From nobody Wed May 11 11:04:47 2022 Return-Path: X-Original-To: stir@ietfa.amsl.com Delivered-To: stir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EDFFC159523 for ; Wed, 11 May 2022 11:04:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=tmobileusa.onmicrosoft.com header.b=aepy6QSE; dkim=pass (1024-bit key) header.d=tmobileusa.onmicrosoft.com header.b=aepy6QSE Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GTOfVM9p794E for ; Wed, 11 May 2022 11:04:42 -0700 (PDT) Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on20725.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe5a::725]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 235B0C159522 for ; Wed, 11 May 2022 11:04:42 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=ilmo72gFqYcioH2JSAiw2tt0MyUUjE/+09R1Yqxh9N1fquo9ize790yTt2TNgdMGXoU9yflCj6O75pGcD6c6SoQfUpXK/scVzA5wh6KM++Njj++sNS+v95GnM7DslZu2UpxN2J/p+5pvxQ1ZcQLR84nhv3MXUuNvOLMid/XfgwjrsuhtexWjBMONO/H8rWM7hKF3zCt6V48Hvm3RhermM1bYU11eBTrYwEX39ATDK+cm9TM2BDlu2THC0qsaD8htGeTSUkabQrSk9Ki5QUP7Kxp55XtIrXzPHMfzfHd4c59FLIsnxbX81/bGllqrQUhH/GbzlUCAFc4jawl1nIbnYw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=u+AgcDFSgXd8VOlKwW5kBtzAVqoQBG7nk/h+rU4IaqQ=; b=N/IjkcB+onySik+p8MO1VBmgdOazpNvPr2spSqhI58LRmLQnfazCI/ILt4u++nyGpLuLzwGdKNGFsxvV0lof4zxO7d6FLGIRkhr9UAJLBJ3nxnEaJGA+P4I+lBjqC0FCo2xqIbgmIPlVvqbhHMBpRX4Qp3vgwf7qQQAUQoUWwDms146AxIOey50V5nUlRkJfM4cyuX3ysHP7QSgPHc+VvR+A8XyL5eTsc/LZehtJ5bdumhBOShrlVIeltoih+l8zg76X6mvPxKVh1/fBdBOEaa5V612K8U9EgVOXQkLtL0ItolJFAWnZIJVmgQkecSl24PdMIsHEx4n5frL5XM/IzA== ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=fail (sender ip is 144.49.247.27) smtp.rcpttodomain=dmarc.ietf.org smtp.mailfrom=t-mobile.com; dmarc=fail (p=none sp=none pct=100) action=none header.from=t-mobile.com; dkim=pass (signature was verified) header.d=tmobileusa.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=t-mobile.com] dkim=[1,1,header.d=t-mobile.com] dmarc=[1,1,header.from=t-mobile.com]) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=TMobileUSA.onmicrosoft.com; s=selector1-TMobileUSA-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=u+AgcDFSgXd8VOlKwW5kBtzAVqoQBG7nk/h+rU4IaqQ=; b=aepy6QSEm0rLFnHVgopaaaxNXPsJf3g9HqrcaPTCm8YrfQH3B/CCQnxasQw8Dc+bbwo0YNkDwssbxQMhxOCgPk3mA0L8jKIOQYbMbKP6vbaqXWcmOBAmbW94h+1A8h+UQMaER/0A/cb6CuQLaS13REdWto0dg/HvQC7myLwEvJA= Received: from BN8PR15CA0045.namprd15.prod.outlook.com (2603:10b6:408:80::22) by CH2PR02MB6405.namprd02.prod.outlook.com (2603:10b6:610:a::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5227.23; Wed, 11 May 2022 18:04:38 +0000 Received: from BN1NAM02FT022.eop-nam02.prod.protection.outlook.com (2603:10b6:408:80:cafe::e7) by BN8PR15CA0045.outlook.office365.com (2603:10b6:408:80::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5250.13 via Frontend Transport; Wed, 11 May 2022 18:04:38 +0000 X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 144.49.247.27) smtp.mailfrom=t-mobile.com; dkim=pass (signature was verified) header.d=TMobileUSA.onmicrosoft.com;dmarc=fail action=none header.from=t-mobile.com; Received-SPF: Fail (protection.outlook.com: domain of t-mobile.com does not designate 144.49.247.27 as permitted sender) receiver=protection.outlook.com; client-ip=144.49.247.27; helo=mail.ds.dlp.protect.symantec.com; Received: from mail.ds.dlp.protect.symantec.com (144.49.247.27) by BN1NAM02FT022.mail.protection.outlook.com (10.13.2.136) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5250.13 via Frontend Transport; Wed, 11 May 2022 18:04:37 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=a4owVi26UXRhEwJ3LdiF2LEKMg6SVJBjOfy9/QlErlNxz7y/tWGR3Dl8g2ds5hbcAy83ysPAVDaz+9dfjEhfLMCLVq46Q4YfiaQN+b7pJIJC7gPR/vJM+XLcfOb9n/kQ5K3jjsPxzWfzvG75qPd1jKsJXA/z61QVu/OYTVuK9IHxPmxQ0LuBhCXth28avhyjDCz/7YPN1GyNQQeiSSKQ3QGiJv5kDzkkfR3A7zj7fL01S7H4XjTek8brWkrQVHO505e3TnPL1YzbT7YYvbd0BAY1+Xlhb1NPm8pxd2gtbpSCWlGPHmOwbROTblu86l6kmpIvBgbrMioTTnLUcsNSCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=u+AgcDFSgXd8VOlKwW5kBtzAVqoQBG7nk/h+rU4IaqQ=; b=OOF909ofaP5UPEI1MvSoymqmKWAcqjr/JQjEP/USO9kHq+rrTcQKfs0w5eoHXzAZh49405cY2Pv1iZsYiz8ffd7Zh2Z6/TkOz/GNx4qPDtn+u9lMJEggZ+duwwhawbLWV+XJHIb9QTvvwuUyEOIySQ1QO5xEi9jYgvUUEAda4/m4PVwCGeHfNIlsZ9laSDC/qGpISWfnWb7SCZXaRBjiHmGXNaxNop/SOf3FFEoHGjIk+6hzdj61DpbRnkYVBcOPLElIaShAuxkLZavwoenjlQdfvscS618imphMUf7Q5e/KTqXcloFIU59OL8apGyBc++zcy3iiHcqmG6aPDRR3NA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=t-mobile.com; dmarc=pass action=none header.from=t-mobile.com; dkim=pass header.d=t-mobile.