IETF Logo Mail Archive

Re: [stir] Malformed PASSporTs

Jack Rickard <jack.rickard@microsoft.com> Wed, 19 January 2022 14:22 UTC

Return-Path: <jack.rickard@microsoft.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50E823A08B6 for <stir@ietfa.amsl.com>; Wed, 19 Jan 2022 06:22:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.576
X-Spam-Level:
X-Spam-Status: No, score=-2.576 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cVXEh5kCV5T9 for <stir@ietfa.amsl.com>; Wed, 19 Jan 2022 06:22:43 -0800 (PST)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60128.outbound.protection.outlook.com [40.107.6.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 741403A08B4 for <stir@ietf.org>; Wed, 19 Jan 2022 06:22:43 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TsnSeFK/gIXZv6zjrTeZRkjgIaJpXg4u9rJ/BXifzBulIdqEKluOP3lz+q19s5TI7zQaU1Slp/xfBGtE8H4ZjbZB4aeBoHxRcRxTYwZELVvx2BdG4PNrCNURfBBmvtqq3Xl2uI5jqcqay9a/J2VIa5qcbmVXeC+L/oxUqh8+ajojo36SmPSzEzf5QQ6OZokPbTn6UjX/IBJkhlyR2R/9hIaF4mWkDNDk53faCP+3u4Y0ZrhhEpfo4I3fkAbcMv4NJEp/+yGqe6Qj3O8+1aULdl0wd5DvL4m0bwrkSSjDBI1wnsJmjQaX20NOvkRgfWB4oyylXJ+r2f7ZpOnnI4QujQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7pzILn9GhowVLylli5Wjnpw4LHvPbhWU94JOzh/yuRo=; b=f4m7tIbfDYf33MK9JwSQpahkeGKa7WA5wOjZOBEHcEP2qKiix2asA/ogL0bmf4NVVhtZYes/qd8hZzVsEgZrO0+qx+SFCT+j3D5oq+tZJwBaai2XolgebEp0mS0nVDY6I2dJoOiNevOkhfN5lB9SUsk5mgDk9zHv9jT3ksMITA3UTQTJMPggzF154vAIPoDgmN2CtJPP6vFa4dS1l3oVBGgOxvKoHmNmpsEWEhPQ1wNxmlYmMxwwJq5f0EQSlk+YkoJmMKLxz1F/REVE2hAC9Ub6W7Vkpv4sEkmQrFm0kNGil6kroMSoWF9fm3WH4qyxgs85xi7AV2GDlE3moywPig==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7pzILn9GhowVLylli5Wjnpw4LHvPbhWU94JOzh/yuRo=; b=g1+t2ReKuIwGAVkrNQqvyvmCkPfBg61eS7StlXOfUMKoV2Sk6r5W0Kai9+U7zPkSMDr18JkDoYsCf00TA7OkLuFegypqulgUOxl97J+pDCxs9q7Eq0q2zg6MaXwalJjC5eJE4d0qhIOYGC2JSlm9TlLHoV1enVgc0CI7jfrJUbw=
Received: from AM5PR83MB0355.EURPRD83.prod.outlook.com (2603:10a6:206:25::24) by AM5PR8303MB0065.EURPRD83.prod.outlook.com (2603:10a6:224:6::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4930.0; Wed, 19 Jan 2022 14:22:37 +0000
Received: from AM5PR83MB0355.EURPRD83.prod.outlook.com ([fe80::9543:909f:b33:dc64]) by AM5PR83MB0355.EURPRD83.prod.outlook.com ([fe80::9543:909f:b33:dc64%5]) with mapi id 15.20.4930.006; Wed, 19 Jan 2022 14:22:37 +0000
From: Jack Rickard <jack.rickard@microsoft.com>
