Re: [stir] Proposal for update of erratum #6519

Alec Fenichel <alec.fenichel@transnexus.com> Tue, 20 April 2021 14:59 UTC

Return-Path: <alec.fenichel@transnexus.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A19E83A2718 for <stir@ietfa.amsl.com>; Tue, 20 Apr 2021 07:59:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=transnexus.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zjnisqyM50nd for <stir@ietfa.amsl.com>; Tue, 20 Apr 2021 07:59:03 -0700 (PDT)
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2075.outbound.protection.outlook.com [40.107.237.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 687863A2715 for <stir@ietf.org>; Tue, 20 Apr 2021 07:59:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GG0cDVC+1Pp4VW/JVqKGYIhqUSuoScFaBijtBqH8n5VQHosAdsrbjNpgFZeyEhh05yLSvkwC3fzEIXWHL0v/2d/fyuMYK0/1sALW5RhkE4CQ6h+MZpgtO3vxDYE0VT6FAi4G0quogjib+vxawyHszp2bpNlYxIQy2HXUAdUjFR8ZPoCIoeL2fQIZs/daGoOGga7+KMCI7eejgNBRJUyKPb+huCFLq1R+q/hlfr7R4Fs/67B2MIn+LlC8Xrrvvijf+xcxeNwqyG5FXuModc4HzxRsc/vQZAwrCDV5ipJ+gBOXHJXJv8jTbo8vJIFkY7V2dfQ+AHcJPvTmF5vVUP0LQA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cpVwdRVxe8o103Fuexs5EI9agnYVwveZ/1NNWP9mLIE=; b=kSb66EQh+xyN1Ny93ukpYt3AX+dh+cVzaG+sC7uv6uQnJwThpz0V1WPeDWdtiFPdDEFcXt3dGs1IYWkQZwJYh5Q6GF/ARieO4Mxcv7RlI40cR+O/Qc92VLuyzKYRG80zaOYVHblWSgpfk0tMPUP3HZP5vZok+FK02gwrJJc2t++NckfjwxD5XQ8krMDOO1EMVZDBXlj7CWimxrpCBElfN4XcdypkkYc8MnzqyuE8FtE9+mCT/0+IxLlhqiGYHWe0jfqQ/QsoCUoPstalcz5ZPdrYgmOSxJd3vO75qha72JB13Lm9deTCWb2ay1Mi/7xUAz8oopHxpeDKd9YsoNavXw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=transnexus.com; dmarc=pass action=none header.from=transnexus.com; dkim=pass header.d=transnexus.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transnexus.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cpVwdRVxe8o103Fuexs5EI9agnYVwveZ/1NNWP9mLIE=; b=RkCdldOgGlCO8+OkPOgx+Liy/2foRMor8TZGPJeUzd2M6RTqdWmkVPNx06fVl6xgGJxg4aOgq58QTE0neE8vf4pasT7qlkbQwJoGsDivjWIr8RFbPfsO7wea5Vj8Yu1OU1LpBUKf0pTQ2uPN9qjsSn0ZhLPa70WKQrv1uxr12S4=
Received: from BN6PR11MB3921.namprd11.prod.outlook.com (2603:10b6:405:81::20) by BN6PR1101MB2260.namprd11.prod.outlook.com (2603:10b6:405:53::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4042.16; Tue, 20 Apr 2021 14:58:58 +0000
Received: from BN6PR11MB3921.namprd11.prod.outlook.com ([fe80::848e:acea:1d08:c4a1]) by BN6PR11MB3921.namprd11.prod.outlook.com ([fe80::848e:acea:1d08:c4a1%3]) with mapi id 15.20.4042.024; Tue, 20 Apr 2021 14:58:58 +0000
From: Alec Fenichel <alec.fenichel@transnexus.com>
To: "Peterson, Jon" <jon.peterson=40team.neustar@dmarc.ietf.org>, Roman Shpount <roman@telurix.com>, Marc Petit-Huguenin <marc@petit-huguenin.org>
