IETF Logo Mail Archive

Re: [stir] Getting PASSPORT Published

Adam Roach <adam@nostrum.com> Fri, 22 February 2019 19:32 UTC

Return-Path: <adam@nostrum.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A376130EBA for <stir@ietfa.amsl.com>; Fri, 22 Feb 2019 11:32:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.68
X-Spam-Level:
X-Spam-Status: No, score=-1.68 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l2bdfgij3SGo for <stir@ietfa.amsl.com>; Fri, 22 Feb 2019 11:32:58 -0800 (PST)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAE8A130F70 for <stir@ietf.org>; Fri, 22 Feb 2019 11:32:56 -0800 (PST)
Received: from MacBook-Pro.roach.at (99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id x1MJWqJH073847 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 22 Feb 2019 13:32:54 -0600 (CST) (envelope-from adam@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1550863975; bh=dSlw/xnHSCR461Q0p1g3Ps0RZZ8MdoL52qlvZmqUkKc=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=HaTM8F+Zx563EkBm9oLZCeMMhQO665+gQsktdiUjizXxvdjdjANv7MLNeldz8pGuv Qe+gooZD23OwB33DV67yk8O/b+p4R2tg7KsEGcXYTi7HPky6vCTM76bxAtYaeoXNp8 MYQ52AxV3gOm3DqEdgJFRxEVP+KLLPuHCwFjtrBU=
X-Authentication-Warning: raven.nostrum.com: Host 99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228] claimed to be MacBook-Pro.roach.at
To: "Peterson, Jon" <jon.peterson=40team.neustar@dmarc.ietf.org>, "draft-ietf-stir-passport-shaken.all@tools.ietf.org" <draft-ietf-stir-passport-shaken.all@tools.ietf.org>
Cc: "stir@ietf.org" <stir@ietf.org>, Eric Rescorla <ekr@rtfm.com>
References: <17d7e50b-5012-74ec-d1a5-9c8b80d60f4e@nostrum.com> <3F73548D-63E9-4935-A27C-0BD7A9E89CA8@team.neustar>
From: Adam Roach <adam@nostrum.com>
Message-ID: <0f0c0664-e72f-b85b-1277-45e901e7c5c6@nostrum.com>
Date: Fri, 22 Feb 2019 13:32:47 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.5.0
MIME-Version: 1.0
In-Reply-To: <3F73548D-63E9-4935-A27C-0BD7A9E89CA8@team.neustar>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/D8Pca5XX3iLW50ZzpJVajqwhrpI>
Subject: Re: [stir] Getting PASSPORT Published
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Feb 2019 19:33:00 -0000

Copying EKR, as I'm not sure he reads the STIR list regularly.

/a

On 2/22/19 1:22 PM, Peterson, Jon wrote:
> I think the proposed privacy text is fine.
>
> In terms of whether this should be Info or PS, I think we're expecting that there will be a substantial amount of SHAKEN deployment out there before the end of this year. We wanted this documented here in the IETF because we wanted to make sure those PASSporT elements would be commonly understood by elements that receive them.
>
> Should privacy concerns prevent this from being something that gets the blessing of IETF consensus? On balance, I don't think they should. Practically speaking, these orig IDs are not the main PII worry here - the originating number, the thing STIR exists to attest, is far more revealing than an orig ID, which is in practice used something a bit more like a trunk group identifier. Carriers have the proper incentives to make sure that those orig IDs are not externally linkable. But if the worry here is that targeted or mass collection of orig ID can tell us something more interesting about the people placing communications than the calling party number, it's hard for me to see how that would be true. And even if it were, the text (especially the new version) is already telling people to keep this UUIDs opaque.
>
> Jon Peterson
> Neustar, Inc.
>
> On 2/21/19, 2:24 PM, "stir on behalf of Adam Roach" <stir-bounces@ietf.org on behalf of adam@nostrum.com> wrote:
>
>      [as area director]
>      
>      tl;dr: I'd like to propose publishing SHAKEN as Informational instead of
>      Standards Track, and tweaking the Privacy Considerations section.
>      Details below.
>      
>      
>      The draft-ietf-stir-passport-shaken document still has a DISCUSS
>      remaining on it from IESG evaluation:
>      
>      > I would like to discuss the privacy properties of origids. As I read
>      > this text, it does not actually require them to be unlinkable or that
>      > it not be possible to determine whether two ids represent the same
>      > person behind the origid generator, and I believe it should do so.
>      > Practically implementing that may require an ID that is longer than a
>      > UUID.
>      
>      
>      While it's true that this behavior is defined in the ATIS document,
>      publication of an IETF Proposed Standard carries with it the explicit
>      indication that the IETF as a whole (including the IESG during their
>      evaluation) thinks the approach being described is a Good Idea. In this
>      particular case, the fact that the underlying mechanism does not
>      inherently provide unlinkability for the underlying identifiers has been
>      identified as problematic.
>      
>      At the same time, I'll note that the primary reason for this document to
>      exist is to populate two IANA registries. Both of these registries are
>      "Specification Required," which doesn't require the publication of a
>      Standards Track document.
>      
>      An acceptable path to address this situation would be to instead publish
>      draft-ietf-stir-passport-shaken as Informational, and to tighten up the
>      privacy considerations slightly. I believe this could be achieved with a
>      small change to the final sentence of section 10; we would replace:
>      
>      >    If the operator of an element is concerned about the
>      >    correlation of 'origid' values, the element could be configured to
>      >    use a unique 'origid' value per call in such a way that the operator
>      >    can associate those 'origid' values to the correct element when doing
>      >    lookups in their backend systems.
>      
>      With:
>      
>      >    Absent a compelling reason not to do so, operators should configure
>      > their
>      >    network elements to use a unique and externally unlinkable 'origid'
>      > value
>      >    per call in such a way that the operator can associate those 'origid'
>      >    values to the correct element when doing lookups in their backend
>      > systems.
>      
>      
>      Does this sound like a reasonable path forward?
>      
>      /a
>      
>      _______________________________________________
>      stir mailing list
>      stir@ietf.org
>      https://www.ietf.org/mailman/listinfo/stir
>      
>
> _______________________________________________
> stir mailing list
> stir@ietf.org
> https://www.ietf.org/mailman/listinfo/stir

v2.23.0 | Report a Bug | By Email