IETF Logo Mail Archive

Re: [stir] Making STIR SIP messages smaller

Alec Fenichel <alec.fenichel@transnexus.com> Tue, 13 April 2021 02:31 UTC

Return-Path: <alec.fenichel@transnexus.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37F1A3A0D70 for <stir@ietfa.amsl.com>; Mon, 12 Apr 2021 19:31:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=transnexus.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id myOgLE7SKrtv for <stir@ietfa.amsl.com>; Mon, 12 Apr 2021 19:31:09 -0700 (PDT)
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2071.outbound.protection.outlook.com [40.107.92.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C009D3A0D6F for <stir@ietf.org>; Mon, 12 Apr 2021 19:31:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PzOXjyuG4jCe/Uik+uIezbPh3uqTSo5jam8tLPr63xBePPQS3lxOi2pmKDs029Dl70DpsiwSKepJD8fBH93X69v7eS1oqfSuJMhTlkgccBGDRQNgyzQtcXeNIGOay2Rdzrb4a6lkDoO1/rFmcOCxvUp1FE0VassbVEZNwDtTIoChx0YBa4tHBCFH7G0dTF/2+QeNaDD+D6iiA1NLmiOi08eC376DpYTpZ1SbIOPzNFVTA35ung/TND+yVQZ0x6XRDMheg/wpE4SZYhi3vV4YiFGCmFEGa+182CrlAhjbHx3zPG/d0iVUI6c5S5C/VDwA6SdJzMdCOANRhxZL21DbEw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NXRtOMtbfVmSWH9p79h4ZtqLE01yrvXCKjIGftcUkhI=; b=Q2bANM2SvnmP5OerOWNa4KBjycNkXYf4QpBiDb6xxxI5X1tQ3vaSSVXEnsdc1aWPXNqtdd9HECvvLYz9bH0aYC11CHVTj88i1gQ3IvpQZJEhNbWIA3+j+EvkJSEuSv1nTtfL2oyRhsYgz8/mLzYlTKLXQbzc17Zpg7MruMAkyw7z3wfvBXGrUTLJ+lC+b1WepLdQMTdUZbu7IVR4dNMLD4gA1KW5JBjETJ4u8Cyb2RhQLG+pordZ7COQN9BDpoxkpYPIPwfFh9zJYIE/86zspxUlhW7V2e+tkEyzDjldfU8+goC0B34fCmzVt61tDGDnKgNbPKbz0IDyjy4sw2UH+g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=transnexus.com; dmarc=pass action=none header.from=transnexus.com; dkim=pass header.d=transnexus.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transnexus.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NXRtOMtbfVmSWH9p79h4ZtqLE01yrvXCKjIGftcUkhI=; b=cLDv8ZxjPFCgALhyhEHSe5KiAD/b/TNoA4YDAUmJRnLGIsKrSCqUO9AI+PN9TnZHrW9g+Ttv3XV1nJ/XYaS+TdFdnrigWJpSYN/r4DO4JI9rKAXQHVYY8Q2CItOKMWlF/wgWNwXEdjAGzybXwt+3AK6gWwDnH1NGog+emc4IqLc=
Received: from BN6PR11MB3921.namprd11.prod.outlook.com (2603:10b6:405:81::20) by BN9PR11MB5244.namprd11.prod.outlook.com (2603:10b6:408:135::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4020.18; Tue, 13 Apr 2021 02:31:04 +0000
Received: from BN6PR11MB3921.namprd11.prod.outlook.com ([fe80::848e:acea:1d08:c4a1]) by BN6PR11MB3921.namprd11.prod.outlook.com ([fe80::848e:acea:1d08:c4a1%3]) with mapi id 15.20.4020.022; Tue, 13 Apr 2021 02:31:04 +0000
From: Alec Fenichel <alec.fenichel@transnexus.com>
To: Roman Shpount <roman@telurix.com>
