Re: [stir] Interop related topics for STIR

Chris Wendt <> Tue, 13 July 2021 20:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5F8FF3A1933 for <>; Tue, 13 Jul 2021 13:29:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.796
X-Spam-Status: No, score=-1.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id NoTMS24-FWrM for <>; Tue, 13 Jul 2021 13:29:01 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::f31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2DFE43A1932 for <>; Tue, 13 Jul 2021 13:29:00 -0700 (PDT)
Received: by with SMTP id ck17so10553088qvb.9 for <>; Tue, 13 Jul 2021 13:29:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=7s+SCsRuuG8g6RO3JoVGhwtCXC41MOwrAurCbWXlXYI=; b=J1HUFP+C1t5H80tRrGw2p22mgsFYBz/5RFumKyIhqjp+3jMGPuagGSU6T+5R4EM6Zb Y4BK4U9xWH17cFc5jpDWQIFmk/OtMradx+DnXVCjFI3YCE5wh0wGAVLjD1yecV+zKwMA PYwrRXkyZosCg65LA/8XAPaabCxMBCIBQVSvRSgjTaf7Bqa6bk7VyAdIXSKgyXUV59Ic zGFPEhXWNXVhfYr++EvUR3uVgqGtxdA2s8on+HW273O2I43v/KqAw5PrG4dySbSo+WEu U+KvKvgecOUf57QFcomEojY3gideTUq2xHIqFkokl11N5Lto7lNKzVP1xMdKU4d75ziT DAUg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=7s+SCsRuuG8g6RO3JoVGhwtCXC41MOwrAurCbWXlXYI=; b=MaauryX/LCnJa6+KcRXny/WaBymYb1H1EjbjvwEfqyFWzHJYdl9EsItyLdmLmXQsFC lfuqFa5YpQWpBprx7FsLuw/6vIHz6Du9pOSwguJVQmDNFknO3c2cYe5e+tFMwdwBiPIX eGuinEPFxJqdQtyRTiWJF7Va9gce6QqL893rRtGlC4d0DpNHqUClbrseNItU9MQ0vAqP 9U6KwmpcsYaO8+lUnAOVD7taySeI8LVDRifOVnXe0VrjszcpP1FvaKAzeYGRE0lHXZzp 5mrs0Qg9xkq598EWg/TLLvG5AG271MabZ4dsqVJOs2fZXHv7EYVgAbfs8qYE9j0sAxmB fr7Q==
X-Gm-Message-State: AOAM531Xk9FDCNRPvY/5xksOpAZboiCsazppdACap1vU2eCMxDWUKLJj p8cAEHIeoRfdECbRfgQmP9uGvA==
X-Google-Smtp-Source: ABdhPJw4q2fs/3pjgiTdATC9O/y/mx+61saXtIAOXRq8FYlVyF2NMPcDF02UQ6U3jjoA7wkIRX2GTw==
X-Received: by 2002:a05:6214:d49:: with SMTP id 9mr6896239qvr.30.1626208139315; Tue, 13 Jul 2021 13:28:59 -0700 (PDT)
Received: from ( []) by with ESMTPSA id i15sm8274739qkk.51.2021. (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Jul 2021 13:28:58 -0700 (PDT)
From: Chris Wendt <>
Message-Id: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_786B2587-09F3-49E8-8D5F-7AFC06AA19D5"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.\))
Date: Tue, 13 Jul 2021 16:28:57 -0400
In-Reply-To: <>
Cc: "Peterson, Jon" <>, Russ Housley <>, Roman Shpount <>, IETF STIR Mail List <>
To: Christer Holmberg <>
References: <> <> <> <> <> <> <>
X-Mailer: Apple Mail (2.3654.
Archived-At: <>
Subject: Re: [stir] Interop related topics for STIR
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 13 Jul 2021 20:29:07 -0000

Agree with Jon and Christer's comments, 1 we all agree on as discussed in meeting, but 2-3 and 5 are news to me, 2 is an important part of replay attack, could it be done in other ways, perhaps, but i think it’s a little late for that conversation at this point.  In US at least, there is a highly significant percentage of calls being signed as we speak, particularly after the June 30 deadline and these issues haven’t surfaced in IPNNI discussions, interop forums and real-world usage to my knowledge and i’ve been paying pretty close attention to this :)


> On Jul 13, 2021, at 4:03 PM, Christer Holmberg <> wrote:
> Hi,
> Regarding 4), I agree with Jon. As I’ve said before, a SIP message can exceed 1300 bytes even without STIR. If the usage of TCP for SIP needs to be better explained, that belongs to 3261 (or, perhaps a generic TCP-for-SIP draft).
> Regards,
> Christer
> From: stir <> On Behalf Of Peterson, Jon
> Sent: tiistai 13. heinäkuuta 2021 22.35
> To: Russ Housley <>om>; Roman Shpount <>
> Cc: IETF STIR Mail List <>
> Subject: Re: [stir] Interop related topics for STIR
> I think 1 needs to be fixed as an errata; it’s an actual bug in the current spec.  From my perspective, 2 and 3 are more “it would be nice” sorts of issues that we’d explore if we had some more substantial motivations to do an rfc8224bis – I don’t think they are worth doing a bis for on their own merits, especially not given the current state of deployment. 4 is not really a STIR issue, just a 20-year-old SIP issue that STIR is the latest thing to exacerbate. And as for 5, I’m not sure what the issue is… elaborate?
> Jon Peterson
> Neustar, Inc.
> From: stir < <>> on behalf of Russ Housley < <>>
> Date: Tuesday, July 13, 2021 at 11:57 AM
> To: Roman Shpount < <>>
> Cc: IETF STIR Mail List < <>>
> Subject: Re: [stir] Interop related topics for STIR
> Roman:
> Assuming that others agree with the way forward, it seems that 1-3 are the start of 8224bis, and it seems that 4 might be a new Operational Considerations in 8224bis.
> Again, assuming agreement on the way forward, 8226bis should reflect real implementation.  That said, 8226 also envisions finer granularity than we have seen so far.
> I think a STIR Torture Test document would be very valuable.
> Russ
> On Jul 13, 2021, at 2:41 PM, Roman Shpount < <>> wrote:
> I am moving this into a new thread.
> So far the following RFC8224 issues were identified:
> 1. Errata regarding quotes in ppt value (Errata ID: 6519). Need to verify that both ppt values with and without quotes are supported when Identity header is received
> 2. Date header is required. It should probably be optional since the information there is redundant when the Full-Form PASSportT is used. Several known implementations omit it.
> 3. Should it be possible to omit ident-info and ident-info-params when the Full-Form PASSportT is used? All implementations I have seen include it, but there are occasional mismatches.
> 4. When SIP message is over 1300 bytes, the request MUST be sent using a congestion-controlled transport protocol such as TCP ( <>). Considering that the Identity header is typically around 1000 bytes, this requires all networks to start using reliable protocols which is not currently the case. There is a way to work around this for the private links where MTU is under vendor control, but for links over the public internet, this needs to be clearly stated and tested.
> 5. I do not think RFC8226 reflects the actual practices for STIR certificates.
> We should also consider an informational document with STIR Torture test messages as well as BCP.
> _____________
> Roman Shpount
> On Tue, Jul 13, 2021 at 1:57 PM Russ Housley < <>> wrote:
> I think that a SIPIT would be a very good thing, but that is not and IRTF activity.  That said, I would be very happy to use this list to know about a SIPIT once it is organized.
> Are there other interoperability or ops-orient topics about STIR that needed to be discussed?  If so, please start a thread.
> _______________________________________________
> stir mailing list