[stir] a syntax change

"Peterson, Jon" <jon.peterson@neustar.biz> Fri, 08 July 2016 23:22 UTC

Return-Path: <jon.peterson@neustar.biz>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 03AB712D960 for <stir@ietfa.amsl.com>; Fri, 8 Jul 2016 16:22:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.6
X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id B2LfYpjZMWld for <stir@ietfa.amsl.com>; Fri, 8 Jul 2016 16:22:20 -0700 (PDT)
Received: from mx0b-0018ba01.pphosted.com (mx0b-0018ba01.pphosted.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B98712D100 for <stir@ietf.org>; Fri, 8 Jul 2016 16:22:20 -0700 (PDT)
Received: from pps.filterd (m0078668.ppops.net []) by mx0b-0018ba01.pphosted.com ( with SMTP id u68NDIPs000691 for <stir@ietf.org>; Fri, 8 Jul 2016 19:17:14 -0400
Received: from stntexhc12.cis.neustar.com ([]) by mx0b-0018ba01.pphosted.com with ESMTP id 2425d324p5-1 (version=TLSv1 cipher=AES128-SHA bits=128 verify=NOT) for <stir@ietf.org>; Fri, 08 Jul 2016 19:17:13 -0400
Received: from STNTEXMB10.cis.neustar.com ([]) by stntexhc12.cis.neustar.com ([::1]) with mapi id 14.03.0279.002; Fri, 8 Jul 2016 19:17:13 -0400
From: "Peterson, Jon" <jon.peterson@neustar.biz>
To: IETF STIR Mail List <stir@ietf.org>
Thread-Topic: a syntax change
Thread-Index: AQHR2W7bzsTobHl6sEOOeZEJkt6dxg==
Date: Fri, 08 Jul 2016 23:17:12 +0000
Message-ID: <D3A58289.1A58E7%jon.peterson@neustar.biz>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_D3A582891A58E7jonpetersonneustarbiz_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-07-08_13:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1604210000 definitions=main-1607080229
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/IOmN6-edBDIkJT7krPthc6vT1QQ>
Subject: [stir] a syntax change
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2016 23:22:22 -0000

Attentive readers will observed a syntax change in passport-04 which carries over to rfc4744bis-10. Implementers, especially those looking forward to the SIPit coming up, should take note.

The change is to the claims of the PASSporT object. Rather than having two different versions of each claim to reflect the originating and destination side, such as "otn" and "dtn", there is now simply a "tn" claim. That claim will appear within a JSON array explicitly labeled as "orig" or "dest" in the PASSporT object.

This will result in PASSporT claims like the following:

      { "orig":{"tn":"12155551212"},
        "iat":"1443208345" }

The "dest" claim is specifically defined to allow one or more values, so it replaces the previous "dgrp" claim to be used in cases where a message has multiple destinations.

This eliminated the redundancy of having future extensions to the PASSporT claims identify whether they carried an identifier for the originating or destination side. Now, new claim definitions simply have to state that they contain identifiers: the semantics of the identifier will depend on whether it appears under "orig" or "dest". In fact, PASSporT could probably work with some existing JWT claims now that represent identifiers. This seemed like a much better idea than the way we were doing it before.

This was a fairly last-minute fix, but it didn't require much spec change and is hopefully stable and consistent. Thoughts welcome.

Jon Peterson
Neustar, Inc.