Re: [stir] WGLC: draft-ietf-stir-passport-rcd-09
Jack Rickard <Jack.Rickard@metaswitch.com> Tue, 15 December 2020 15:32 UTC
Return-Path: <Jack.Rickard@metaswitch.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5302B3A11E9 for <stir@ietfa.amsl.com>; Tue, 15 Dec 2020 07:32:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=metaswitch.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z9-y0sqA6wrn for <stir@ietfa.amsl.com>; Tue, 15 Dec 2020 07:32:04 -0800 (PST)
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2116.outbound.protection.outlook.com [40.107.237.116]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A16E73A11DA for <stir@ietf.org>; Tue, 15 Dec 2020 07:32:04 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jAj/1CAafxoALv8WTyfLbKWm/FVnP4o8v95pznTFA5gyksI7g5j1E+f6rn5dEP7F/JIxxDlA+ZpjEFU2aoVk+yLtaozWslMCR0pNJoCjk2bIpZuuIoOCtV/0ZlSPnK9xtCXf+mXoWj0BAbKhJo1vOEzjrcjt9LqP25NF3jEdWkCf4C53NOe5VcKvqftQeml7vHFdQ+ow6HaF6Ut998ygXFL3pl5JDvK283suqS0nx3ON2WGEQOepphhD57e9nkp1f9AOcVyjitKot4jobQLCgvlZDilh6RzSmNJiUpM6Q+dQhB/+fi50rFZ67pqOcB44pZ208jPIv/EHU4QOYLXhaw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uuqpdd4kXfSQlB2qMrUR2TZErABDh519inTM5afB+YA=; b=KXpuoJcnwulbPUU/95/CAHDzg2rDUtWXC/nURxLGc5GEYw2PEhagmQQxVcucCOOpSyWKl1Xl8CO4kWZ27uY1aPLRQpXZ3+YLSoWcwzXTO/B2BHybhFMwb/5pHnxFuNX5GDekz7DBIAAprsOyPAXL/y6D+sEtyek/e4ujLIwsrv8d/z8SdqW/C8mmnHxoBDszPkheN9/C8iJx5MVWP3lnvR1V2tpItW32xt0cu7cQJHnuIX/J3kApPmKYd+nbRbWRLYvAivh1TkAn4jipQ5ssVg3x6rtqbos8ZWNd8r9edgBbw8QvcD6txpS54oZSy4N2IiMAVKuSUOs/oEeFP7u74g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=metaswitch.com; dmarc=pass action=none header.from=metaswitch.com; dkim=pass header.d=metaswitch.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=metaswitch.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uuqpdd4kXfSQlB2qMrUR2TZErABDh519inTM5afB+YA=; b=OhWX9x5O63ctIVmQOSFiqsSpqWdl4uVGBGqE5updH59USU3pbhgsh7CcjleEeW+Tfdtor0Fc3AwwK42BCm3wD812ALJ/IMrIwYGpz1j3tDz42UJB6fM2Igb7GdihrsotL8LgsEGjaKLqyvQdDeH5jPZE9VipsYPcCYB191puR8c=
Received: from BYAPR02MB5189.namprd02.prod.outlook.com (2603:10b6:a03:62::29) by BY5PR02MB6611.namprd02.prod.outlook.com (2603:10b6:a03:205::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Tue, 15 Dec 2020 15:32:01 +0000
Received: from BYAPR02MB5189.namprd02.prod.outlook.com ([fe80::5024:252e:5379:9b69]) by BYAPR02MB5189.namprd02.prod.outlook.com ([fe80::5024:252e:5379:9b69%7]) with mapi id 15.20.3654.024; Tue, 15 Dec 2020 15:32:00 +0000
From: Jack Rickard <Jack.Rickard@metaswitch.com>
To: Robert Sparks <rjsparks@nostrum.com>, "stir@ietf.org" <stir@ietf.org>
Thread-Topic: [stir] WGLC: draft-ietf-stir-passport-rcd-09
Thread-Index: AQHWzal4sl0rkqFiUkmCbI9EqdgN8qn4D1gg
Date: Tue, 15 Dec 2020 15:32:00 +0000
Message-ID: <BYAPR02MB51894A12EACDCE143C491983F3C60@BYAPR02MB5189.namprd02.prod.outlook.com>