CC: Chris Wendt <chris-ietf@chriswendt.net>, "stir@ietf.org Mail List" <stir@ietf.org>, Marc Petit-Huguenin <marc@petit-huguenin.org>, Christer Holmberg <christer.holmberg@ericsson.com>
Thread-Topic: Making STIR SIP messages smaller
Thread-Index: AQHXL++Xl7pzr7XMxE+dHwxRsHcdu6qxgX8agAAkBICAAASafw==
Date: Tue, 13 Apr 2021 02:31:03 +0000
Message-ID: <BN6PR11MB392170A4D015C72F0E19C8BD994F9@BN6PR11MB3921.namprd11.prod.outlook.com>
References: <adc8bd10-a04d-aff5-e03f-183f0d59c22c@petit-huguenin.org> <CAD5OKxvqYSRjaA_eR=nX4sNgTbAtQ3dSqqgAe0-y9EzbA-dRug@mail.gmail.com> <AM0PR07MB386063A2162B5C07319225D393739@AM0PR07MB3860.eurprd07.prod.outlook.com> <CAD5OKxuyT4bmNBYgSMN-9M-c1Tr=gO1rQAg1D7xGSYx=bP9K3A@mail.gmail.com> <5308A309-85DC-4440-ABE9-6C1EEB4E0FEE@chriswendt.net> <CAD5OKxsRh5pgYbc6ULL2c7nCUuAfQiM=r78vxkd0WWg0veDkjA@mail.gmail.com> <E0562367-B7E8-4935-A71A-60D2C105F850@chriswendt.net> <BN6PR11MB39211A0A9BB35EB34E1789C599709@BN6PR11MB3921.namprd11.prod.outlook.com> <19194256-B61E-47D6-B1F6-5317F2F7BE90@chriswendt.net> <BN6PR11MB3921F5DBEA3719F5DB0C31BC99709@BN6PR11MB3921.namprd11.prod.outlook.com> <CAD5OKxsswce0vHSZdc1UYS6ie2D7ut6ZDmc8MUX7Jnzyim9utQ@mail.gmail.com> <BN6PR11MB3921D6F56388B75A47599A2299709@BN6PR11MB3921.namprd11.prod.outlook.com>, <CAD5OKxuQ5iA7tW7kD-97KQVGhF_2uX5gQBP=0EEL4bK1+iX+FQ@mail.gmail.com>
In-Reply-To: <CAD5OKxuQ5iA7tW7kD-97KQVGhF_2uX5gQBP=0EEL4bK1+iX+FQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: telurix.com; dkim=none (message not signed) header.d=none; telurix.com; dmarc=none action=none header.from=transnexus.com;
x-originating-ip: [71.199.144.180]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 93ca1f8f-aab4-4420-aa3e-08d8fe242f61
x-ms-traffictypediagnostic: BN9PR11MB5244:
x-microsoft-antispam-prvs: <BN9PR11MB5244C4D5C6B35264E28D7252994F9@BN9PR11MB5244.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: mpqHtAfaCNGH/AkGSjbiaWBHy04Zt7iTX2TjN06/guitDFRFRFYiClkEQzuk9aVOyYt0JXi/1lCTHPZTO8tE1QIR9cyKoFK5tSciylTFXZVxrAPDk3d7rGiEWKrHj2JP+eqPcW0Gd6FC9UA4nP+r+u4OVUe687TlYOWLEZb+qIkGK6gSOUJAvOd2lGQhaBZ+T+PePOd+396+Bt6GgV6uzhN/iVe4N0aEcvmD2Yi3KRVsYVn6gY1yEutoXpFJYcekMThdLLzEUPXEb86GumKzs/no/NXrYuz/ZfmWaxGAs75IBQsg33QKdmItgt+W8hcHttdMBmls4EPw/sJ2aurWAwhnoNVaQMDGKqM9mj9zgslqC4x9QGm+E5vqyoX3CL4sXWbkS5h/eApXWwxzhBeH05HjqbUirVi7OvPhNMaRrbPeKcKn3ikC/IKGZwJzQIbs0wCZ5oevvqZMx41/4qZ6+Lqpcmh7bH0TBbZAcNrrZRzPywywtHxEaIjYDdrJd+0bYhLEm3Y3FcxVBNLjPqQU2odxqhBBhD/bm3WYwNF+jBoCxjY5wPln2WmwPPnJgWzRtzYGUoIDSbVdpF0C4Cz+EAsh+d+xY+FyU9ZzQa0U8Mf0xmCI+8X7tPTGk5ET8z1As4NlgkARxLMpZBm1ScL9yLL68e6tAiQkZ4Sa3/wb501ErIpUt58MmHcQqqte4woH
