[stir] [Technical Errata Reported] RFC8224 (5391)
RFC Errata System <rfc-editor@rfc-editor.org> Thu, 14 June 2018 20:15 UTC
Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2A4E13115A for <stir@ietfa.amsl.com>; Thu, 14 Jun 2018 13:15:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I_tZ-iMW9u0k for <stir@ietfa.amsl.com>; Thu, 14 Jun 2018 13:15:43 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99496130F65 for <stir@ietf.org>; Thu, 14 Jun 2018 13:15:43 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id 16914B812B8; Thu, 14 Jun 2018 13:15:41 -0700 (PDT)
To: jon.peterson@neustar.biz, fluffy@cisco.com, ekr@rtfm.com, chris-ietf@chriswendt.net, ben@nostrum.com, aamelnikov@fastmail.fm, adam@nostrum.com, rjsparks@nostrum.com, housley@vigilsec.com
X-PHP-Originating-Script: 30:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: tasveren@rbbn.com, stir@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20180614201541.16914B812B8@rfc-editor.org>
Date: Thu, 14 Jun 2018 13:15:41 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/LspFaVGnoKvhdGhswr-6ObLmtrQ>
X-Mailman-Approved-At: Thu, 14 Jun 2018 13:56:21 -0700
Subject: [stir] [Technical Errata Reported] RFC8224 (5391)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jun 2018 20:15:54 -0000
The following errata report has been submitted for RFC8224, "Authenticated Identity Management in the Session Initiation Protocol (SIP)". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata/eid5391 -------------------------------------- Type: Technical Reported by: Invalid content for "iat" <tasveren@rbbn.com> Section: 4.1 Original Text ------------- Third, the JSON key "iat" MUST appear. The authentication service SHOULD set the value of "iat" to an encoding of the value of the SIP Date header field as a JSON NumericDate (as UNIX time, per [RFC7519], Section 2), though an authentication service MAY set the value of "iat" to its own current clock time. If the authentication service uses its own clock time, then the use of the full form of PASSporT is REQUIRED. In either case, the authentication service MUST NOT generate a PASSporT for a SIP request if the Date header is outside of its local policy for freshness (sixty seconds is RECOMMENDED). Corrected Text -------------- “4.1 PASSPorT Construction”: Third, the JSON key "iat" MUST appear. The authentication service SHOULD set the value of "iat" to an encoding of the value of JWT generation as a JSON NumericDate (as UNIX time, per [RFC7519], Section 2). Notes ----- RFC7519 JSON Web Token (JWT) 4.1.6. "iat" (Issued At) Claim The "iat" (issued at) claim identifies the time at which the JWT was issued. This claim can be used to determine the age of the JWT. Its value MUST be a number containing a NumericDate value. Use of this claim is OPTIONAL. This text clearly states that “iat” is for the generation time of JWS. One may argue that origination of SIP dialog - on which Date header content is based - and JWT generation times would be very close to each other but this is not always true. JWT, for example, can be added only at administrative boundaries and a session may have started long before that,e .g. it involves user interaction with an IVR for announcement/PIN verification. It should be noted that populating "iat" with JWT issuance time makes use of complete form mandatory. So, if this errata is accepted, there probably would be a need to remove compact form as an option. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC8224 (draft-ietf-stir-rfc4474bis-16) -------------------------------------- Title : Authenticated Identity Management in the Session Initiation Protocol (SIP) Publication Date : February 2018 Author(s) : J. Peterson, C. Jennings, E. Rescorla, C. Wendt Category : PROPOSED STANDARD Source : Secure Telephone Identity Revisited Area : Applications and Real-Time Stream : IETF Verifying Party : IESG
- [stir] [Technical Errata Reported] RFC8224 (5391) RFC Errata System