References: <5393b70d-bfc7-c8ac-eb8d-30c8087a1e89@nostrum.com>
In-Reply-To: <5393b70d-bfc7-c8ac-eb8d-30c8087a1e89@nostrum.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: nostrum.com; dkim=none (message not signed) header.d=none; nostrum.com; dmarc=none action=none header.from=metaswitch.com;
x-originating-ip: [84.92.33.46]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: cf339fb9-4529-4f78-b965-08d8a10e9109
x-ms-traffictypediagnostic: BY5PR02MB6611:
x-microsoft-antispam-prvs: <BY5PR02MB6611463CEE88AFBB8BE58598F3C60@BY5PR02MB6611.namprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6790;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: qAbBYq5ZT2ANRnn99JzCKc/wBr+2+HF8YERIPaXeyhUBrQgQYT00RwZkXLomDBqLBUaZwQ85B8+JsOGzvDdM6juIIFOgEvUcz9Zw0Gdom1vl/EMretEs8JSVSV5ZIVwogpxzATUqwmVr2J9RWG49uX/CF678aIAJH11fzAfL7eADzyiMwKhLQmKNOL5Wzo7+8ClSr0bGMCxC9kAg4X99UGz4ZwD9mIMyr3ggAoSJkJv9GwpipsOrauxOIA+VN49QjFzepcow+4g7VOu/Wjd08kkbuHc3Skj955wZqcKSBinGuQGCGzWHa3OMW00/nrsHUgiMmM37Wlwue0ujc1ZdkmwGtn7QB4A5ibwRCAaepSmnkX21KCBMT+8g8SPpo9zCDH/Ovv0gqwe4acTfVLYkSA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR02MB5189.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(136003)(376002)(346002)(66476007)(64756008)(7696005)(2906002)(55016002)(66446008)(66946007)(52536014)(45080400002)(8676002)(33656002)(8936002)(508600001)(110136005)(9686003)(66556008)(86362001)(6506007)(26005)(5660300002)(53546011)(83380400001)(186003)(71200400001)(966005)(76116006); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: mXs5P5k/12mANlDw7ro+AfJH4sYwHB8r9neG19z8s9nvr+UeW+TnVKFrX0nraYA4wP8vJJJgiOCHFLo/JHXeFQZrKcGhg81NwZodVrn7zIbE3S/QQ1OqEbcGVOTOUIreTR5LQH2dp2frdtH6i8arIW1Ko1oxWgV3sntkg3sV7z0LC+r/4MoLxjuFH2CFVMZKpSs0LTcCeJIhUN0N7Hnb8ibD7E3BPOmXop3K2Yg37NPHprZOZG086Z1up+Xc28VeHzwlIwJjP5XopKRw5x+JL15VNIDuh7vCAeT2VAMlQJwNyh6o6yY81RmRK2IvLXlySlXnxNRXRMgQLVxwygQhugO9LgdBzr0UlBbSaNFtcn28gO0y1iNqK2tag0GQY5+2qlslQeLgz/kEve4lXwzjIocWSKlTHKldyiI3J/FngjYGUnyV/8m7lAyepQmFt/4+GutymALdKgWKcD93Z1kGj5nC8BrTn9jy0CW8+kS5RuOJmPrdFctNbwkIOBwJmyfxi6Iu5HUanaTfLZNGh9+fnQgMrV9YzD0IFaBaE0ot+tCpMdhoIpfbiS1iHgx0PxSJml/dJnophaTdMNFgndFWsJmvZMK6M4XK3HC2nb4kYG4in+fRzP9Bzb+kwRF2x6rsmaImaQgBYhoNPWjkAMO4C4gXHpT+7OI1g8Pj8lzR73DOV49VXChlz1mZ4PF8H671sIa+QN3Bp+2UXBs6aKFqgbjd5th06G/kdWtMP45TLwhw12ivigYWsDmTat1eLOrWnd5eOKjuM8FYOEATmgnurYbQYPv/JoNaqNtH+9UoNFINni+w9Aup/qb7t+hPjt6ia5aKsNeiHSbIYSGQ825YcRKGTBDarsMTQnhWujQeqzXdx8pcoYhFrZ19tamhFr2XoyrxGMeqQB4dtIVnCE4gcF2l6qTY+kGqv1yBOc1FNQGfyxhTTBt1fYNq/G8/UsWWLLH1mM8It6PYyprMiKtpWFgmiigvPUhqrzkjA9cIR04=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: metaswitch.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR02MB5189.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cf339fb9-4529-4f78-b965-08d8a10e9109
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Dec 2020 15:32:00.6493 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9d9e56eb-f613-4ddb-b27b-bfcdf14b2cdb
