[stir] Roman Danyliw's No Objection on draft-ietf-stir-oob-06: (with COMMENT)
Roman Danyliw via Datatracker <noreply@ietf.org> Wed, 04 December 2019 14:47 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: stir@ietf.org
Delivered-To: stir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 511BB120816; Wed, 4 Dec 2019 06:47:16 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-stir-oob@ietf.org, Robert Sparks <rjsparks@nostrum.com>, stir-chairs@ietf.org, rjsparks@nostrum.com, stir@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.111.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <157547083629.11183.9480480570192812115.idtracker@ietfa.amsl.com>
Date: Wed, 04 Dec 2019 06:47:16 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/9Ekmf3UslONikjg7HBlp6dcNuB8>
Subject: [stir] Roman Danyliw's No Objection on draft-ietf-stir-oob-06: (with COMMENT)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Dec 2019 14:47:16 -0000
Roman Danyliw has entered the following ballot position for draft-ietf-stir-oob-06: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-stir-oob/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Section 7.4. Per “Callers could store dummy PASSporTs at the CPS at random intervals in order to make it more difficult for an eavesdropper to use traffic analysis to determine that a call was about to be placed.”, given the different use cases and possible implementation strategies, I recommend using a different term that “callers” (since it sometimes might be gateways, a new kind of privacy devices which populates the CPS on behalf of a block of numbers it is supposes to protect, etc.). Section 7.5 Authenticate to CPS ---------------------> Blinded(K_temp) -------------------------> <------------- Sign(K_cps, Blinded(K_temp)) [Disconnect] Sign(K_cps, K_temp) Sign(K_temp, E(K_receiver, PASSporT)) ---> At an initial time when no call is yet in progress, a potential client connects to the CPS, authenticates, and sends a blinded version of a freshly generated public key. The CPS returns a signed version of that blinded key. The sender can then unblind the key and gets a signature on K_temp from the CPS. Recommend the following editorial clarifications to explain this flow: - s/and sends a blinded version of a freshly generated public key/and sends a blinded version of a freshly generated public key (i.e., K_temp)/ (maybe do that for other flow elements as well, or number the follows to allow easy reference in the text) - The K_cps depicted in the flow diagram is not explained in the text (i.e., the public key of the CPS?) - The K_receiver depicted in the follow diagram is not explained in the text - s/Sign(K_cps, K_temp)/Sign(K_cps, K_temp) ------------->/ - Somehow visual distinguish in the flow diagram that the signing key of “Sign(K_cps …)” is different than “Sign(K_temp, E(K_receiver …” Section 7.5. Per “Then later, when a client wants to store a PASSporT, it connects to the CPS anonymously (preferably over a network connection that cannot be correlated with the token acquisition)”, are there recommended strategies to realize non-attributed and attributed use cases across the use cases? Section 8.1. Per Step 2, this text provides an example of “out-of-band applications built-in to the calling device”, which covers only a subset of the use cases in Section 5 (i.e., UC1, 2 and 4?) Can anything be said about the other use cases? Section 9. Given that this document is notionally just laying out use cases, a high-level architecture, and high-level design considerations, this section seems to cross deep into a notional solution without all of the details outlined in the previous section. I would recommend removing it. * Editorial Nits: - Section 1. s/But while the core/While the core/ - Section 1. s/Then techniques/The techniques/ - Section 4. s/it is here specified generically/it is specified here generically/ - Section 7. Colloquial language. s/sketchy/vague/ - Section 7.4. Editorial. s/All that receipt/All the receipt/
- [stir] Roman Danyliw's No Objection on draft-ietf… Roman Danyliw via Datatracker