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN6PR11MB3921.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(366004)(136003)(39840400004)(376002)(396003)(44832011)(2906002)(33656002)(8676002)(8936002)(54906003)(71200400001)(66476007)(9686003)(26005)(122000001)(66574015)(52536014)(5660300002)(7696005)(66556008)(38100700002)(83380400001)(316002)(4326008)(6916009)(186003)(53546011)(86362001)(99936003)(66616009)(55016002)(15650500001)(76116006)(66946007)(64756008)(66446008)(478600001)(6506007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: wKxwSYdk1Q9W+AOg8AlZ/8lEAbvYU7VLZ+GHdk1YkFBwF4YmbVKVtv/z5t1dcI4Geo8ViO6bc2NDpXoKH2xS1e8flHo6u8tCZ0yb1XKA48ifVSrAXlNr/Xh3Vn5IDwevCSl6JNud92IFW8zaff5LeH2q8SD934GYTcRnYi9vg6dTFiw1kxOYefSgFmtPpvhJB95mQQpgcemIzCEWD1dEWXu2lb9otuwQhS6JCY5KZIHupQeMPkQHK9ZSSsNpt4W6TDHtloeF3Em/C7237knQXEoNfpsVDob3irQe6QZ+AM/EfSUiTdYb6zGtp11IRJRE/Cvaxfx09+gR6CGqs+cs9ht0r52AnXrTxE14INol8x6fpA+OtF8i2kj6QSa4fUtq64HpE10tCx676N8y8s+3MqP6Q85A0TK0GmOH1myzrQlz/QKVlSsVOzCAZVzuy8m2dTGQGEHeOSRKGyHrpxEGYUlZ1Oj4YIbEp6pS/2iD1cRA3lOSKdkaT/kC7CVou6ftGVcQTtDYLvKTfxigk51Nv9+do/HjaNvlnGUREqnGG3VyAx+2MLyQgHQh380GDgS+V+FVrdSGdubOV0+Dpz/XXsDLkU28qJDIAuLclr3tCNzhmC0zZnJ5iQZAYn295nepRyHe1QeoF4oUyYfjjIWTGcy48yq7yRDu9nI3Il9EJoINk78dHNGYc/6UZV/OtB9szw4BF05TxC+YhQ/jnAb1cIivvP8n1lU1nKPHlfLqreLu5ueGMfmQASQqliK/s0pro3ZxOJfb8fEGL+T69rp5TePyWzQuBlhksGlx9TVvNlvo9tLkL6J9XmFKRzBk5dnH6PJzRjXXF063U7/HrxIq1v8tRiUBXfP21j9zZAxchY/TkvGWn7TXaOAT592brOwgG3KpgpB97BBfjOL8AY4hmOueKpD/+GSqGKuDoEA2amLq3bRgLE9KHyfBoRufWflkEhn73x2O2RR0RghTf1B9cosdq7kTWfqqGPyJtgiXDEmNVfUhg640SGTUfa4DT0fE43VNk4gJuSPy3ibIZnCyM29bJ0wGyhTvwmsYZG2mrjgeJQ8Zt6u+BDXEWOmwKAi/wvj33+PZfG9MzHcf1CZxlHsbXNXXVsfyFIUoi9nIl2Zh3B8WVScAbZ51orXy10YlSzR8mqEKH+gIHJGdsgArK2X9E3PHNQAL0BbeRSw5S/JESXMdzB6bzWSdKi55Pe98+G0j5j6nKApUKIx0hCqwyU38pO3DJa1zXsXPqLPJMwz3Cj+Q5BNPwoEP8neD+KxYqBwzbNocSM37Xr+oS3enHxpXQslTpkCt5qZrcRwcJpbQ8mGvCa8gPHNgysC/1EHj5z8tAHuBLYN8gAE/twbOUw==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha256"; boundary="_2599E965-A762-C54D-AD0E-DCEE799FCC21_"
MIME-Version: 1.0
X-OriginatorOrg: transnexus.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN6PR11MB3921.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 93ca1f8f-aab4-4420-aa3e-08d8fe242f61
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Apr 2021 02:31:03.7933 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8e2972a2-d21d-49ac-b005-18e8ceaadee3
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: o3cUkHOv+gzcE0TVMUFZFQiVLCEiEkKwWu0caCRD6Xt9svQGbDVH8SZ7Xv1k/uU0ouLXkTih4EvXTShRq0xOprS+qkdrumizdgZ49J7JxL0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN9PR11MB5244
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/Da3MXViYKjy2HL2mqySUH33L9us>
Subject: Re: [stir] Making STIR SIP messages smaller
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Apr 2021 02:31:14 -0000

