IETF Logo Mail Archive

Re: [stir] Interop related topics for STIR

"Peterson, Jon" <jon.peterson@team.neustar> Tue, 13 July 2021 19:34 UTC

Return-Path: <prvs=0828c6aa3e=jon.peterson@team.neustar>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D9E83A11D9 for <stir@ietfa.amsl.com>; Tue, 13 Jul 2021 12:34:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.996
X-Spam-Level:
X-Spam-Status: No, score=-1.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=team.neustar header.b=gzMCE7el; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=neustar.onmicrosoft.com header.b=ffPTSkLn
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Csn3sRl26pQJ for <stir@ietfa.amsl.com>; Tue, 13 Jul 2021 12:34:37 -0700 (PDT)
Received: from mx0b-0018ba01.pphosted.com (mx0a-0018ba01.pphosted.com [67.231.149.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3595C3A11ED for <stir@ietf.org>; Tue, 13 Jul 2021 12:34:36 -0700 (PDT)
Received: from pps.filterd (m0078664.ppops.net [127.0.0.1]) by mx0a-0018ba01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 16DJEuG8029513 for <stir@ietf.org>; Tue, 13 Jul 2021 15:34:36 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=team.neustar; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=team-neustar; bh=PjlulrKnu/Z3zhBrGshg8AfcUWBKiIzW09Jm0EcaWaA=; b=gzMCE7elFkAnc3I/u1k74wxd5aosKrXdsxf2apQ7EVzQaK6DO0gGBlMMgvfbb2a8yTWn traefEiihg/AQrxVZvLBzXA8z6k8WGYe7FfEGQuTzEBdQecM37TMwlUmdX1gGwXvUalr ijJxWpgPyrX0VvYM4U+To1iLGbJFu32AUkUQDJP1IlXPJG4uQ3zRiHo5LceF071advEl awBSohGbGh0DF50cm0bEE3GKwLIurm9xdUdN8ZCDjbbhKPBe/SVUwds4OVmuOZQGCQmm mvB7QSNAvmL1MlZSLZlRmmjJ4QPiwEUeVkWQSrH07cc+Y+Cs1Cx0+2sPZU+bqFNkBF2l Cg==
Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-0018ba01.pphosted.com with ESMTP id 39rxjwjchy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <stir@ietf.org>; Tue, 13 Jul 2021 15:34:36 -0400
Received: from m0078664.ppops.net (m0078664.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 16DJNgVC012064 for <stir@ietf.org>; Tue, 13 Jul 2021 15:34:36 -0400
Received: from nam12-mw2-obe.outbound.protection.outlook.com (mail-mw2nam12lp2041.outbound.protection.outlook.com [104.47.66.41]) by mx0a-0018ba01.pphosted.com with ESMTP id 39rxjwjchw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 13 Jul 2021 15:34:35 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PkHAlPXCHfd4NRxU4sQWgofMB1wc9sKewfjmN6cHgsuvymVS51Q/84gAx5aDy9MWbtCujw1grlPGCtA2TEht4wSlmLVLALosFd1r32ZlmFKg0CQSCXM2elBcH8S8qk2DZO86PJXVpMhfUhmkUNxqWqS32u9xrtUuC4oEwZEawxzSGkK6oJ+2e750AqVvESEXweqXtKMwmXeqraha0MOxHpLtGIecKK7Ybd9V6naHfkAWKxoU4wEzqfzq5o/MN4R7yLzUGWusWkW3MZE9s3h/IMQLEeLuUa4mN4QIQdG/lq/1cDpMU1XbM4MG916/X5fZOTIzS6raAGksYzpnYuDUyQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pgZqEnpcvojqm5EclcltT5jMSzzhuy2zNwoE4ye0kzI=; b=KWDJyRCUPbwB3OjIeN4zxHEwQBcs87a/UI+E/w6tx6ZiKmzD9FHUMOb265vAqnu/GDP9uWqFOW+3eNkfFpMUu92zLkCoEsdQx9H4St1SODggxVlzdFOwL+tL4aACxIYkNq6Y9wA2FpdI6Yp2Yz3QULRRYCcFuhxbsSJJrEQ4o5SEwK/FiTikoz2lvsSSObkOoZrccMwCVMjOsjv2sGhYeoVgkAsXi9XexQu/pwOCmeaMMt+1eFxxPy8HTVncbOqXgq7sFpUp33QlhXP4Wn27Q6R8s7vg8zknVHoAFxg/M/kqZha/38o8SbQnXevZnoSx7tuZNwiIb3NGMGBpHIzOpg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=team.neustar; dmarc=pass