Re: [stir] Stephen Farrell's Discuss on draft-ietf-stir-certificates-11: (with DISCUSS and COMMENT)

"Peterson, Jon" <> Thu, 03 November 2016 14:00 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4CAAB129A1A; Thu, 3 Nov 2016 07:00:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.701
X-Spam-Status: No, score=-102.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id jiCSZsBHFGPG; Thu, 3 Nov 2016 07:00:22 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 72E27129612; Thu, 3 Nov 2016 07:00:22 -0700 (PDT)
Received: from pps.filterd ( []) by ( with SMTP id uA3DqduM024423; Thu, 3 Nov 2016 10:00:18 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=neustar-biz; bh=lMpJ2EVrq8jaFjjwpqAd8n6bRATlCcLcyVQzrBkg5Mk=; b=tgaB6ME0nrKM2tstm9LH2FFDNlfUTNaLTwHtHIG6KteBBsVGu5V3e8jxOXvoIjyKv6NJ dgpjs4Cv+yHLHrCl2N6U/8KulMgXbFXqliyEeeaHG/fgVOp7Hz6KRdtHNfOfDPTWEpbi siMDvbHiwzt9a1ejJcSIs+MUtQ+LGiHc8j/ihZ0lsNh1SJ0TyukzS0Yjpf+CVXb+XcDN 3ldWCm/6hs9IqQmTEb0upuNZebfZ+WIc+uhRzlnq3QKHBnYOscZoYSbOnCHZiJDs2sE8 s4sfjjm/uXmTBFtWRj5+CQuT6yGicdlCgBkFiHVAT1pAKfN5zgXV0bQd6FgQzkpO/YLE pg==
Received: from ([]) by with ESMTP id 26cqs394he-1 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 03 Nov 2016 10:00:17 -0400
Received: from ([]) by ([::1]) with mapi id 14.03.0279.002; Thu, 3 Nov 2016 10:00:17 -0400
From: "Peterson, Jon" <>
To: Stephen Farrell <>, The IESG <>
Thread-Topic: Stephen Farrell's Discuss on draft-ietf-stir-certificates-11: (with DISCUSS and COMMENT)
Thread-Index: AQHSNXVN/COaOKgwAU6LL6dXcoQfqKDHSkgA
Date: Thu, 03 Nov 2016 14:00:16 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-ID: <>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-11-03_04:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1609300000 definitions=main-1611030262
Archived-At: <>
Cc: "" <>, "" <>, "" <>, Robert Sparks <>
Subject: Re: [stir] Stephen Farrell's Discuss on draft-ietf-stir-certificates-11: (with DISCUSS and COMMENT)
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 03 Nov 2016 14:00:29 -0000

>(1) TN auth list services - IIUC, these are not free today.  Is
>that correct?  It's not clear to me that alternatives such as
>listing all good numbers inside a cert are practical.  Did the WG
>have an explicit consensus that building in a requirement to have
>verifiers pay to be an effective RP is ok?  If so, can you send a
>pointer to the list archive or minutes where that was agreed. If
>not, don't the WG need to explicitly ok that?

Um, I think the most immediate plans for stir-certs deployment include
just using SPIDs, in which case the TNs hardly factor into it. Agreed that
listing all good numbers inside a cert is likely not practical, except for
cases where a cert contains just a single number or a manageable block -
and that's probably the second-most-immediate plan for deployment.

I don't think there is any real analog to the services required for
fancier things here in the marketplace today. This'll be new. If it's done
with OCSP, as the draft recommends, it'll cost about as much as OCSP does
- which is a cost built into the certs, not a cost to relying parties. So
in short, I'm not sure anyone is viewing this as a potential profit
center. You'll note that some ACME-related drafts are starting to appear
(draft-peterson-acme-telephone, say) which point in the likely direction
this is all going.

But to be clear, I completely agree that you should not have to pay to be
a verifier - I just don't think that's what the mechanism does.