Roman,

 

I’m not following how “info” would identify the header as containing a JWT. The “info” parameter contains a URL which could be used by a JWT or something else.

 

I don’t disagree that some implementations have issues when MTU is exceeded because they either don’t support TCP or don’t handle fragmentation properly. That being said, I wouldn’t call it broken. In my experience, most implementations handle packet fragmentation as long as the packets arrive in order. If the packets arrive out of order, they are generally discarded but then they are retransmitted because a SIP ACK is never sent. Even over the internet, packets arrive in order the vast majority of the time, so retransmissions work well. At the end of the day, calls complete without issue.

 

As far as TCP goes, I can only think of a one common network element that doesn’t support TCP (it actually does support TCP, but the TCP stack is broken, and the manufacturer doesn’t appear interested in fixing it). However, even that device doesn’t really count as it is a switch, so it was never intended to be used at the network edge. Fragmented UDP is used between the switch and the SBC (this isn’t a problem because packets almost always arrive in order over LAN connections and again, retransmission address anything that doesn’t). TCP can be used between the SBC and the SBC of the other network. Although again, I see fragmented UDP used more often than TCP.

 

But not of that really matters, the point I am trying to make is that compact form PASSporTs don’t save that much space over full form PASSporTs. So given the increased brittleness, I don’t think compact form PASSporTs are worth it. Example:

 

Full form (415 bytes):

 

Identity: eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly9jZXJ0aWZpY2F0ZXMuZXhhbXBsZS5jb20vZXhhbXBsZS5jcnQifQ.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyIxOTAzMjQ2OTEwMyJdfSwiaWF0IjoxNTg0OTgzNDAyLCJvcmlnIjp7InRuIjoiMTIwMTM3NzYwNTEifSwib3JpZ2lkIjoiNGFlYzk0ZTItNTA4Yy00YzFjLTkwN2ItMzczN2JhYzBhODBlIn0.EMfXHyowsI5s73KqoBzJ9pzrrwGFNKBRmHcx-YZ3DjPgBe4Mvqq9N-bThN1_HTWeSvbruAyet26fetRL1_bn1g

 

Compact form (231 bytes, assuming \r\n newlines and “attest=A” is used to convey attestation)

 

Session-ID: 4aec94e2-508c-4c1c-907b-3737bac0a80e

Identity: ..EMfXHyowsI5s73KqoBzJ9pzrrwGFNKBRmHcx-YZ3DjPgBe4Mvqq9N-bThN1_HTWeSvbruAyet26fetRL1_bn1g;info=<https://certificates.example.com/example.crt>alg=ES256;ppt="shaken";attest=A

 

So, for a SHAKEN PASSporT, it would save 184 bytes to use compact form. That isn’t nothing, but I don’t think it is worth it.

 

Sincerely,

 

Alec Fenichel

Senior Software Architect

alec.fenichel@transnexus.com

+1 (407) 760-0036

TransNexus

 

From: Roman Shpount <roman@telurix.com>
Date: Monday, April 12, 2021 at 21:17
To: Alec Fenichel <alec.fenichel@transnexus.com>
Cc: Chris Wendt <chris-ietf@chriswendt.net>, stir@ietf.org Mail List <stir@ietf.org>, Marc Petit-Huguenin <marc@petit-huguenin.org>, Christer Holmberg <christer.holmberg@ericsson.com>
Subject: Re: Making STIR SIP messages smaller

Alec,

 

I think the "info" header was required to identify the type of Identity header so that, in the future, you can switch to something different from JWT.

 

I understand the desire to pass a lot of information, including "nam" and "rcd," when setting up the call. The problem is SIP over UDP was not designed to pass the unlimited amount of information. A lot of current deployments in the field support UDP only. If the INVITE message becomes bigger than the UDP MTU, these deployments break. If you need to pass additional data with the SIP call where you do not control the entire network along the way, it should be passed out-of-band. In the perfect world, we would be using SIPS right now, but this is not the case.

 

The other solution would be to switch everything to passing Identity OOB, similar to PSTN, and only use the Identity header within a controlled network where its delivery can be guaranteed despite the size.

 

As this solution stands right now, it is simply broken.

