Re: [stir] Comments on draft-peterson-stir-cnam-02
"Peterson, Jon" <jon.peterson@team.neustar> Fri, 16 June 2017 17:48 UTC
Return-Path: <prvs=1340bc1f46=jon.peterson@team.neustar>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1CB912945F for <stir@ietfa.amsl.com>; Fri, 16 Jun 2017 10:48:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=team.neustar
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DbF2CUYPMiAz for <stir@ietfa.amsl.com>; Fri, 16 Jun 2017 10:48:21 -0700 (PDT)
Received: from mx0b-0018ba01.pphosted.com (mx0a-0018ba01.pphosted.com [67.231.149.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD81612957F for <stir@ietf.org>; Fri, 16 Jun 2017 10:48:21 -0700 (PDT)
Received: from pps.filterd (m0078666.ppops.net [127.0.0.1]) by mx0a-0018ba01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id v5GHhbLD025028; Fri, 16 Jun 2017 13:48:21 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=team.neustar; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=selector1; bh=klTLYpkBJrEipmKcp5aq6VKWzDioRuuO1OpVC8ANBTU=; b=FdoEhoNZnHUGZ1is9D1cL6F2DkJehu3FRYwDUGaNBGYEBF5VBrNowJDpOj1zkqyPfxsE /9QWPM0gtRm5YcyGGFnuzKDweswoiY4rp9L4iynFqMVby+zvpMIVSGsQxUAU5hPg7F83 US4hh+z1lekxSo6TrLDRtlha5di/c3/tJr/9an/thmMQzQiOXB5oQJXESGJB5BqfAsET R2v/ignnEQWLAhbEtQhfEwMJwCIHUguLt3YjgPUQmi+hnrMLhJIjOtb0phGi6Bq3T01n s5cm6kjmY2RV88l0F4r+FdntL2c6YmKOkCH04YMbcC5C/oRiPOvStjGnMsuF2DUO0Tp5 3A==
Received: from stntexhc12.cis.neustar.com ([156.154.17.216]) by mx0a-0018ba01.pphosted.com with ESMTP id 2b0cvrrdqd-1 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 16 Jun 2017 13:48:21 -0400
Received: from stntexmb12.cis.neustar.com ([169.254.2.239]) by stntexhc12.cis.neustar.com ([::1]) with mapi id 14.03.0279.002; Fri, 16 Jun 2017 13:48:20 -0400
From: "Peterson, Jon" <jon.peterson@team.neustar>
To: Robert Sparks <rjsparks@nostrum.com>, "stir@ietf.org" <stir@ietf.org>
Thread-Topic: [stir] Comments on draft-peterson-stir-cnam-02
Thread-Index: AQHS5rH3kcg3875bkkK5D4JNXn8pkKInxBIA
Date: Fri, 16 Jun 2017 17:48:19 +0000
Message-ID: <D5698E48.1DA4A6%jon.peterson@neustar.biz>
References: <5a3e272e-e4ac-47ec-d1cb-349670c91250@nostrum.com>
In-Reply-To: <5a3e272e-e4ac-47ec-d1cb-349670c91250@nostrum.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.3.160329
x-originating-ip: [10.96.12.223]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <F92F47030D12B44F90F094ACEFB40721@neustar.biz>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-06-16_10:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1706160294
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/6ahAVNI6M8onRwDw1gnxYZKnMwQ>
Subject: Re: [stir] Comments on draft-peterson-stir-cnam-02
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jun 2017 17:48:24 -0000
Thanks for nits and notes, definitely we should keep straight what we mean by third parties here. >In the context of the discussion at "Relying parties in STIR have always >been left to make thier own authorization decisions": It's not yet clear >to me from the text that we require _both_ an attestation of "orig" from >a proper authority and an attestation of "cnam", especially when the >authorities are different. What text do we have that keeps a pasted >cnam passport with some non-matching "orig" from being treated as valid? What we're trying to do by having "orig" and "cnam" under a signature from the same authority is to bind the "cna" to the call from a particular number (or whatever originating identifier) that someone is trying to set up. I mean, for the third party case we could effectively use a different claim to represent the telephone number, one that doesn't have the semantics of "this is the originator of a telephone call" - like say the JWT claim for phone_number already in the IANA registry. But the design goal here is to mirror the syntax of the first party case here, and also to make it clear that the third-party "cna" is data about a -call-, not just a number. Maybe if we made that distinction clearer in the text, it would help explain the design rationale. >It would be good to specify _where_ in the IANA registries to put the >CNA types registry. (We put the extension name registry too high in the >hierarchy perhaps.) Roger. Jon Peterson Neustar, Inc.
- [stir] Comments on draft-peterson-stir-cnam-02 Robert Sparks
- Re: [stir] Comments on draft-peterson-stir-cnam-02 Peterson, Jon