>(2) setion 8: you need to say more clearly exactly what the
>IA5String values in the extension map to in the JWT. I assume it's
>the field names but you don't say. You need to say if this
>extension can or needs to be critical.

Already talking about this one separately...

>(3) section 9: you need to say whether this extension needs to be
>or can be critical and where in the cert path it's allowed to be
>and how to interpret things if >1 cert in the path has this
>extension (if that's allowed, and if it is, then complexity awaits

This one I'll defer to Sean.

>(4) section 10: you need to pick one MTI method I think. Why is
>that wrong? You nearly, but not quite, do. Why not just do it?

We aren't confident enough to do it yet. We want to throw some ideas out
there and try them in the marketplace. A lot of people are telling me they
like short-lived certs for this; others like OCSP. OCSP will look more
attractive if we figure out how to get stapling to work with SIP.

I'd say we've got enough here that it's worth a PS and some
implementation, but I'm interested to see how it goes.

>(5) section 10: don't you need to somehow define "short-lived"?
>That could be defined as an RP-configurable value, but even if so,
>I think you need to say that. Even if you do that, I'm not sure
>that an RP-configured value is right as short-lived certs, vs.
>not, puts a different burden on the signer and if the signer and
>RP have different ideas of what short-lived means, then interop
>failures seem likely. Bottom line for this point: what's a short
>lived cert?

Well, in this section a short-lived cert is largely a strawman discussed
for rhetorical effect, not a fully-baked proposal. At the end of the
section we say that the rest of the doc is going to explore the
alternatives. Now again, I do think there are some good ideas about using
short-lived certs for STIR, and I wouldn't be surprised if those were
documented elsewhere. But for this baseline doc, we wanted to show an
approach to doing status information. The jury's still out on which will
turn out to be better.

>(6) section 10: as with short-lived, don't you need to define HVE?

I would have thought the ref to RFC6960 was sufficient for at least
defining it? That much said we're kind of just stealing ideas from HVE to
build up our own profile.

>(7) section 10.2.1: Can OCSP be made use HTTPs here?  If not, then
>you have the RP sending out the caller's TN in clear.  That seems
>bad (cf. BCP188). Did the WG consider that? If this spec needs
>OCSP/HTTPs then I think you need to have a new MUST for that (it's
>uncommon or maybe never done?) and address the potential bootstrap
>issues. (But I didn't think those through - did the WG?)

I don't think we gave confidentiality for OCSP any serious consideration.
At the very least that issue should be documented in the draft. If there's
a reasonable fix, I'd be happy to use it - if it's breaking new ground,
obviously that would take some doing.

I'll respond to the comments below separately.

Jon Peterson
Neustar, Inc.

[ (1) was the hard one, right? ]

>General - So a passport structure or SIP message can have a URI
>for the cert. And the cert can have URLs for OCSP and AIA and for
>a TN download service. That's potentially an awful lot of comms
>out of the RP to do STIR. Has someone put all that together into a
>usable assembly? If so, where's that documented? (To be open about
>it, I was more of a fan of the DKIM starting point for this work,
>but that's really just opinion, so this is definitely a
>non-blocking comment.  I'd still be intersted in an answer
>- section 5: "Assignees of E.164 numbering resources participating
>in this enrollment model should take appropriate steps to
>establish trust anchors." That's ambiguous. Do you mean they
>should establish a list of other folk's public keys they trust or
>that they should generate their key pair and get their public key
>on other folk's list of trust anchors?
>- section 7: What's the REQUIRED for EST about? That just seems
>- section 10: SCVP? Really? Does anyone do that? I'd say get rid
>of that text, it'll only cause grief.
>- section 10: "CRLs are an obviously attractive solution" hmm -
>s/obviously/initially/ would seem more accurate.
>- 10.2: last two paras are speculative - do they belong in a spec
>like this? If so, maybe re-word 'em so that they're not going to
>confuse an implementer?