IETF Logo Mail Archive

Re: [stir] I-D Action: draft-ietf-stir-enhance-rfc8226-00.txt

"Asveren, Tolga" <tasveren@rbbn.com> Mon, 22 February 2021 00:14 UTC

Return-Path: <tasveren@rbbn.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26D803A1387 for <stir@ietfa.amsl.com>; Sun, 21 Feb 2021 16:14:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.602
X-Spam-Level:
X-Spam-Status: No, score=-1.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, PDS_BTC_ID=0.499, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rbbn.com header.b=cAPEqxeg; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=sonusnetworks.onmicrosoft.com header.b=L/VsWUVa
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ddhobr04IQm6 for <stir@ietfa.amsl.com>; Sun, 21 Feb 2021 16:14:24 -0800 (PST)
Received: from mail1.bemta26.messagelabs.com (mail1.bemta26.messagelabs.com [85.158.142.116]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 024E73A1374 for <stir@ietf.org>; Sun, 21 Feb 2021 16:14:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rbbn.com; s=rbbnselector03122020; t=1613952861; i=@rbbn.com; bh=PhwN6prpm3crdhzc2V2PGK6KXvfhDP2BD9Wsb9S8kEk=; h=From:To:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=cAPEqxeghBRRe/hz3Rlxoqt5Y91S2tkqTRCrxYSbkR/80wXY7pOAbeZCWt3vdyNUO WDsw9WeGDIZgwjGodsC3YoXxTN/x9Kb6D4zH6EV9at4bhAhSr6NcRORF0MaaUFpguU mfi7Vt1ANQs1fv6EgRjGHSECCv03DHiiAXreqXPPZJuTPSadk+t+HW+l4ufskO9L3d VjqihXqN9tvJDiWHSgHmtRkM1r+L/yBr7816isi9aMtUy7Hkqydkp1zO43CRUGPk+6 U8Vvr6kC37jXngqQHkYPhAgNvFEcokHnx8FLBQPypmTe5lqIiqfeYuWtxkvBjZ0T5j uWexOwe2HMF4w==
Received: from [100.113.6.236] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-5.bemta.az-b.eu-central-1.aws.symcld.net id 50/AC-33844-D57F2306; Mon, 22 Feb 2021 00:14:21 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrHJsWRWlGSWpSXmKPExsWSoe+Wrhv73Sj BYNFqBYvla7cxOTB6LFnykymAMYo1My8pvyKBNePcwXPsBTsFK752iDYw3ufrYuTiYBRYyiyx eM8LFgjnGIvE3Hl7oJxVjBKd8/8wgjgsAruZJe69m8PexcjJISQwn0mif48MSEJI4D6jxNpF7 5lBEmwCWhLvXm4Es0UElCW2rLsD1iAs4CbR33OKBSLuLjGv4REjhG0kcaN1AlicRUBV4tDqDW C9vAKxEkf/LmGCWOYk8fb6erA5nALOEj37ZoLZjAJiEt9PrQGrYRYQl7j1ZD6YLSEgILFkz3l mCFtU4uXjf6wQ77QxSixa9oYFIiEvsXLjRXYIW1bi0vxuRgjbV+Lvu8tQtpbEic9boWpyJBrW d7FC2GoSVz8dhZojJ7Gq9yGULSPx4MZ2NpBlEgITWCXmNoBCAsR5zywx8U0vK4TTxyFx6vZSc BAzCJxilVixdRnrBEa9WUj+gLB1JBbs/sQGYWtLLFv4mnkWOGwEJU7OfMKygJFlFaNlUlFmek ZJbmJmjq6hgYGuoaGxrqmukYmhXmKVbpJeaqlucmpeSVEiUFYvsbxYr7gyNzknRS8vtWQTIzD RpBSyftzBeOj1B71DjJIcTEqivJdfGyUI8SXlp1RmJBZnxBeV5qQWH2KU4eBQkuC98hUoJ1iU mp5akZaZA0x6MGkJDh4lEd6pIGne4oLE3OLMdIjUKUZjjgkv5y5i5liycckiZiGWvPy8VClx3 kaQUgGQ0ozSPLhBsGR8iVFWSpiXkYGBQYinILUoN7MEVf4VozgHo5Iwb+43oCk8mXklcPteAZ 3CBHSKUgbYKSWJCCmpBqaEeZr/lSVl9fb4C7dMl9op45NyqKZKoEKwSIHzWYblAwvHk7v2nnz 2PET6/JVb8w4WcL3+O/cEn/H3Jw6mQqbz5s7c3PXqnQeTllqWGFOTns9N8Rl8JWvWPY1TX/By a1t9pjsH83zr8sls8TYmF25npD/6IB2Yzzex4+vh2NuKqqd4nqyVE5xmOk26bl77gnuOX/5LM aQlGSY+cby/OLFpnaHy16kuf5tuxfefCZyol/iwsnCJwkPZtJJ9ep6R0ncPKERe/L5YcLlx+N Et7yfvU7Wua3o5l1/V82J53r3oL9Y/Yzl62GOyDu96zn1+Y4H/+803X3ey9fk+Vq4PO3vHkom 93u+RhO0te9F3k5RYijMSDbWYi4oTAaLvUDpBBAAA
X-Env-Sender: tasveren@rbbn.com
X-Msg-Ref: server-34.tower-238.messagelabs.com!1613952860!492968!1
X-Originating-IP: [104.47.70.103]
