Re: [stir] Proposal for update of erratum #6519

Roman Shpount <roman@telurix.com> Tue, 20 April 2021 18:03 UTC

Return-Path: <roman@telurix.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B01873A07EA for <stir@ietfa.amsl.com>; Tue, 20 Apr 2021 11:03:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pFNn8TUHmzud for <stir@ietfa.amsl.com>; Tue, 20 Apr 2021 11:03:02 -0700 (PDT)
Received: from mail-qk1-x72f.google.com (mail-qk1-x72f.google.com [IPv6:2607:f8b0:4864:20::72f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08B113A07D3 for <stir@ietf.org>; Tue, 20 Apr 2021 11:03:01 -0700 (PDT)
Received: by mail-qk1-x72f.google.com with SMTP id q136so19315210qka.7 for <stir@ietf.org>; Tue, 20 Apr 2021 11:03:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9PyAl/yah1Ok+8NEPXA8kxFLB++J9tLOtvyG+ffdjXU=; b=I41RjaqNX1qob0k99LpbpH4J9Mo5DG+CGWBE1Hi4OW+Ig49P+NPe84ga9OQs5IrpPH 62waqFrcvtiXlUA7bQJf15SxfzXT5tI+NJBpwB7uVdCazPhbMx7nt0o40iZiX/m4Z/FY crqaZaM9rmJgYksa0lUUu6j5ai0+Or1dR3uxRVXJ3eiGtxETtOdD1XHoOHVLEd81f4bb RUwPO6xk8h+d93Z4LXYWEsGB7Fyd8l2NiEQWQ81mIIJrbXk241yZ8hYeU8QbZnumFJuh y6xnh4YskMOZ7htSf6/bswEg50mLyYFYaJAyNmgn8OAaL+CHnSOvr33/T/u6UKhK0qxb pbnw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9PyAl/yah1Ok+8NEPXA8kxFLB++J9tLOtvyG+ffdjXU=; b=aV3gqMZc0K0i7xTqyfqOQpAdYxI0lrsplq69aRTOjZUCL3ytvPTyPoEJrLZC22IaOD NJEaUHiz+kYxTPgvYAXiXvuUMJQqEISpgDhmKUkMp24Mlv3Vmq4EvgaiLLTL4XNoDLPY fqYoGpAb5bQHQ/FKQpfNrXKAM8xFYo+DuS0B+nygyXMDvag3d3PXoawka8zSBBRS+QCu vKyjRoFGwbvfVnbp1+jWP3hF2msZckOZzv3krgU/XfKooHWrKzFf59vY2JJmhRaTGbbb yJxg+IgSzMU2+M4OCiMPrkTss135vwVoYItHlTfqcsYf7csFDNxLa3sQ3tkDWkBgKg+U 2WDQ==
X-Gm-Message-State: AOAM533gjON6J7SwEeCK051osX+TE+xRIVD6e97fe4C+jwuksByZ2SI1 3rbwKR2R5EexzFafKLdRFxFcMDOPeyluZg==
X-Google-Smtp-Source: ABdhPJztvalG+G0y+tGk7YsDFlt/S7j2jTKEViieRXvUn8m0WwbkhpuIlRb2/UqPP/aIItIZbqH9Dw==
X-Received: by 2002:a05:620a:386:: with SMTP id q6mr7184100qkm.438.1618941780003; Tue, 20 Apr 2021 11:03:00 -0700 (PDT)
Received: from mail-yb1-f170.google.com (mail-yb1-f170.google.com. [209.85.219.170]) by smtp.gmail.com with ESMTPSA id p23sm8436721qtl.8.2021.04.20.11.02.58 for <stir@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 20 Apr 2021 11:02:59 -0700 (PDT)
Received: by mail-yb1-f170.google.com with SMTP id v72so23336688ybe.11 for <stir@ietf.org>; Tue, 20 Apr 2021 11:02:58 -0700 (PDT)
X-Received: by 2002:a25:5883:: with SMTP id m125mr25614975ybb.171.1618941778351; Tue, 20 Apr 2021 11:02:58 -0700 (PDT)
MIME-Version: 1.0
References: <42e964d3-2a16-660b-f8b4-fd9daedad115@petit-huguenin.org> <AM0PR07MB38604255784FF9E621257B2D93499@AM0PR07MB3860.eurprd07.prod.outlook.com> <3d8e2fce-d124-99b9-e295-734a36ad564a@petit-huguenin.org> <7558AA11-A7F9-4091-BFD3-F42C742AABAE@vigilsec.com> <167dde10-f242-2b6f-a7ce-96991158589a@petit-huguenin.org> <CAD5OKxvkN+BSY0XuBmfApDDWOLhqCLLFuQgVQryE+yHUftWs4w@mail.gmail.com> <15fc4a20-b5c8-cd27-b30e-76e1f479b4ff@petit-huguenin.org> <CAD5OKxvmvmotpxB8BGJfqRrVTjEGKQkQRow37gmwRMFaBGjEoA@mail.gmail.com> <DF470A3C-6033-48F4-8A61-3442C5DD2239@team.neustar> <BN6PR11MB39216109781BE5DE5C35AB6399489@BN6PR11MB3921.namprd11.prod.outlook.com> <6F5317AE-44F5-4CAA-82B8-830FF5223179@team.neustar> <BN6PR11MB3921A7E9996332ED9E057E4C99489@BN6PR11MB3921.namprd11.prod.outlook.com> <CAD5OKxuwB=VxjcJ6LRboHTY5evQap9k-g=M+L8OQChPDdt3BFQ@mail.gmail.com> <BN6PR11MB392155D7F465C334B96DB92199489@BN6PR11MB3921.namprd11.prod.outlook.com> <CAD5OKxvdgOzvcgc6DMN6_kpL0bsdXu8EnGzCxSqhAhKGeqiiPw@mail.gmail.com> <BN6PR11MB3921FF3AE658E7FAEB8DCE1F99489@BN6PR11MB3921.namprd11.prod.outlook.com> <CAD5OKxsUDarfzV3-Bo9e9Zvt7pj=0fLmaE5n4a0X8Scu2kvpvg@mail.gmail.com> <BN6PR11MB3921FE4F071D4EA4CE1CE06099489@BN6PR11MB3921.namprd11.prod.outlook.com>
In-Reply-To: <BN6PR11MB3921FE4F071D4EA4CE1CE06099489@BN6PR11MB3921.namprd11.prod.outlook.com>
From: Roman Shpount <roman@telurix.com>
Date: Tue, 20 Apr 2021 14:02:46 -0400
X-Gmail-Original-Message-ID: <CAD5OKxu76M+oZJTPDQUpazPU1vW6qG1RO-hPJOr7JjCpu2XNwg@mail.gmail.com>
Message-ID: <CAD5OKxu76M+oZJTPDQUpazPU1vW6qG1RO-hPJOr7JjCpu2XNwg@mail.gmail.com>
To: Alec Fenichel <alec.fenichel@transnexus.com>
Cc: "Peterson, Jon" <jon.peterson=40team.neustar@dmarc.ietf.org>, "Peterson, Jon" <jon.peterson@team.neustar>, Marc Petit-Huguenin <marc@petit-huguenin.org>, IETF STIR Mail List <stir@ietf.org>, Russ Housley <housley@vigilsec.com>, Christer Holmberg <christer.holmberg@ericsson.com>
Content-Type: multipart/alternative; boundary="0000000000009c5cbb05c06b4111"
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/AX_2lK2bFhT_ivp0HzB-Cvw2MbU>
Subject: Re: [stir] Proposal for update of erratum #6519
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Apr 2021 18:03:07 -0000

On Tue, Apr 20, 2021 at 1:54 PM Alec Fenichel <alec.fenichel@transnexus.com>
wrote:

> Proposed changes:
>
>
>
>    1. Be prescriptive about whether quotes are required around the ppt
>    parameter value or not
>    2. Make info param optional when using full form PASSporTs to make OOB
>    easier for transit providers
>    3. Allow info param to match claims other than x5u (e.g., jku, etc.)
>    to support DLT and other future PASSporT extensions that don’t use x5u
>    4. Make the Date header optional
>
>
>
> I’m not following the SIPS recommendation for privacy due to the PASSporT.
> The destination number, origination number, etc. are already in the SIP
> signaling. How does the PASSporT add sensitive data?
>

Technically, even the origination and termination numbers are already PPI,
so they should not be carried unencrypted over the public internet.
Additional optional claims can be present in PASSporT, such as rich call
data (rcd), which makes the exposure even bigger. There is some language
regarding this in draft-ietf-stir-passport-rcd, but I think something
should be added to RFC 8224 as well.
_____________
Roman Shpount