_____________
Roman Shpount

 

 

On Mon, Apr 12, 2021 at 7:53 PM Alec Fenichel <alec.fenichel@transnexus.com> wrote:

Roman,

 

One of my concerns with switching to compact form is that every SIP device in the call path needs to support passing every single header used to convey signed information. If just a single header conveying signed information is lost or changed, then the PASSporT verification will fail. And every time you add a new header, the PASSporTs are unusable until every transit provider in the call path supports passing the new header.

 

Also, it doesn’t work for TDM calls. OOB can get the PASSporT across the TDM, but it isn’t intended to get all the SIP headers conveying signed information across TDM.

 

Finally, right now, we often include “rcd” “nam” claims in “shaken” PASSporTs. I don’t think you can include “rcd” information in a “shaken” PASSporT using compact form. The TSP doesn’t know that the display name was part of the PASSporT and would generate the wrong PASSporT causing the verification to fail. And you would lose the ability to use longer than 15 character “rcd” “nam” claims because putting more than 15 characters is the From/PAI display name often results in it getting truncated during transit. This would break verification as described above.

 

I think the Date header should be optional. I agree that we should stop duplicating information. But I think we should do this by only transmitting information in the PASSporT as opposed to only in SIP headers. I know using SIP headers would ultimately be smaller than PASSporTs, but I think it is too brittle.

 

Hence my comment, I think we should make “info”, “alg”, and “ppt” all optional and we should not use any of them in the examples to promote implementations not to use them. The exception being when the example shows compact form PASSporTs, obviously they need to be included.

 

Sincerely,

 

Alec Fenichel

Senior Software Architect

alec.fenichel@transnexus.com

+1 (407) 760-0036

TransNexus

 

From: Roman Shpount <roman@telurix.com>
Date: Monday, April 12, 2021 at 19:00
To: Alec Fenichel <alec.fenichel@transnexus.com>
Cc: Chris Wendt <chris-ietf@chriswendt.net>, stir@ietf.org Mail List <stir@ietf.org>, Marc Petit-Huguenin <marc@petit-huguenin.org>, Christer Holmberg <christer.holmberg@ericsson.com>
Subject: Making STIR SIP messages smaller

Alec,

 

I agree that we need to figure out a way to make Identity headers smaller. As it stands right now, the Identity header with "shaken" PASSporT type adds around 600 bytes to an INVITE message. This makes typical SIP INVITE messages go from around 1K in size to 1.6K, which is bigger than the UDP MTU. Going over UDP MTU causes SIP trunks to either switch to TCP (in places where TCP was never used) or to experience sporadic call completion problems (when a call goes over an Internet service providers that does not deliver fragmented UDP messages). This is causing major breakage in SIP VoIP networks right now as STIR/SHAKEN is getting deployed. It is a big enough problem that we see a change in call completion statistics in the US.

 

I would argue that instead of making info parameter optional, we need to make iat and attest claims SIP Identity header parameters and recommend switching to compact Identity header form. We can move origid into Session-ID header (RFC 7989). We should also make the Date header optional since it is redundant when iat is present. This should save around 300 bytes per message which should make INVITE messages less than the UDP MTU.

 

I know this is very late in the process, but I simply do not see how the current implementation can be safely deployed in its current form.

 

Best Regards,

_____________
Roman Shpount

 

 

On Mon, Apr 12, 2021 at 5:39 PM Alec Fenichel <alec.fenichel@transnexus.com> wrote:

I guess what I am trying to say is that I think we should remove ppt from the examples because as you say, people tend to code to examples and smaller Identity headers would be ideal.

 

I don’t mean to hijack this thread, but I have been meaning to bring this up anyways and it is related. Is there a reason I’m just overlooking for requiring the “info” parameter when a full-form PASSporT is used? If not, can we make it optional? The reason I ask is that with OOB, the transit provider receives a PASSporT out-of-band and then needs to construct an Identity header. Because of the “info” parameter requirement, the transit provider must decode the PASSporT in order to determine the “info” parameter. This is the only reason that a transit provider needs to decode the PASSporT. This isn’t difficult so it doesn’t really matter, but I figured I’d ask about potentially making the “info” parameter optional. Also, it makes the Identity header smaller which is always a good thing.

 

Sincerely,

 

Alec Fenichel

Senior Software Architect

alec.fenichel@transnexus.com

+1 (407) 760-0036

TransNexus

 

v2.23.0 | Report a Bug | By Email