To: Chris Wendt <chris-ietf@chriswendt.net>, Alec Fenichel <alec.fenichel@transnexus.com>, "jon.peterson@team.neustar" <jon.peterson@team.neustar>
CC: IETF STIR Mail List <stir@ietf.org>
Thread-Topic: [stir] Malformed PASSporTs
Thread-Index: AdgNP7br99FhUmkyR2OrPNvgxGuo5w==
Date: Wed, 19 Jan 2022 14:22:24 +0000
Deferred-Delivery: Wed, 19 Jan 2022 14:21:31 +0000
Message-ID: <AM5PR83MB03558545C518E015D2BA5B7F88599@AM5PR83MB0355.EURPRD83.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=4632aa7d-971b-49d7-8dc2-af78aa0d74cf; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2022-01-19T14:15:37Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2257fb5a-ca68-42ff-1206-08d9db572490
x-ms-traffictypediagnostic: AM5PR8303MB0065:EE_
x-ms-exchange-atpmessageproperties: SA|SL
x-microsoft-antispam-prvs: <AM5PR8303MB0065643EE41C261D526A096A88599@AM5PR8303MB0065.EURPRD83.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: U4zgcXeAMVlNu7TCWj7N7A1+tp+hOeDRUHdd4y+DsqueBt5ZURL8ITy3unAjOfGehKqMWGW+nHKjYqIhgzxUFNHhVCusLaMgxwTsM2sZU6/Zz0rJi6YNTTxZDnUOdY1oG42Rgl3PJS7Uwce0U1GxaRw2YaTCctMTZnvca9PpFrz1Da51BE3M1oJbYQIlxUZo+C5yT0/kWzkfPr/6toLRqe6G+ozd3aSInVMoXo9h/f53ajnWzJN/uwZah3FFaaEaxWHxTLvoLd/WMWvvorsxSlcmh7Jc7SZmC9DpBtI3TeqKxyMrUVVDqsgyBtYJ3PcQFxH7uiJeDPQv/XNWLzZOeavSUl5BPiek0YfFg3f4MkRXsFdzT8flEVg/mXo0oD0rB0vhAwIqwq762n0hVs1ZQXwPMZ+JRyycm3DX59UbPTqGMuoCvQEAu6DYTy/n/6DUOvoByDxHCLjTFYej50GlNA5w4/rXPZKY+jD+PLeOMlx6noyINzNFKLEGjukw0NSbPc9lBqXkSBGHa3glaxHlCtZr8HydVTKED+zHDjK1qp5h8R610Hb7buDURnwJlRUw0hrw+2YQi+6VL/lWJlW+YD+mV5cdXT6FqcUXhvAz5zbIgSpQySyjF3efgDpe2GPh1jVah/npC1ScrRJ29t4CPnLgZixtzyeVkNFT8b7lrcj5GfDKAVuWUFcT8J0fUIAXX0xluy+vh+koCL0wiBb9xyvzMmjYHPhG3AB1Xd3n1FRoIBqIU+GFfJk9Hea1OzjrrzdNuiAMoOCoshRgR9g6zRWSn0RzYl9pVghi9mQzdU3W045PzDhso4kp2EPyGt9fGQQ7J0Gpqg5T69BX3yRU6w==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM5PR83MB0355.EURPRD83.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(966005)(33656002)(508600001)(40140700001)(5660300002)(52536014)(10290500003)(9686003)(44832011)(86362001)(7696005)(6506007)(8990500004)(53546011)(83380400001)(55016003)(122000001)(2906002)(6666004)(186003)(26005)(38070700005)(71200400001)(38100700002)(166002)(82950400001)(82960400001)(66946007)(66476007)(66556008)(66446008)(76116006)(110136005)(8676002)(4326008)(316002)(64756008)(8936002)(20210929001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: xF30C0x7IidsitD3QVvwE4Hlt8glkJAvOtDTFqSPcMgkzksEJZRiJWCBvLzMrUOEG/l9i+Xo96MgfpRHD/jzg8Ifr7eDPhNTWfZIFmKAfT+2KK5+1gcVQN2m/9BZ5O8dAdVKvJHsUCdPNNipp7kRvnH0AN7rOuRWfprP4sIxDTMC6GpDftk+gcRgc7lKLDV7meQlDKj8G+gk6NJLPEFkjNpZQYT+FSUAaFPRu8aJolDu7MKnKlpXVv//LX9lLUcCox7GPhA/yOrEy6oZ3TRLWyFO4tCZKuhzIasTyb8qdAtGhT6DHQ7DdpAPG0ByL3TknP/Y0oO98PaLU/1Z596vZivNNLfOYxZChmi5TQQptnWAvoK+b1tNPikYZ9eeCSJpuRddgyCzjHST1Tzaf1joVISoPFjJwLyWSi2EZGG97GPg+Ab+DzI3bkkvDXUwOZqkYaYz+2/H1fzXtsZMDDlTcFSTm73QiQzeg2rpRxdDivTfbhOC8vyl8kma9EkEmzFFyihXspT/9lNBN2zhuDh1BfaKwr/UIkt64Qnuo4avNJ2muZGO9ouOYMwmBkJhIIPOEUA1RSEIio+A94TxlCsOoDJjHmFa7aJIClFnmGpZZOFXzn12q3dHtgJbYOVkQGZ7J5SpNUi0w/HqLt5PNYsUx1E+Ewvbtvn/woev20PyYKk+g6Q05/zrpv2u64Abpk0QAj3wGXmCKusyhROgUujVO41Zaa2Q3SQkCF/Vg8jDgpuJzobDB/Tt9ddkMhRLSXe5Fm5qG25I9nrFN3tRDABAhd1CUjmPGm056cDfD0Dqg2Rap1sixcZa+iwXB5BKrXumFB5cbpU2QvjY0Y2wxUjDxwWWFmpsItmbusIL6eCSwlTph2tIDFe2mTsLvpTeaKgd9Zkd+3s5VctQz/1+XfyNH5M8r9Ojap90qblOso3myA254LL3eI/Hd1y3ihYFfU6LmZHEhMLb9DeUaCuyYzQfN4yAIanKIGwABRN4971cdE0FT3ox+jaM2y/g8pnjHjII2nee82HNuT3XXilRcQsgxT+vn4uO7yTD1ytZAT93nk0IBTURpOQICilOW9J2U5mHx1xQ3cjOHZMp4SSJ2uoP3icuMIIGCGyNUVHk8iDdsHkD83rwVqV2urmnapOFHwYLIMdnTe13ZATYS8jIxJ+NgQ8QbM8p/qnxBALS6IkMOGGRxYiNJpRYrJvkRzFlQOOJo2OEh0ZYw9+zLJa8QZsHxLThu8ClmeMfRvG9FEbjeD864ouIRkDKdyWYLoQEr3VGU9vk+S+HM3csMcSaDlutrcF12hm0i072hX6qeJgF6JI2HDdSdEmpEQk8PrpZXY1G8qhxeLFD2WrGRbF7CsDVTQGGa0NlMwRmJXKSPpNoUZWeYUJ3NYzlvzOkZNxtXFbbqoEYf748VoiUJvYH9yKWafIKDt0Kas0v3UkjK6QAU/zoYCCrFUELie2tpxkDbPlz/HiYFgq1Ql6xOWNd5Ac2G6g/sYkW6gU3u+P5gBIvZGg+7CuqsPaDnTT5PzXGnbUnM9i5YR2QZrDbIS0zyKO3/eQlPM+QoY58PxKAEu7Yt6MBS22jeL3TxSg0ryyGRw/uNVPN3EDMKbu+/ZoWaEB+vw==
Content-Type: multipart/alternative; boundary="_000_AM5PR83MB03558545C518E015D2BA5B7F88599AM5PR83MB0355EURP_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM5PR83MB0355.EURPRD83.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2257fb5a-ca68-42ff-1206-08d9db572490
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Jan 2022 14:22:36.9895 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 9c0Qyol3QuYzfmYi5BJ1fpyv7gJbnbf5pzkMsraOqy7+XD0b24gDRlVNzAW3V1G9CcTsuaclGDLcChKb2wnXuCJAa+S16EtAEjwdTdtzFv4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5PR8303MB0065
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/81kXzzeHorClTUJM8Mi9vN3Bl5g>
Subject: Re: [stir] Malformed PASSporTs
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jan 2022 14:22:49 -0000

