Re: [stir] I-D Action: draft-ietf-stir-enhance-rfc8226-04.txt

Russ Housley <housley@vigilsec.com> Wed, 30 June 2021 15:01 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 924B63A1F5A for <stir@ietfa.amsl.com>; Wed, 30 Jun 2021 08:01:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SBoRLKFatHkL for <stir@ietfa.amsl.com>; Wed, 30 Jun 2021 08:01:47 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 488833A1F5F for <stir@ietf.org>; Wed, 30 Jun 2021 08:01:47 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 04711300BA0 for <stir@ietf.org>; Wed, 30 Jun 2021 11:01:46 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id yr74rj-r9lYl for <stir@ietf.org>; Wed, 30 Jun 2021 11:01:40 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id 2921C300230 for <stir@ietf.org>; Wed, 30 Jun 2021 11:01:40 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Wed, 30 Jun 2021 11:01:39 -0400
References: <162506506832.28806.766683397539427463@ietfa.amsl.com>
To: IETF STIR Mail List <stir@ietf.org>
In-Reply-To: <162506506832.28806.766683397539427463@ietfa.amsl.com>
Message-Id: <EF3AFA6C-C284-41CF-98A2-65DDDCA653E7@vigilsec.com>
X-Mailer: Apple Mail (2.3445.104.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/DZOMw8EzfDYYMKTcWa69xuUaJC4>
Subject: Re: [stir] I-D Action: draft-ietf-stir-enhance-rfc8226-04.txt
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jun 2021 15:01:53 -0000

This revision includes all of the changes that have been discussed on the STIR WG mail list over the last week or so.  Hopefully pulling them all together now will make it easy for the IESG to see that their comments were resolved.

Russ


> On Jun 30, 2021, at 10:57 AM, internet-drafts@ietf.org wrote:
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Secure Telephone Identity Revisited WG of the IETF.
> 
>        Title           : Enhanced JWT Claim Constraints for STIR Certificates
>        Author          : Russ Housley
> 	Filename        : draft-ietf-stir-enhance-rfc8226-04.txt
> 	Pages           : 11
> 	Date            : 2021-06-30
> 
> Abstract:
>   RFC 8226 specifies the use of certificates for Secure Telephone
>   Identity Credentials, and these certificates are often called "STIR
>   Certificates".  RFC 8226 provides a certificate extension to
>   constrain the JSON Web Token (JWT) claims that can be included in the
>   Personal Assertion Token (PASSporT) as defined in RFC 8225.  If the
>   PASSporT signer includes a JWT claim outside the constraint
>   boundaries, then the PASSporT recipient will reject the entire
>   PASSporT.  This document updates RFC 8226; it provides all of the
>   capabilities available in the original certificate extension as well
>   as an additional way to constrain the allowable JWT claims.  The
>   enhanced extension can also provide a list of claims that are not
>   allowed to be included in the PASSporT.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-stir-enhance-rfc8226/
> 
> There is also an htmlized version available at:
> https://datatracker.ietf.org/doc/html/draft-ietf-stir-enhance-rfc8226-04
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-stir-enhance-rfc8226-04