X-SYMC-ESS-Client-Auth: mailfrom-relay-check=pass
X-StarScan-Received:
X-StarScan-Version: 9.60.3; banners=rbbn.com,-,-
X-VirusChecked: Checked
Received: (qmail 29389 invoked from network); 22 Feb 2021 00:14:21 -0000
Received: from mail-bn7nam10lp2103.outbound.protection.outlook.com (HELO NAM10-BN7-obe.outbound.protection.outlook.com) (104.47.70.103) by server-34.tower-238.messagelabs.com with ECDHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 22 Feb 2021 00:14:21 -0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WsQ+25uqcgGjxTvAlo352n4EcYAfhPne+rdvFcYUloKYiADhN63bnZ5Gtl8orhgb/qv7L0WP8mJra+4y6jT/inZe9tsx/TuBpoPveNx70M1mN3BXMkHRqvKoPVxrq86fSEfk6qT0XjPvvZ1POyIEJuzf5tU1YqZcFo/qp8KIwLWMcgPHvWAYcePTtaZN0tvPl40LiBUb5XSW7EFRv5P0jD/hLZcGGKHtx4ugZzbmnWf3yeByeK1eKrQ9DEKjOhdX/fm/tgZYL8tHs/m/b5wwoIu5y62Ej9dUyBwZt8ZWHXLNss/kehKeqen2azMxL6P7kh5W1Lfa9Sn/+zeDJkRKog==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mqlmmLXuIEDDVoUlIbR3WnHrlFpdF/U0FMdv+YDLLRg=; b=PwNPSnd53HptWhnX0PAPbgIQ3BTGtT7fXyWgxBLXJrs/Cz2Wz4pONeyodav3aFJ7ukK3djNGk+lI8vf4m08vB9W7wgk7gD1fmthELbLiibMEXd+w83ihRNidSLBP5E1c8LaptXiC8hcpP6c08+2NWbklR7pnCRByzKWt/Zhhgnz5JiuwmiQAzu8bK6ZZORON0Hogxxp5wuPozpD/7IZ3nd1orG/TcWyVnhmQLRZJFZCpMxnOStBjZpN2MXxOhCLhteYi+xIRPvLYKznkjqC7L6qGm9qnWbOqWA1z/MtOcUK8sXo3yBq1RzOduKvy36Y89ThAKrBkmhtoGVF9cFizjA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=rbbn.com; dmarc=pass action=none header.from=rbbn.com; dkim=pass header.d=rbbn.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=SonusNetworks.onmicrosoft.com; s=selector2-SonusNetworks-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mqlmmLXuIEDDVoUlIbR3WnHrlFpdF/U0FMdv+YDLLRg=; b=L/VsWUVaxADqO9ustw3UUv6gqBuqG2N2yxDO0HpFUUmYud2FUgE5N/h7wBcS/w1+93NAP7K5pw20xvADuKpUpZps9+Yxyf9Vu7c0lyjupbMu36OzbrMmY67i7RdGh8Fnilc+xI0BKil3KuxQNnK4Y8ThK7HEfvWis8TGFw7MChQ=
Received: from BN7PR03MB3827.namprd03.prod.outlook.com (2603:10b6:408:23::13) by BN6PR03MB2417.namprd03.prod.outlook.com (2603:10b6:404:16::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3846.25; Mon, 22 Feb 2021 00:14:18 +0000
Received: from BN7PR03MB3827.namprd03.prod.outlook.com ([fe80::243d:2d34:bb27:ac8f]) by BN7PR03MB3827.namprd03.prod.outlook.com ([fe80::243d:2d34:bb27:ac8f%4]) with mapi id 15.20.3868.031; Mon, 22 Feb 2021 00:14:18 +0000
From: "Asveren, Tolga" <tasveren@rbbn.com>
To: "stir@ietf.org" <stir@ietf.org>
Thread-Topic: [stir] I-D Action: draft-ietf-stir-enhance-rfc8226-00.txt
Thread-Index: AQHXA9RP/RYkr3fYW0CsMvSJPSmZCqpjVnpA
Date: Mon, 22 Feb 2021 00:14:18 +0000
Message-ID: <BN7PR03MB3827841E60A92319A7204810A5819@BN7PR03MB3827.namprd03.prod.outlook.com>
References: <161341882637.31439.118940094335922643@ietfa.amsl.com>
In-Reply-To: <161341882637.31439.118940094335922643@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [73.80.74.66]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 12fb6c44-38bf-4116-31f4-08d8d6c6cbab
x-ms-traffictypediagnostic: BN6PR03MB2417:
x-microsoft-antispam-prvs: <BN6PR03MB2417E37B6073D5D7459941C7A5819@BN6PR03MB2417.namprd03.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: I4dBoBzSMmzE55B3TbTL39WdukdWbEtORWwHhJHSFZsl8F+ivwLmyi9VtTIJj6JS5O7QiuQr/PkBQ+NLhnhCquj+CbC3N2I7r1sifyvtWd7BcRwhTDqcaYdrGuoKPft9qnzwnsui7MA0xF6z3RUGcnIcMKtNScpObKZ+8Hzq7KXVYxfv6XShDsPggR1kIwj8dmvM7AFLrZdZ4oYltMPUBJQEDYdUPh6IPPFzfwxe+3wQszHXv0uv85d9SkHGjvhfpllCfWuZVCNaXKgGnDzwO2Lvkn+0k3WXqmdOyTg4OQs8GQLaSwaCqMVDjUAZi/VVJ9hR9jq89k+pncZ7VwZlfyCiJKal/T/dXhL8vra7NhVJ9A+nRyeyOl8GbNlB/eCU9+M601t0TVFiiZOsK0d1DRTVQGlN8pvvfNZF9g2he4yFRGo8degkOlERArFe9jBI8v60Xqrx8PP3x+CEQpg+6g81dfQzTVyO5xrRtuWBQyKRIcuCb0PBslbMI3+BspE1IJoXPXZRFVaIWiPwSN62NnpLYQpP90XKwOW7HvpeRL8QowkUwmyk1dZxfpz80exTjecD7QLxNDFaHWGEs7w3wpaMb8qDf9towl3IouDW/tw=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN7PR03MB3827.namprd03.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39850400004)(396003)(376002)(346002)(136003)(366004)(52536014)(316002)(71200400001)(66476007)(26005)(66556008)(478600001)(53546011)(66946007)(55016002)(76116006)(86362001)(9686003)(8936002)(966005)(33656002)(6916009)(5660300002)(66574015)(6506007)(83380400001)(66446008)(2906002)(7696005)(64756008)(8676002)(186003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: QoXXqjRN2BBskWeYVv/hjr30QvRD7WXm8KSGeX6ItINO7TtBEjTQU/QHcdU5lXAKjc6Mr7EehgcVsLciAtt+INMiizuwhHZqQOJ8KzhymP7N2kbT47I4tINb/jVwi0IXh3j3QHr58APANdJ8MsW0PqVij6L/jZpNKO7dYY4+GLKMotmjs1b54HlU5B3EghCKc/0PTliKX8Wan0AyYoq1VD0ws4Yncz2iG33Zu4Rgyc6bV3SxLBuyEdtgTNmOOfISuYsiT3IALFUxlT14s9s5H5Mx7fiTjhneK9/mtcBXgqUdfCgsVT6rUT5HURxVTVs4MtamDDiSGoGA1d6qNJJGKRC3JaF49B1TQb11Vu4zE6w1P4EWyGUhQjQg8lwjJoVsC3W8TjnW/lMmriRE73tYoZwl1HZ1KzA6DB8/ywkBHB0zW006/S2TkuQnR438em30s1DJRUVw3SDbOWtUSNinIzungBjwVbYwIFRgD1wP2TXaDPampOvqQDx7nDnclCjW76JUWFvBB89OsC1uFS3egRB3skKRZb3vhIYSs0aTI8wnQF8oaa4O+yl96Su8D5XFgNqcHkFfGpEop/CuER622jwE3S2E5cVtUum2vICfLWVqTJpmjsU13m4wd4H0YaKTx35VbqjVkL9aQotDz6j1pHrHMiDrtEASyW8TavLxHtf7SNyZavWHqij3MCoj5Kd8KnQOIveolFEBuHIwCJEhJeDc0osNktwgj7c0CKz/bb85ZigkZPBPzZQfyNx6Hjl4aYYG3fw2MGnpYwgOlI8imdjfTY3JHj4rUTqWrmfcv2Vt6ArxOT9SnLAmLjov/bEZM7WWSLgEhPTc54eYCwN5pC6aBpzJdouGtjU8JZqB2TTfaMrr2LgfLQjja4htzsXmU1vSEY6SvHntoPu7oNHF5DGMBswKenc2lpM68RRWdL3DmeWpqVsetZ/KXpMcx+wb9GKtdDhU0WxPUnK3eG9rgmzBAptoEpO/sjHRVXgCgZ2HblWnH25ppif06fRkTJXPgLhA51pqg+tDslRscQa63NGtg+251b7arrzsLj2P206g83mrSYuNHu5WqflDI+O0Ppp1spWmHlmhJBOdvmXGjJD9ZwpBx3PD69qKtv1JC+GLYYRxRn92/45HVjvUJajRXrJ4hRhwcA82TkaFzzTq1Lrer0S0WVZigVvtOMIXHnseR6SeP6PwEy5LtHG6mXmbYdT2AYXUyYC+m7IyNmgjJUtc+mm4qP/AhxQD2bsiE0x5DUXDHE09q/Wo8obfcu+vsBkoOO7KzQSqPAnoeRQp9Ui0qJRBOiT82UuCr4MbZwg=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: rbbn.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN7PR03MB3827.namprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 12fb6c44-38bf-4116-31f4-08d8d6c6cbab
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Feb 2021 00:14:18.1058 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 29a671dc-ed7e-4a54-b1e5-8da1eb495dc3
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: BVEnglG1Eq2RDnUEGz8JUrInkctMsjcVuH8N1H2q4YWqNe/InYjtSwjtoQ6jgUNKKgch2wDzSDrGZI4ni6Y5vw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR03MB2417
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/eTE2h8bY1gq3aoJK-IlqHa75hSI>
Subject: Re: [stir] I-D Action: draft-ietf-stir-enhance-rfc8226-00.txt
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Feb 2021 00:14:26 -0000