I default to that too, as it's the simplest and helps encourage everyone to behave well. However, I believe that Jon expressed a different view, specifically on rcd in shaken, during the rcd discussions.

Jack

From: Chris Wendt <chris-ietf@chriswendt.net>
Sent: 18 January 2022 22:06
To: Alec Fenichel <alec.fenichel@transnexus.com>
Cc: Jack Rickard <jack.rickard@microsoft.com>; IETF STIR Mail List <stir@ietf.org>
Subject: [EXTERNAL] Re: [stir] Malformed PASSporTs

Yeah i think Alec, you have captured the general intent.


On Jan 14, 2022, at 2:33 PM, Alec Fenichel <alec.fenichel=40transnexus.com@dmarc.ietf.org<mailto:alec.fenichel=40transnexus.com@dmarc.ietf.org>> wrote:

As an implementer, I generally prefer being permissive about unknown fields and draconian about known fields. Put another way, we are looking for specific fields. We expect these fields to follow the required format. If they don't, we will reject the PASSporT. If there are extra fields that we aren't explicitly looking for, they are completely ignored, so they can be invalid. Note "rcd" is a known field, it doesn't matter what the ppt is, if you include "rcd", it needs to be properly formatted.

Sincerely,

Alec Fenichel
Senior Software Architect
alec.fenichel@transnexus.com<mailto:alec.fenichel@transnexus.com>
+1 (407) 760-0036
TransNexus

From: stir <stir-bounces@ietf.org<mailto:stir-bounces@ietf.org>> on behalf of Jack Rickard <jack.rickard=40microsoft.com@dmarc.ietf.org<mailto:jack.rickard=40microsoft.com@dmarc.ietf.org>>
Date: Friday, January 14, 2022 at 11:29
To: IETF STIR Mail List <stir@ietf.org<mailto:stir@ietf.org>>
Subject: [stir] Malformed PASSporTs
Hi all,

What's the intended behaviour of a verification service when it encounters a PASSporT with badly formed claims, but is otherwise valid?

There's a progression of possibilities here which range from being able to do nothing to being entirely ignorable. I'm worried there are interop or security issues I haven't thought of with being maximally permissive.


  1.  Fundamental field totally invalid
"orig": [2]
It's impossible to validate this passport no matter how lenient you are as there's no way to verify this against the From header.

  1.  Fundamental field partially invalid
"dest": { "tn": ["12345556789"], "uri": 6 }
Theoretically you could validate this passport if the INVITE was to 12345556789, however processing this would be awkward, and for the sake of the ecosystem it may be better to reject it.

  1.  Extra field invalid
"ppt": "rph", "rph": "invalid"
This is not a useable RPH passport but could degrade to a base passport and provide some authority. RPH may be a bad example because I'm not sure it's meant to attest to the caller, however if the ppt field was malformed you wouldn't know that...

  1.  Optional field invalid
"ppt": "shaken", "rcd": {}
The field isn't mandatory, nor is it the primary focus of this passport. Ignoring the "rcd" field would do very little harm, bar allowing dodgy implementations to proliferate.

  1.  Unnecessary non-STIR field invalid
"aud": 6
I doubt many STIR implementations even check if non-STIR fields exist, let alone whether they have the right type. Completely ignoring this feels like the right thing to do, however rejecting it would also be reasonable, if everyone agreed.
Although, not checking this specific field is in violation of the JWT standard, so maybe this should be rejected?

  1.  Completely unexpected field
"foo": "bar"
AS this is JSON I'm pretty sure this should be accepted and ignored.

I haven't been able to find much in the standards addressing this, so I'm interested to know your opinions. I've been unable to come to much of an opinion myself, being permissive feels sensible, but could have negative effects on the ecosystem and generally raises more questions than answers. Being draconian is probably simplest, but could cause interop problems, especially as things change.

Thanks,
Jack Rickard
he/him
Software Engineer
jack.rickard@microsoft.com<mailto:jack.rickard@microsoft.com>

<image001[37].png>


_______________________________________________
stir mailing list
stir@ietf.org<mailto:stir@ietf.org>
https://www.ietf.org/mailman/listinfo/stir<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fstir&data=04%7C01%7Cjack.rickard%40microsoft.com%7Cf60f81af00314e75bfc608d9dacebdf7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637781403799087035%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=llGIYPO5Djs4dRKVVC784B2KzF5ASzL4CvXswso1EV8%3D&reserved=0>

v2.23.0 | Report a Bug | By Email