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=TMobileUSA.onmicrosoft.com; s=selector1-TMobileUSA-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=u+AgcDFSgXd8VOlKwW5kBtzAVqoQBG7nk/h+rU4IaqQ=; b=aepy6QSEm0rLFnHVgopaaaxNXPsJf3g9HqrcaPTCm8YrfQH3B/CCQnxasQw8Dc+bbwo0YNkDwssbxQMhxOCgPk3mA0L8jKIOQYbMbKP6vbaqXWcmOBAmbW94h+1A8h+UQMaER/0A/cb6CuQLaS13REdWto0dg/HvQC7myLwEvJA= Received: from BYAPR02MB4168.namprd02.prod.outlook.com (2603:10b6:a02:f4::11) by SA2PR02MB7514.namprd02.prod.outlook.com (2603:10b6:806:135::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5250.13; Wed, 11 May 2022 18:04:33 +0000 Received: from BYAPR02MB4168.namprd02.prod.outlook.com ([fe80::d879:56a0:3a11:6f73]) by BYAPR02MB4168.namprd02.prod.outlook.com ([fe80::d879:56a0:3a11:6f73%3]) with mapi id 15.20.5227.023; Wed, 11 May 2022 18:04:31 +0000 From: "Gorman, Pierce" To: Christer Holmberg , "stir@ietf.org" Thread-Topic: Definition of STIR Thread-Index: AQHYZVdXBhmcYvRTBkqU9X5Q4zXVb60Z8iIw Date: Wed, 11 May 2022 18:04:31 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=t-mobile.com; X-MS-Office365-Filtering-Correlation-Id: cd77e558-96f9-4a85-8c1a-08da3378b6aa x-ms-traffictypediagnostic: SA2PR02MB7514:EE_|BN1NAM02FT022:EE_|CH2PR02MB6405:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: uG6V2ec2P46pg80UEpKuufIloJweHWAetJH8plLDo6+S/wH2TmwzNScuCdAoNy/LDDWrn9Tnxk2kSM2X3tYYFf+FFQ5Dr8LKpyDoCn4hwFX9JjO5FqTKBQYbcs8yLuuvusoUlOc2LwYxIFGIPMd3uLPV2yxljCUBeurTrFAaZy7XrhAIbQnz8z+4I7+TqLmSL82XEQIWLvrLcm3MgzLxH+3/3ojYiaLSpYg5wqJA26VlR5RsVpzVvkXt80V63mB5BHdtGlE59IMJMqB4reSnqVmemQqBID4xu1GthSdGY+eHoLnnJaTtHi5zoJ7BRMR+JRTp4xe6RWddcCX6vCqEqgkceZnHLwAq3PQvNG9Lhr2Y+ex2AIgZgQMQzWsMwcFahhyXM62TzTcltmUP3t7in1YCh3RNhVdWDdbGhluWRDh/T4P2omIZaneyBG/5JYngma48DTzlADavze4D2eqloJP0iuMgzP4GFrYYwxQ4MD1hM4tYMR43EGqMoh9U/8MRJ2IYzBdO+feRuHoO2aOaVMeBaJ0x7v0driOiQKa1AND2OJbri/H/siAW3dCq/hUil+uxQUtgA4W2xTFrIcGwZbVtG0fQHqOBko//wAhCIEja/KXjrMPH9qq9GhZvj7j0pvaAROpAxLIpfyO0uOt7vahU4Xywv3gKiIIKWLU6uDLYEoUbgzLYujDa08S1yFpqdkDxvm9u4JRti4Yv8LAI9A== X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR02MB4168.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(64756008)(38100700002)(316002)(38070700005)(8676002)(66446008)(66556008)(66476007)(66946007)(76116006)(508600001)(5660300002)(186003)(110136005)(122000001)(26005)(3480700007)(8936002)(52536014)(7696005)(55016003)(83380400001)(9686003)(2906002)(6506007)(71200400001)(33656002)(82960400001)(86362001)(7116003)(53546011); DIR:OUT; SFP:1102; Content-Type: multipart/alternative; boundary="_000_BYAPR02MB4168BE198D24C18F50183B96D2C89BYAPR02MB4168namp_" MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA2PR02MB7514 X-CFilter-Loop: Reflected X-DetectorID-Processed: 8c846453-0f50-46b3-95ab-8bbaf7238615 X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: BN1NAM02FT022.eop-nam02.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: 54b52cf9-ed48-47d8-da54-08da3378b2f6 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: uKhaj3kSa0FD3EEDb8SpxFXwxx0GTSncMVmn1/CrpD9GVpZh9baocsXt5Jwmg8VUmuCSZbpNBoZ/yoNTQz6txzJzJV/7yBsgLqRS7kdA1nezORFTdeHNJ1HTlxzpHtRVLu+xtLk1+/LJniEX5Yssmcx4pvyuOZJP8oZkB7wjiVRuziu3hloroS9omqbt6YGjh+VZ8B0oIipJzqcWvFnSdvNdR3O+FqgXM+ZetO3mZdqAJiPHm4DoxI2+R0S9VuV812jmo7BjSqj+Oriv8jAXpaJSjNmQCK+7kCwxgIUm6Tj1isqfqYl58oWeNhFQOBtkiDFrxpREjMwI89xogO3q29+f5BOpXhe2OBecPsdC46jIY7PcVkMpzO+gpAXyQeZPmedcFkUh0GH9vfhnDNhKduwiPu95DCTqPMEezjBdvLDe1OOR2i7PacVR36/tWsgkjnTQEj0CW0WPC0Sjr2lE8oAwyMU7EAd2VtbhFKVb4F0bPaE/mk5m7l7I4moRAiXavjCkgMRyO1EvWIwYTDbhf1g2V3stQUGf15DqMGz3tFqCEovF9TsqWE6KoQIDPEvpFO0bxRzWz6tVONvQY2Aqe01Ci0HwoBdu/dNE+zuv/xSnLs8XjKA8gOgj6+3WVQBCFXjEC4OTv32wqaN+QVqYWEAsoKCgkESDJHQ17V2GYWqYq6gs7SWuATGXlVzj5qq7Hgh8dSHEqpl6ewZafWEchg== X-Forefront-Antispam-Report: CIP:144.49.247.27; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.ds.dlp.protect.symantec.