CC: IETF STIR Mail List <stir@ietf.org>, Russ Housley <housley@vigilsec.com>, Christer Holmberg <christer.holmberg@ericsson.com>
Thread-Topic: [stir] Proposal for update of erratum #6519
Thread-Index: AQHXNGtEYP84hmYi3EufgV06U9MN4Kq8DuYAgAAaegCAAAOBgIAADd+AgAAs2wCAAB63AIAAIcUAgADW8oCAAACy7A==
Date: Tue, 20 Apr 2021 14:58:58 +0000
Message-ID: <BN6PR11MB39216109781BE5DE5C35AB6399489@BN6PR11MB3921.namprd11.prod.outlook.com>
References: <42e964d3-2a16-660b-f8b4-fd9daedad115@petit-huguenin.org> <AM0PR07MB38604255784FF9E621257B2D93499@AM0PR07MB3860.eurprd07.prod.outlook.com> <3d8e2fce-d124-99b9-e295-734a36ad564a@petit-huguenin.org> <7558AA11-A7F9-4091-BFD3-F42C742AABAE@vigilsec.com> <167dde10-f242-2b6f-a7ce-96991158589a@petit-huguenin.org> <CAD5OKxvkN+BSY0XuBmfApDDWOLhqCLLFuQgVQryE+yHUftWs4w@mail.gmail.com> <15fc4a20-b5c8-cd27-b30e-76e1f479b4ff@petit-huguenin.org> <CAD5OKxvmvmotpxB8BGJfqRrVTjEGKQkQRow37gmwRMFaBGjEoA@mail.gmail.com>, <DF470A3C-6033-48F4-8A61-3442C5DD2239@team.neustar>
In-Reply-To: <DF470A3C-6033-48F4-8A61-3442C5DD2239@team.neustar>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=transnexus.com;
x-originating-ip: [71.199.144.180]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a831122b-54be-4a94-89ce-08d9040cd3a4
x-ms-traffictypediagnostic: BN6PR1101MB2260:
x-microsoft-antispam-prvs: <BN6PR1101MB2260EA0CC5D5DBDD4791E2D599489@BN6PR1101MB2260.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: X2ivEzQaG2s71aXFMA2pGj5DbW8bPZEIEq6sJcyaD6/y4mmggTX3lm78UZsxHydY3QgtPsNQkDOgQPxZNjvBeu50KkA3+i4TtIY6lgYmrHRjnDJ0zBZ+WwoW5dHqm6wrrSQU/FrjIAzF5Kdts1RxjBl26jV8+M/uKnyBev/h93MiLxv1An/hlgkeUDJiy8QBPAKZcDfKRoGM2uSY2AWyNX6acUgRTnmQS6fHHr9xy0DbTkiQcJE0HQgHW75WPqpHgqeFwj8m4TLYyRW5VkxVSQNNJ3xxUpu6dk58mn1klTvPUyrGXkY4Al5h3YDCuU8a0/n87xLV16xDUsYMLyROsJDkKXudz56vo6tYyaKYeHaN53Q1irz1QhcltAyZxcNsSuAg8k4McsOUQ2cWz0HWn4CePEpNRCulN4eqxGEhj3KlOZKrMABBxq+F9R/xB/6/ddse0UM13ACx5xbFamNU6SBsaatM7MvtCeiTRjgjAd3LcjIvKHNwtUwhCjfu/zpWCmFLluelWfIt5dihNzrfAPNQxL/YHcibFiXcGB5ekxR3aWHul0/yfzpRw//SSC6Ls9Zny3TF61Tulr98VOla4qoS2oGFvAJ7Xww0RIUofI4=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN6PR11MB3921.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39840400004)(136003)(396003)(376002)(366004)(346002)(83380400001)(4326008)(110136005)(54906003)(76116006)(26005)(478600001)(66616009)(5660300002)(99936003)(86362001)(71200400001)(53546011)(66446008)(8936002)(316002)(15650500001)(6506007)(33656002)(186003)(66476007)(52536014)(64756008)(2906002)(66946007)(7696005)(44832011)(66556008)(38100700002)(8676002)(55016002)(122000001)(9686003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?Windows-1252?Q?UNXdhoc0X68AdkSFMFxjyMOLwHnY0rKUY28ILq1wpLgIvc+WlB6dRnNY?