IETF Logo Mail Archive

[stir] quoted ppt parameter value redux

"Peterson, Jon" <jon.peterson@team.neustar> Thu, 03 October 2019 17:27 UTC

Return-Path: <prvs=9179ada565=jon.peterson@team.neustar>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCB1412012E for <stir@ietfa.amsl.com>; Thu, 3 Oct 2019 10:27:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=team.neustar
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Iay6zel2P425 for <stir@ietfa.amsl.com>; Thu, 3 Oct 2019 10:27:17 -0700 (PDT)
Received: from mx0b-0018ba01.pphosted.com (mx0a-0018ba01.pphosted.com [67.231.149.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F68A12012A for <stir@ietf.org>; Thu, 3 Oct 2019 10:27:17 -0700 (PDT)
Received: from pps.filterd (m0078664.ppops.net [127.0.0.1]) by mx0a-0018ba01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x93HNMVj026301 for <stir@ietf.org>; Thu, 3 Oct 2019 13:27:16 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=team.neustar; h=from : to : subject : date : message-id : content-type : content-id : content-transfer-encoding : mime-version; s=team-neustar; bh=MGhsRuXEcIg7tOmNLUWXnStlLBl0fco5N+zk9cRDOF0=; b=Ml1bo63L6xuH6+cXzFlKpXvzIQMPpVTXAURT8vNEH6f9zcl0CCRA7K21DRKy96Z8/Ftr jE/CHki99oxaPiGXXIVEPq3+Y5vIlS/Q9I2R0QQanUAjaTL56nm/UFB7g2+T1t5M1+Zf qjL6PSt3GSG1ZR3ydtdiG0b+spFnI630LYPCfPPOAbtmtHqiKsk/T6Dw91BuP65UXFzA 8s9jN2uN9dogAfm4qndLfgp34zGd8PVLTvN/sy4gvPKbFK0ca96g8Rgn1hpFyBHDpODz wKTK38KmAw12lpvu73NN+gqXCizoLjxfrL1p0MvO1KdO2HiB9Rp8qEzwHfUa+W/QYAhA GQ==
Received: from stntexhc11.cis.neustar.com ([156.154.17.216]) by mx0a-0018ba01.pphosted.com with ESMTP id 2va25x8jnu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <stir@ietf.org>; Thu, 03 Oct 2019 13:27:16 -0400
Received: from STNTEXMB101.cis.neustar.com ([fe80::a831:d3b4:fb4e:e45b]) by stntexhc11.cis.neustar.com ([::1]) with mapi id 14.03.0439.000; Thu, 3 Oct 2019 13:27:09 -0400
From: "Peterson, Jon" <jon.peterson@team.neustar>
To: "stir@ietf.org" <stir@ietf.org>
Thread-Topic: quoted ppt parameter value redux
Thread-Index: AQHVeg/ISMi94GnCLEyL2tqq3RscQg==
Date: Thu, 03 Oct 2019 17:27:08 +0000
Message-ID: <79880B31-1AAC-45FD-A60D-CBFF01B584AE@team.neustar>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.c.190715
x-originating-ip: [10.96.12.167]
Content-Type: text/plain; charset="utf-8"
Content-ID: <A8F483A5F13D42468E7A2EDC999480DF@neustar.biz>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,1.0.8 definitions=2019-10-03_07:2019-10-03,2019-10-03 signatures=0
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/7rJ7zlYqXPqOkhLKWmnP2YPGdCo>
Subject: [stir] quoted ppt parameter value redux
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Oct 2019 17:27:19 -0000

RFC8224 section 4.1 gives the following guidance about the syntax for PASSporT Types:

      Fourth, if a PASSporT extension is in use, then the optional JSON
      key "ppt" MUST be present and have a value equivalent to the
      quoted value of the "ppt" parameter of the Identity header field.

Does that imply that the values of the "ppt" parameter in the Identity header field are quoted? If so, that seems to create a conflict with the ABNF for the Identity header field, which gives "token" as the type for "ppt" parameter values.  Back in IETF 101, as we were pushing along the first PASSporT types as extensions to STIR, "div" and "rph", we had a discussion about whether the values of the "ppt" parameter of the Identity header should be quoted or unquoted. As we said at the time, it isn't really important whether ppt parameter values are quoted or not from a design perspective, but It is important that we all just agree on it one way or another. The outcome of that discussion was reflected in the minutes as:

   ISSUE: Should ppt values be quoted or not?
   OUTCOME: Quoting is mandatory.

Based on that outcome, we baked quoted ppts into the resulting docs (see RFC8443 4.1 for an example with ppt="rph" rather than ppt=rph). However, as STIR implementation ramps up, we are hearing a number of reports of AS's using unquoted ppt parameter values, and it sounds like many VS implementations are resigned to accepting both - but that some implementations are only accepting unquoted.

We have the opportunity to errata RFC8224 to set this matter straight, but it seems the implementation community still doesn't agree on what should count as straight. Unquoted saves two octets, but let's be honest, saving two octets of a STIR Identity header field value, especially one with a PASSporT extension, is not going to let anyone fall back to UDP. Quoted conforms with what's in RFCs we've already shipped, and ones in the pipeline. I hate to re-open a discussion we had already, but it does seem to be necessary. If we’re going to errata this, should the fix conform to the IETF 101 consensus call ("quoting is mandatory") or not?

Jon Peterson
Neustar, Inc.

v2.23.0 | Report a Bug | By Email