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Om+/MK7jgQzKKzzGoL8JGU6JIMwij5+Tm0Q6z7qxDG3rsAmWNFAM2vDaJ7rmWSiDtQhm1lCF1qiyMS+LejtLrA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR02MB6611
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/85TnSpJWm9wHXVshpbQZMT0bgkM>
Subject: Re: [stir] WGLC: draft-ietf-stir-passport-rcd-09
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Dec 2020 15:32:06 -0000
Comments: Section 9.1: Is the "iss" claim meaning specified anywhere else? This part reads like it is referencing some existing behaviour but I am unable to find anything defining it. I ask because this doesn't feel like it should be specific to this standard and would be useful for, for example, RPH where the cert identifies the source of the prioritisation. Section 9.1: "the value of "iss" however MUST reflect the Subject Name field" is unclear, the "MUST" is very strong but the "reflect" very vague, should it equal it? If so in what format? I'm also not sure why this is useful, you will already have the subject name of the certificate, as you have to have the certificate to verify the signature. Section 10: How should the passport indicate the relationship of the generator of the PASSporT to the caller? In the first party case I think you've left this entirely unspecified, and in the third party case that is not how "iss" was defined in the previous section, and it isn't clear how you would go from a third party organisation name to their relationship with the caller. Section 5.1.5: The example isn't a valid base64 string (due to the # and *), as JWT's use the URL safe variant of base64 encoding with no padding, it would be useful to clarify here which flavour of base64 encoding is being used. Nits: Section 6: I believe "The value of "rcd" is an array of JSON objects" is wrong here, it's a JSON object containing the "name" field, etc. Section 8: The phrase "potential values of the "rcd" array" is also wrong, this isn't an array, something like "potential fields in the "rcd" claim" would be clearer. Section 11.1: the example identity here isn't valid, I think it should have ".." preceeding the PASSport and no trailing "=". Thanks, Jack -----Original Message----- From: stir <stir-bounces@ietf.org> On Behalf Of Robert Sparks Sent: 08 December 2020 21:31 To: stir@ietf.org Subject: [stir] WGLC: draft-ietf-stir-passport-rcd-09 NOTE: Message is from an external sender This is a WGLC for draft-ietf-stir-passport-rcd-09. Please send reviews to the list by the end of day 22 Dec 2020. If you plan to provide a review but need more time, please let us know early. See <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-stir-passport-rcd%2F&data=04%7C01%7Cjack.rickard%40metaswitch.com%7C19f85464b15848e0637d08d89bc098dd%7C9d9e56ebf6134ddbb27bbfcdf14b2cdb%7C1%7C0%7C637430598808552589%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=8Zz%2B%2BN10JP6zy4jaozXYqMqRwOdE%2BD1Om7A8Xr7SPMc%3D&reserved=0> RjS _______________________________________________ stir mailing list stir@ietf.org https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fstir&data=04%7C01%7Cjack.rickard%40metaswitch.com%7C19f85464b15848e0637d08d89bc098dd%7C9d9e56ebf6134ddbb27bbfcdf14b2cdb%7C1%7C0%7C637430598808552589%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=UmjwL7Iy4LKkqdwlMD%2Fwlmbyl5ZvhqIM7ysOkO9Gnlc%3D&reserved=0
- [stir] WGLC: draft-ietf-stir-passport-rcd-09 Robert Sparks
- Re: [stir] WGLC: draft-ietf-stir-passport-rcd-09 Russ Housley
- Re: [stir] WGLC: draft-ietf-stir-passport-rcd-09 Jack Rickard
- Re: [stir] WGLC: draft-ietf-stir-passport-rcd-09 Ben Campbell
- Re: [stir] WGLC: draft-ietf-stir-passport-rcd-09 Russ Housley
- Re: [stir] WGLC: draft-ietf-stir-passport-rcd-09 Chris Wendt
- Re: [stir] WGLC: draft-ietf-stir-passport-rcd-09 Robert Sparks
- Re: [stir] WGLC: draft-ietf-stir-passport-rcd-09 Chris Wendt
- [stir] Second WGLC: draft-ietf-stir-passport-rcd-… Russ Housley
- Re: [stir] Second WGLC: draft-ietf-stir-passport-… Russ Housley
- Re: [stir] Second WGLC: draft-ietf-stir-passport-… Chris Wendt
- Re: [stir] Second WGLC: draft-ietf-stir-passport-… Russ Housley
- Re: [stir] Second WGLC: draft-ietf-stir-passport-… Chris Wendt
- Re: [stir] Second WGLC: draft-ietf-stir-passport-… Russ Housley
- Re: [stir] Second WGLC: draft-ietf-stir-passport-… Chris Wendt
- Re: [stir] WGLC: draft-ietf-stir-passport-rcd-09 Russ Housley
- Re: [stir] WGLC: draft-ietf-stir-passport-rcd-09 Ben Campbell
- Re: [stir] WGLC: draft-ietf-stir-passport-rcd-09 Ben Campbell
- Re: [stir] WGLC: draft-ietf-stir-passport-rcd-09 Russ Housley
- Re: [stir] WGLC: draft-ietf-stir-passport-rcd-09 Russ Housley
- Re: [stir] WGLC: draft-ietf-stir-passport-rcd-09 Russ Housley
- Re: [stir] WGLC: draft-ietf-stir-passport-rcd-09 Russ Housley
- Re: [stir] WGLC: draft-ietf-stir-passport-rcd-09 Russ Housley
- Re: [stir] WGLC: draft-ietf-stir-passport-rcd-09 Jack Rickard
- Re: [stir] WGLC: draft-ietf-stir-passport-rcd-09 Chris Wendt
- Re: [stir] WGLC: draft-ietf-stir-passport-rcd-09 Christer Holmberg
- Re: [stir] WGLC: draft-ietf-stir-passport-rcd-09 Chris Wendt
- Re: [stir] WGLC: draft-ietf-stir-passport-rcd-09 Chris Wendt
- [stir] WGLC: draft-ietf-stir-identity-header-erro… Russ Housley
- Re: [stir] WGLC: draft-ietf-stir-identity-header-… Paul Kyzivat
- Re: [stir] WGLC: draft-ietf-stir-identity-header-… Paul Kyzivat
- Re: [stir] WGLC: draft-ietf-stir-identity-header-… Paul Kyzivat
- Re: [stir] WGLC: draft-ietf-stir-passport-rcd-09 Chris Wendt
- Re: [stir] WGLC: draft-ietf-stir-passport-rcd-09 Ben Campbell
- Re: [stir] WGLC: draft-ietf-stir-identity-header-… Chris Wendt
- Re: [stir] WGLC: draft-ietf-stir-identity-header-… Paul Kyzivat