Would adding "*" be useful as possible claim/value value? That would allow "exclude everything else except explicitly allowed claim/value" semantics.

Thanks,
Tolga

-----Original Message-----
From: stir <stir-bounces@ietf.org> On Behalf Of internet-drafts@ietf.org
Sent: Monday, February 15, 2021 2:54 PM
To: i-d-announce@ietf.org
Cc: stir@ietf.org
Subject: [stir] I-D Action: draft-ietf-stir-enhance-rfc8226-00.txt

NOTICE: This email was received from an EXTERNAL sender.


A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Secure Telephone Identity Revisited WG of the IETF.

        Title           : Enhanced JWT Claim Constraints for STIR Certificates
        Author          : Russ Housley
        Filename        : draft-ietf-stir-enhance-rfc8226-00.txt
        Pages           : 10
        Date            : 2021-02-15

Abstract:
   RFC 8226 provides a certificate extension to constrain the JWT claims
   that can be included in the PASSporT as defined in RFC 8225.  If the
   signer includes a JWT claim outside the constraint boundaries, then
   the recipient will reject the entire PASSporT.  This document defines
   additional ways that the JWT claims can be constrained.


The IETF datatracker status page for this draft is:
https://clicktime.symantec.com/3PYwFpZMV3FwPb3NcvPGXPN6H2?u=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-stir-enhance-rfc8226%2F

There are also htmlized versions available at:
https://clicktime.symantec.com/3SxqBweeUCx4XKQ4nGVMheq6H2?u=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-stir-enhance-rfc8226-00
https://clicktime.symantec.com/3EufEdHEi4e6411xonCH6Jm6H2?u=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-stir-enhance-rfc8226-00


Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


_______________________________________________
stir mailing list
stir@ietf.org
https://clicktime.symantec.com/3CzNhNFFMs26vG2C9Kjx6Sq6H2?u=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fstir

Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. and its Affiliates that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments.

v2.23.0 | Report a Bug | By Email