action=none header.from=team.neustar; dkim=pass header.d=team.neustar; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=neustar.onmicrosoft.com; s=selector1-neustar-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pgZqEnpcvojqm5EclcltT5jMSzzhuy2zNwoE4ye0kzI=; b=ffPTSkLnXv6KpqToKikCJ7rfUqJ5p9cOGWJ+3cL0nE3bmJL+OGAAraEAinPvtp8E8s9A838uEH372Hk/WqbpyDqAbqSbPYsNOj6T9DrZVMqZz4N+HT0OA++tf4MYsVa1Z3/iD0hZ8bJqANG/mk1xB6Cfs0IA7gnyob3vvqk1MmI=
Received: from BY5PR17MB3569.namprd17.prod.outlook.com (2603:10b6:a03:1b9::20) by BYAPR17MB2215.namprd17.prod.outlook.com (2603:10b6:a02:ab::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.23; Tue, 13 Jul 2021 19:34:34 +0000
Received: from BY5PR17MB3569.namprd17.prod.outlook.com ([fe80::4093:43ea:c83:1e99]) by BY5PR17MB3569.namprd17.prod.outlook.com ([fe80::4093:43ea:c83:1e99%4]) with mapi id 15.20.4308.027; Tue, 13 Jul 2021 19:34:34 +0000
From: "Peterson, Jon" <jon.peterson@team.neustar>
To: Russ Housley <housley@vigilsec.com>, Roman Shpount <roman@telurix.com>
CC: IETF STIR Mail List <stir@ietf.org>
Thread-Topic: [stir] Interop related topics for STIR
Thread-Index: AQHXeBa8/2WwZ2OYqUyrO8TyLdnR8qtBQZ4A//+VEAA=
Date: Tue, 13 Jul 2021 19:34:34 +0000
Message-ID: <20E31A90-44D4-4F55-B67E-6106DC9D9763@team.neustar>
References: <2C876D56-5E92-462F-890D-383076B91233@vigilsec.com> <CAD5OKxtE=W=wg8FDOC=yOqB6cHEAf5hoLWArvs6ysoeaWsxZMQ@mail.gmail.com> <8C2E746A-2B02-44CD-99F0-CA55C4051818@vigilsec.com> <CAD5OKxsQ+WO6zPcF49_DZV+DdxuNZJbSVWJtaRCTUqHAf2t80g@mail.gmail.com> <62682C90-8635-42B4-8D04-A89243ED54FF@vigilsec.com>
In-Reply-To: <62682C90-8635-42B4-8D04-A89243ED54FF@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.1b.201012
authentication-results: vigilsec.com; dkim=none (message not signed) header.d=none;vigilsec.com; dmarc=none action=none header.from=team.neustar;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: aa3a4e1d-5642-46b8-0003-08d946353e4f
x-ms-traffictypediagnostic: BYAPR17MB2215:
x-microsoft-antispam-prvs: <BYAPR17MB2215C003996742C5401A02C1E2149@BYAPR17MB2215.namprd17.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: P4PUrL2M7JZSFGJb5aAP5pbxMUYKBkeE1aighEMaHP8LOZA0w9d9ewKkIDWRxf15awigPtFPzWCuWU+PprecN+ywPsG8MfcDqzo6Fa1zMU2LCRpbyqgZUUbmp0Ip6hITAV6tDY5AL46cZiynwKVKgDGq4MAz0ELvWyIuDimFHXC6hhWsFRCbqW5cESdet3ks/lxu4Lq0oJhQ+EWzcDp8ZS/x+oUM6SqhKs2QdvEHroZZdl5AF0CSLiMHydmb3I12QFm0xiQXhX0EM9TwAr/jsluz5nR6Kj8Xv0SvvnxNHBlxeRi1l4pwBH6v9jki4cPX+IsthOdjdPQ729fKlYm2u5iG7v9OKwD33/mkz9NfRNU3318/xPdy4JdsERt93qv268GZyPtSTAEcEI3klz+K2tA8DK2VOjbR/GiK4I06ePnvEU20NopttjYeQHA+ajHvVKom8qe+RJl4f4Xvo2aRRcQZsz5Yf2PN0fRme8ViSIvVjCebkE6YTDHxnMt8knthleFde06w2nyqm+1ZCm+uPaRwyRC1/cTzaVdkRhcg9Kq5DOD83z1jtRHdGCW9XbbXKjrqZoF8rJoWFCcgiLeu2DPN9o9kFOsJSth7r0cusikSp2G41Wz1BmdvXsVF9IIguZM0YP3Bn7GBv4SAUqLFeFNN7dWPmx2n6IRbxhiVzeUm+RRCPnkVxx97Ljjl2t7BXqa7pWFFRQ8m0BwmaIh83Sm7fRyxjGZdyIKHHkK9+Vtryi4DIBhwDkf5kFLkjmdfFfb6V2/d06wlIO7AxhdI3MNPMdl9BepU8FA4VB++DIGaAMOX7jz1t9OP9amMI8ex