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(36840700001)(46966006)(40470700004)(83380400001)(70206006)(508600001)(33656002)(8676002)(70586007)(47076005)(336012)(8936002)(186003)(7116003)(55016003)(86362001)(26005)(9686003)(316002)(82310400005)(7696005)(6506007)(53546011)(110136005)(81166007)(3480700007)(36860700001)(40460700003)(356005)(52536014)(82960400001)(2906002)(5660300002)(36900700001); DIR:OUT; SFP:1102; X-OriginatorOrg: t-mobile.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 May 2022 18:04:37.6162 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: cd77e558-96f9-4a85-8c1a-08da3378b6aa X-MS-Exchange-CrossTenant-Id: be0f980b-dd99-4b19-bd7b-bc71a09b026c X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=be0f980b-dd99-4b19-bd7b-bc71a09b026c; Ip=[144.49.247.27]; Helo=[mail.ds.dlp.protect.symantec.com] X-MS-Exchange-CrossTenant-AuthSource: BN1NAM02FT022.eop-nam02.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR02MB6405 Archived-At: Subject: Re: [stir] Definition of STIR X-BeenThere: stir@ietf.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Secure Telephone Identity Revisited List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2022 18:04:46 -0000 --_000_BYAPR02MB4168BE198D24C18F50183B96D2C89BYAPR02MB4168namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I suppose you or others could volunteer attempts at a definition. Once sat= isfactorily achieved, what would you do with it? Not trying to be a smart = alec. I'm seriously curious. I will volunteer that I think of "STIR" as being the collection of work in = the IETF that is referenced in "SHAKEN" call authentication specifications = in use in the US and Canada (so far). "STIR" is the collection of work that tells you how to create a SIP Identit= y header of whatever type you need for a particular call type, and how to c= reate an X.509 security certificate (chain) with extensions and constraints= needed to verify the contents of a SIP Identity header. "SHAKEN" (a body of work in the ATIS/SIP Forum Joint Task Force on IP-NNI) = tells you how to create and use various SIP Identity types defined in "STIR= " and about the governance, policy, and certificate authorization framework= used to acquire SHAKEN-specific X.509 end-entity certificates. Beyond this, the call authentication governance authorities in the US and C= anada have created requirements and selected entities to be Policy Administ= rators (PAs) and also created Certificate Policies which outline the requir= ements to be an authorized (within their respective jurisdictions) Certific= ation Authority (CA), thus creating the SHAKEN GA/PA/CA Secure Telephone Id= entity (STI) Public Key Infrastructures (PKIs). I expect others can volunteer alternative, and potentially better, definiti= ons. Best regards, Pierce Gorman From: stir On Behalf Of Christer Holmberg Sent: Wednesday, May 11, 2022 11:52 AM To: stir@ietf.org Subject: [stir] Definition of STIR [External] Hi, What exactly is "STIR", other than the name of an IETF WG? Sometimes "STIR" used in document titles, sometimes there is text saying "S= TIR"/"the STIR mechanism" does this and that, provides this and that etc. d= raft-ietf-stir-identity-header-errors-handling talks about "extending STIR"= . RFC 7340 is supposed to describe the STIR problem, but 7340 does not even s= ay what STIR stands for (Secure Telephone Identity Revisited), and there is= no RFC named "STIR". The question came up while I was reviewing the messaging draft, which says: "Secure Telephone Identity Revisited (STIR) provides a means of attesting t= he identity of a telephone caller..." Regards, Christer --_000_BYAPR02MB4168BE198D24C18F50183B96D2C89BYAPR02MB4168namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

