to protect against cut-and-paste attacks is the PASSPorT in the context of a particular communication session. Coupling of PASSPorT with the communication session is provided through “orig”/”dest”. “iat” should be set to the time of generation of PASSPorT IMHO. RFC8244 text seems to be O.K. if one accepts this interpretation as it has the notion of “local policy for freshness”. The recommended value is on the very high end (anything more than a few seconds is too much in practice IMHO) but it is at least not mandating use of 60s.
>  
> ii- Aren’t there legitimate cases where a communication session continues for some period of time and then due to change in its nature requires addition of PASSPorT, e.g. first there is an announcement/interaction with an automated system (which may last several minutes) and then the called-party is contacted during which PASSPorT is added (because, for example, organizational boundaries are crossed and there is a need to validate calling-party identity). For such cases there could be a legitimate and major discrepancy between Date and “current time”. This is another argument in favor of considering “iat” as corresponding to PASSPorT generation rather than start of communication session IMHO. There could eb many other scenarios where similar discrepancy legitimately happens especially if one considers non-base claim types, e.g.. “div”.
>  
> So, the bottom line is I would like to get people’s opinion about whether “iat” should pertain to the start of communication session or to the creation of PASSPorT.
>  
>  
> Thanks,
> Tolga
>  
>  
> _______________________________________________
> stir mailing list
> stir@ietf.org <mailto:stir@ietf.org>
> https://www.ietf.org/mailman/listinfo/stir <https://www.ietf.org/mailman/listinfo/stir>

v2.23.0 | Report a Bug | By Email