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR17MB3569.namprd17.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(366004)(376002)(39860400002)(346002)(136003)(316002)(2906002)(110136005)(26005)(6486002)(186003)(86362001)(38100700002)(6512007)(8936002)(66574015)(8676002)(122000001)(6506007)(53546011)(33656002)(83380400001)(66446008)(76116006)(2616005)(166002)(66946007)(478600001)(66476007)(64756008)(66556008)(4326008)(71200400001)(5660300002)(46492011)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 326OvUzKlhk0v1Ckp7McIBu+v5FQBRlNBXBcPE5XAzskAynwpCv0YhziIxrpX+xnVm8hgLHMdkdPhQuCgMsGx0odc2mWRn78CneKLOyCTUXapNUDwQcxeksKyWiyhdNQ8B8GzrAUybFQSMX9+SRdS9eH0TQqxgIE4O6XOERJhgo6HSdA09qFSPUhDO2rD+U+1gJJzXRh0q+XuDURrBM7GKLyEhfk4Xuapc8wcAciP9+KxTwZGnM6OiNBEfeGYXqI3q0nL6mLacLok6fDfzWLOOfVgLEZXUUt7fBAlcV5kiISMz/30nsRI91QKiIZAXIVqd8agx9dAhUDH5pglzfvssfr0jBUy8casi+hT2C7FYnuzX64OAe+OWw7DzY/RgGEKHviZfnOwq4BVYy5cSeqOgxbBbwKWBDlngDum4qcTkGjIrJKDs3itg6bW1U84j/74YuY0JXiCqeJoTByIK685HIRVd5LFNbuzbgIJk0XHzgdSjrd6jhen13gr86HEnJzDkYA7r2/oWNMnD2WLMwFhyou0GiFUCN3MzykDOSGZyhIswl9AHn9+53PaNisg4mNEirpYDgRlp3vpKI9lv5Sc4I/Bvf2ZpPHahCzTFHBVYQcCgyT7z/ipRWcFXKhwdCzrI6FZALXEobb+8gLCzBcj+Ou4Zxvf85kaRmC3wz0ufUbFTHh64PzmFoeaqQrPobrATuK/5Ae+Nx7zY36TwiLJjO8+D+CJte5f+h9o779ZmQLMWJKQROYba7e6w7kOU1MkoZ7p/nizp49On8hdq9IPU9J9Q1gOVs+fx5zsW4Vd0H9Ex9HKFDbGok1v0BbBuxzwoa5zjzflLUZv1+rlyJkA7N1vnWgoJ4Cpf6/Ly3v3zqRl6x+GqItPVwtvGLEzjN5rmBo+izHnalKHdXsV6B+4cSBIpocS8eFwVbfrJfZ8nhWpBimyMFUyYiRrWPNgqnIbAtCpaMcwsUmODNLQwqYqWKMxxPL6TsDeniV/24tBroNoYcwOaLBlbRazdL2I119PFhOM3OJ0LnJCViJ/Swr7PP+UB78eIdkG08bUUgaGNWehzSCgcNOwzw7KxISGg6ll2vAxufDYIYM/APDPSNBz2YuFr+kGLJpP8asgSIvGVZOyTCFsTjifaZBbTEemSQRVWyWOUladUUsCrURMXABltulG1CrhFAAb4TKmRoyuF8KHMpJOYD5+vNhmaPmAIkd4U97tN8vD14Pq9AdNaFt5QXRHsxmHP+FYubecCR8P+qKQFrrbp+nSMolGpr+I/dIfk5hgsE4djtJ3Zi7JFLiWWjFuzEpbdSgdlRJDOjYKuEaqXOp4ehlLMGbsrDoDMcs
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_20E31A9044D44F55B67E6106DC9D9763teamneustar_"
X-OriginatorOrg: team.neustar
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR17MB3569.namprd17.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: aa3a4e1d-5642-46b8-0003-08d946353e4f
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jul 2021 19:34:34.1222 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 73a2bbc1-f307-47c4-8f94-5f379c68bc30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: HzweVxZNgGfu7TUnbFMg+jFydC+/bVqtoQuNWcQvsNY5vOkrBYPQId/2eWPEA0pwM/EfBxthc35KC/0cE7hHaNUaylIqa0uhaTtuvLBTYyI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR17MB2215
X-Proofpoint-GUID: nflS5g7N1An30ig-YR2fMqZG8LKj0g5E
X-Proofpoint-ORIG-GUID: nflS5g7N1An30ig-YR2fMqZG8LKj0g5E
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-13_12:2021-07-13, 2021-07-13 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=999 phishscore=0 lowpriorityscore=0 clxscore=1011 priorityscore=1501 impostorscore=0 mlxscore=0 spamscore=0 malwarescore=0 suspectscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=2 engine=8.12.0-2104190000 definitions=main-2107130122
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/AhxOlJRmLUM6mPrWHgOcSGqFeps>
Subject: Re: [stir] Interop related topics for STIR
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jul 2021 19:34:42 -0000

