IETF Logo Mail Archive

Re: [stir] JWT/JSON (was - Re: Review of: draft-ietf-stir-passport-05)

"Peterson, Jon" <jon.peterson@neustar.biz> Mon, 08 August 2016 22:36 UTC

Return-Path: <prvs=10288e920a=jon.peterson@neustar.biz>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2016C12D1B7 for <stir@ietfa.amsl.com>; Mon, 8 Aug 2016 15:36:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.701
X-Spam-Level:
X-Spam-Status: No, score=-102.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=neustar.biz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rs548c6EtwiB for <stir@ietfa.amsl.com>; Mon, 8 Aug 2016 15:36:28 -0700 (PDT)
Received: from mx0b-0018ba01.pphosted.com (mx0a-0018ba01.pphosted.com [67.231.149.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC7F412D0EE for <stir@ietf.org>; Mon, 8 Aug 2016 15:36:27 -0700 (PDT)
Received: from pps.filterd (m0078664.ppops.net [127.0.0.1]) by mx0a-0018ba01.pphosted.com (8.16.0.17/8.16.0.17) with SMTP id u78MX647008069; Mon, 8 Aug 2016 18:36:22 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=neustar.biz; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=neustar.biz; bh=19SRXnZ1b6fOi9lzYgJwyLvvL18DvpZmjszIlttgl04=; b=BKYGNmPFyVm6YjGCm7xKqlKeuN6FC7R9VFdHIbcdQrd3Mu7r0tf/Krm0t8joPDEwIwGJ APm11/5yobn8rAkDHBQhTdJ63ShNHGSVmtijrX/f0/pUDur+qDcUqnTfNfJ6Mf0xe7H3 u8zWAW6XbPN7AygHIwFKgmWVWKoINUNkGya2QoL+udzMFpMWz8LiMcOXPNiOVXnrDhRj 2uH32U9tOzEzfl7VuHP9tdupS9o3aHepDTdBkauBfMItnkCPlKpmO1GUUgvge+oDijyH 35gK6VJX9Cl8FJjsy2XPeawhT1Erg9tH5yXPWT2fft5oXwgtLAJyE7pmgo8e5WOhekfs /A==
Received: from stntexhc10.cis.neustar.com ([156.154.17.216]) by mx0a-0018ba01.pphosted.com with ESMTP id 24nahu6wmy-1 (version=TLSv1 cipher=AES128-SHA bits=128 verify=NOT); Mon, 08 Aug 2016 18:36:22 -0400
Received: from STNTEXMB10.cis.neustar.com ([169.254.5.94]) by stntexhc10.cis.neustar.com ([169.254.4.225]) with mapi id 14.03.0279.002; Mon, 8 Aug 2016 18:36:20 -0400
From: "Peterson, Jon" <jon.peterson@neustar.biz>
To: "dcrocker@bbiw.net" <dcrocker@bbiw.net>, Christer Holmberg <christer.holmberg@ericsson.com>
Thread-Topic: [stir] JWT/JSON (was - Re: Review of: draft-ietf-stir-passport-05)
Thread-Index: AQHR8brwrNk3cgxDsEaYkseWd4G+9KA/ZnIAgAB+ygD//4+QAA==
Date: Mon, 08 Aug 2016 22:36:20 +0000
Message-ID: <D3CE549C.1A6E8E%jon.peterson@neustar.biz>
References: <07e0eb16-6758-cdf1-c571-1f1ed768e741@dcrocker.net> <D3C152B2.1A69BA%jon.peterson@neustar.biz> <b096b541-c8af-9617-c9d7-5a1beb5230e8@dcrocker.net> <D3C16040.1A6A09%jon.peterson@neustar.biz> <d66d91f0-9ea2-6295-e749-e48ea37b4892@dcrocker.net> <cfd714ce-6145-1b60-aca2-ae702a8c133d@dcrocker.net> <7594FB04B1934943A5C02806D1A2204B4771FF73@ESESSMB209.ericsson.se> <5fdf4ad3-1528-3d79-6bdb-b5eb350e5c2a@alum.mit.edu> <dbb24381-55fd-fa64-d32b-fcc50265ccab@dcrocker.net> <7594FB04B1934943A5C02806D1A2204B47723C55@ESESSMB209.ericsson.se> <503738d8-c166-dfc1-d153-338d56b844c1@dcrocker.net> <7594FB04B1934943A5C02806D1A2204B4BBB1D69@ESESSMB208.ericsson.se> <51D45AE5-67D2-4120-BCA2-7BFC845E2126@neustar.biz> <fe9c9960-55f3-1187-f093-9adf13aaf841@dcrocker.net> <D3CE482C.1A6E69%jon.peterson@neustar.biz> <01df1722-2cb0-d238-dcb4-df101a657820@dcrocker.net>
In-Reply-To: <01df1722-2cb0-d238-dcb4-df101a657820@dcrocker.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.3.160329
x-originating-ip: [10.96.12.28]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <C089374B73D7C24F985814E625C5F563@neustar.biz>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-08-08_15:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1604210000 definitions=main-1608080243
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/Bw1MbR6MbUaJvCugqtIRI5--4Ls>
Cc: "stir@ietf.org" <stir@ietf.org>, Paul Kyzivat <pkyzivat@alum.mit.edu>
Subject: Re: [stir] JWT/JSON (was - Re: Review of: draft-ietf-stir-passport-05)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Aug 2016 22:36:29 -0000

>If there were a variety of specifications that used and benefited from
>all that generality, it might be defensible.  But the specifications in
>front of us today merely show added complexity, making concrete analysis
>challenging.

Actually, as I've also already pointed out, our charter constrains us from
working on the non-SIP parts until the "in-band" SIP using protocol is
complete. Which is why, as you say, some years have gone by and the SIP
use case is the only one we are putting forward for an RFC now. That said,
I could point for example to Cullen's rtcweb STIR draft as an example of
the direction the STIR work is going - the lack of discussion of that is
entirely an artifact of the charter here. This modularity is eminently
defensible.

>At that, it's pretty clear that the specifications in front of us are
>still significantly incomplete.  That is, they are insufficient for
>developing a working caller-id authentication service.

We still have some clean-up to do as a result of the last call comments, I
won't argue with that. And yes, we are trying not to drag our feet at this
point but to move aggressively to address something that the industry and
regulators are quite urgently demanding. But the strong claim that you
can't develop a solution based on this work has not been established by
your intervention, and would seem to depend much more on the likelihood of
implementation and deployment than your newcomer's impression of the
wisdom of the architecture. I've seen this code run myself. I hear a lot
of implementers and operators participating in this discussion who do not
share your anxiety on this point. Why do you know better than them?

Jon Peterson
Neustar, Inc.

P.S. 

>Consider that point a bit...  Over 90% of email traffic across the open
>Internet is still spam.  However the mail that comes in with SPF and/or
>DKIM protection constitutes a clean channel of authorized identifiers.
>Mail coming through that channel can be handled differently that mail
>coming through the messy, unauthenticated channel.

Once again, I see no reason to revisit this working group's consensus and
undo our years of work to start over with a technology that you helped
design for email.

v2.23.0 | Report a Bug | By Email