= =?Windows-1252?Q?RnbbU64o4giw+j3SLhJJX+7aWDMvrpxYCT2lixyS1fXO4NiANGaBz9+8?= =?Windows-1252?Q?f9ZtMmwvLTmnsDO60atVV6du5G/NiCSjaOzwd916DlOhXfq0avfwCoOv?= =?Windows-1252?Q?50IoP4wHRo3zkIAinPdPyJRCcOBciqOk3hTApvH4WR4ajeROqncH6WdR?= =?Windows-1252?Q?baYvFH8BLRjMLaFIwdhplBmcana1rw4L+Z1yYrLEsxDGLhQ7b8OsUjsy?= =?Windows-1252?Q?EIwiM9L1//HZzyABBN47guU7+dxrHYIYtejLPnDIdyAID03VptIKwfvz?= =?Windows-1252?Q?gjNT+Ytw1RBHM89t13ZREKgDfn6IQkXQWUOqz6ywgjb34BQg4U+tTUjB?= =?Windows-1252?Q?pZjZe9vkAeZQ5E/0Zcrt/uYCiTHwOdKezxTluFsGeeh6oHL3LZLleHAC?= =?Windows-1252?Q?36w9OB0vG9Aomr3Pyp/jnRnXRKIilOcWmAJNt90IbtJOb1sVVhuC5TXn?= =?Windows-1252?Q?5iDW7SbRkjJ/5exwhx5QJq20zrCGg/3VsfZRiJRwHGgOx+Td8PiY3Z4l?= =?Windows-1252?Q?Iz9XPPccnPP7sHmKwNuY2ChSIUEvRTfpsuAevDvrtWBPxfQ+vmb/51Lf?= =?Windows-1252?Q?WDkwpR2D3cWFUCy71GrvgfQzuIt+dHYEknbwMC/cw5vhkpEOgxZKWvU0?= =?Windows-1252?Q?ZYc6l2VClQNSgvX+XJiOdn89AIMdlpqDYN1IDUjbz8cXBmsZouwWmiWg?= =?Windows-1252?Q?Ztgys794WTHok64ssrOrEEdFHc3qeYibfihgcIPKQtOGNofKFiLztwP2?= =?Windows-1252?Q?oGjp5gUqnOTu67B+OzgfChJHj9wNY0T4UbhF3l+9oqc8dl1FjAVVB5Lg?= =?Windows-1252?Q?JNhJNgpCWP3Et/i5YRa4sbPMRDiKycN6+028DU0xStINhOH5sqbq4qWr?= =?Windows-1252?Q?6T84flXT7HBm6zjxnmj3vmQ+LykAovh6TaZOs2Eovp2rzcmOGRBxumyK?= =?Windows-1252?Q?laY2Rwls97lg/3RQf0dn0ZpoQEmgZl2IjAfNX7s+fj35ZhBP9COD2JEj?= =?Windows-1252?Q?IVa7u/fg1VEDMsCakgFNEFbB9nFgODKRJz+0tBmQoWTndtwx3OnDV59r?= =?Windows-1252?Q?DFTRKwGherJekyR+e2vtbk9xREdOXZYq6dfzQfrhe+HeKMZmjWFRt9np?= =?Windows-1252?Q?qeZ0OKgovYt1UJhcVmbE3oaUencUxFoN/zBEQ7N42weQqp7dRCyrvxqV?= =?Windows-1252?Q?WF3Y1BWyO8d2Ce+F/kZIzOgECemvRBSQwxUzzOtwNpgtQoO/1SYIF5Sg?= =?Windows-1252?Q?M6ylzRijiWYQSplJlFsm2MbeXI2RlfsrQiEZpuJDQKjBsXyYoC3t+jR7?= =?Windows-1252?Q?uCxAXB+IjL7ZmiuFypIrlmZDAisV4z1hiv6vVrXiM8js8qFR0ZoxyHov?= =?Windows-1252?Q?BasAERaX4NLGbM0A2DeV8w=3D=3D?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha256"; boundary="_EC8C5391-F00F-E24E-A146-8E8C2393D08B_"
MIME-Version: 1.0
X-OriginatorOrg: transnexus.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN6PR11MB3921.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a831122b-54be-4a94-89ce-08d9040cd3a4
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Apr 2021 14:58:58.5011 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8e2972a2-d21d-49ac-b005-18e8ceaadee3
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1VeOpJFlHAXg/h8amCrvdCYwbiKy7zBplgwr6jATgMfOsy2OF10nNOhU45wFF7SjnXn4LBnuhvUMbuWeOoneiMuKFKdBiCjUJeSC42K7jw8=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR1101MB2260
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/Ec-TiSV7_W_Xr-XINZO91LtpH8U>
Subject: Re: [stir] Proposal for update of erratum #6519
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Apr 2021 14:59:09 -0000