I think 1 needs to be fixed as an errata; it’s an actual bug in the current spec.  From my perspective, 2 and 3 are more “it would be nice” sorts of issues that we’d explore if we had some more substantial motivations to do an rfc8224bis – I don’t think they are worth doing a bis for on their own merits, especially not given the current state of deployment. 4 is not really a STIR issue, just a 20-year-old SIP issue that STIR is the latest thing to exacerbate. And as for 5, I’m not sure what the issue is… elaborate?

Jon Peterson
Neustar, Inc.

From: stir <stir-bounces@ietf.org> on behalf of Russ Housley <housley@vigilsec.com>
Date: Tuesday, July 13, 2021 at 11:57 AM
To: Roman Shpount <roman@telurix.com>
Cc: IETF STIR Mail List <stir@ietf.org>
Subject: Re: [stir] Interop related topics for STIR

Roman:

Assuming that others agree with the way forward, it seems that 1-3 are the start of 8224bis, and it seems that 4 might be a new Operational Considerations in 8224bis.

Again, assuming agreement on the way forward, 8226bis should reflect real implementation.  That said, 8226 also envisions finer granularity than we have seen so far.

I think a STIR Torture Test document would be very valuable.

Russ



On Jul 13, 2021, at 2:41 PM, Roman Shpount <roman@telurix.com<mailto:roman@telurix.com>> wrote:

I am moving this into a new thread.

So far the following RFC8224 issues were identified:

1. Errata regarding quotes in ppt value (Errata ID: 6519). Need to verify that both ppt values with and without quotes are supported when Identity header is received

2. Date header is required. It should probably be optional since the information there is redundant when the Full-Form PASSportT is used. Several known implementations omit it.

3. Should it be possible to omit ident-info and ident-info-params when the Full-Form PASSportT is used? All implementations I have seen include it, but there are occasional mismatches.

4. When SIP message is over 1300 bytes, the request MUST be sent using a congestion-controlled transport protocol such as TCP (https://urldefense.com/v3/__https://datatracker.ietf.org/doc/html/rfc3261*section-18.1.1__;Iw!!N14HnBHF!tV4SsYwrzg8SiWaONgDCbi9U_paK408AbdaBupJMXjx-FxLuoOcdqqJRQl4$ <https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/rfc3261*section-18.1.1__;Iw!!N14HnBHF!oAy6J5s7jZgI4_5_yZuq0vQqaQNof-Hm5As08cXc4f_4q6Ey-LKdpEIAy_v4cJVm6QTc4w$>). Considering that the Identity header is typically around 1000 bytes, this requires all networks to start using reliable protocols which is not currently the case. There is a way to work around this for the private links where MTU is under vendor control, but for links over the public internet, this needs to be clearly stated and tested.

5. I do not think RFC8226 reflects the actual practices for STIR certificates.

We should also consider an informational document with STIR Torture test messages as well as BCP.
_____________
Roman Shpount


On Tue, Jul 13, 2021 at 1:57 PM Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>> wrote:
I think that a SIPIT would be a very good thing, but that is not and IRTF activity.  That said, I would be very happy to use this list to know about a SIPIT once it is organized.
Are there other interoperability or ops-orient topics about STIR that needed to be discussed?  If so, please start a thread.

v2.23.0 | Report a Bug | By Email