I suppose you = or others could volunteer attempts at a definition.  Once satisfactori= ly achieved, what would you do with it?  Not trying to be a smart alec.  I’m seriously curious.<= /p>

 

I will volunteer that I think of “STIR” as being the collect= ion of work in the IETF that is referenced in “SHAKEN” call authentication specifications in use in the US and Canada (so far).

 

“STIR” is the collection of work that tells you how to creat= e a SIP Identity header of whatever type you need for a particular call type, and how to create an X.509 security certificate (chain) with ex= tensions and constraints needed to verify the contents of a SIP Identity he= ader.

 

“SHAKEN” (a body of work in the ATIS/SIP Forum Joint Task Fo= rce on IP-NNI) tells you how to create and use various SIP Identity types defined in “STIR” and about the governance, policy, and = certificate authorization framework used to acquire SHAKEN-specific X.509 e= nd-entity certificates.

 

Beyond this, the call authentication governance authorities in the US an= d Canada have created requirements and selected entities to be Policy Administrators (PAs) and also created Certificate Po= licies which outline the requirements to be an authorized (within their res= pective jurisdictions) Certification Authority (CA), thus creating the SHAK= EN GA/PA/CA Secure Telephone Identity (STI) Public Key Infrastructures (PKIs).

 

I expect others can volunteer alternative, and potentially better, defin= itions.

 

Best regards,

 

 

Pierce Gorman

From: stir <stir-bounces@ietf.org> O= n Behalf Of Christer Holmberg
Sent: Wednesday, May 11, 2022 11:52 AM
To: stir@ietf.org
Subject: [stir] Definition of STIR

 

<= span style=3D"font-size:10.0pt;color:#9C6500">[External]

 

Hi,

 

What exactly is ”STIR”, other than the name of an IETF W= G?

 

Sometimes “STIR” used in document titles, sometimes ther= e is text saying “STIR”/“the STIR mechanism” does t= his and that, provides this and that etc. draft-ietf-stir-identity-header-e= rrors-handling talks about “extending STIR”.

 

RFC 7340 is supposed to describe the STIR problem, but 7340 does not= even say what STIR stands for (Secure Telephone Identity Revisited), and t= here is no RFC named “STIR”.

 

The question came up while I was reviewing the messaging draft, whic= h says:

 

“Secure Telephone Identity Revisited (STIR) provides a means o= f attesting the identity of a telephone caller…”

 

Regards,

 

Christer

&n= bsp;

--_000_BYAPR02MB4168BE198D24C18F50183B96D2C89BYAPR02MB4168namp_--