Is it really a problem to just say that you must (or must not, either way) include quotes and be done? STI-AS and STI-VS implementations will need to be updated frequently over the next few years due to all of the new PASSporT extensions, so expecting implementations to add/remove quotes seems reasonable. Implementations could accept both values at their discretion, even if it violates the standard.

 

Sincerely,

 

Alec Fenichel

Senior Software Architect

alec.fenichel@transnexus.com

+1 (407) 760-0036

TransNexus

 

From: stir <stir-bounces@ietf.org> on behalf of Peterson, Jon <jon.peterson=40team.neustar@dmarc.ietf.org>
Date: Tuesday, April 20, 2021 at 10:47
To: Roman Shpount <roman@telurix.com>om>, Marc Petit-Huguenin <marc@petit-huguenin.org>
Cc: IETF STIR Mail List <stir@ietf.org>rg>, Russ Housley <housley@vigilsec.com>om>, Christer Holmberg <christer.holmberg@ericsson.com>
Subject: Re: [stir] Proposal for update of erratum #6519

 

Inline.

 

From: stir <stir-bounces@ietf.org> on behalf of Roman Shpount <roman@telurix.com>
Date: Monday, April 19, 2021 at 6:57 PM
To: Marc Petit-Huguenin <marc@petit-huguenin.org>
Cc: IETF STIR Mail List <stir@ietf.org>rg>, Russ Housley <housley@vigilsec.com>om>, Christer Holmberg <christer.holmberg@ericsson.com>
Subject: Re: [stir] Proposal for update of erratum #6519

 

On Mon, Apr 19, 2021 at 7:56 PM Marc Petit-Huguenin <marc@petit-huguenin.org> wrote:

A literalist.  Fantastic.



That was not my understanding.

 

We can go back to the recording to check on the decision.

 

More importantly, what is the normative strength of "be tolerant to the absence of quotes when receiving"? Is this MUST accept quotes? SHOULD accept quotes?

 

In the sentence "Implementations SHOULD use quotes around the token when sending", what would be the valid use cases when implementations are allowed not to use quotes?

 

My understanding is that SHOULD implies well know exceptions.

 

The exception we are aware of is that implementations exhibiting this behavior exist. It is, in other words, for backwards compatibility reasons.

 

Regardless of what the recording says (we were kinda all over the place, if I recall), I think I agree that the right semantics are that you MUST accept quoted and unquoted, and SHOUD send quotes (the exception to the SHOULD being backwards compatibility). If we said you MUST send quotes, well, then implementations that don’t are violating the spec. As you pointed out, it’s kind of a mixed bag at the moment out there in terms of where implementations are.

 

Jon Peterson

Neustar, Inc.