Re: [stir] Definition of STIR
Richard Shockey <richard@shockey.us> Thu, 12 May 2022 20:03 UTC
Return-Path: <richard@shockey.us>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE422C159482 for <stir@ietfa.amsl.com>; Thu, 12 May 2022 13:03:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (768-bit key) header.d=shockey.us
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id id8EsgAd4GHO for <stir@ietfa.amsl.com>; Thu, 12 May 2022 13:03:14 -0700 (PDT)
Received: from outbound-ss-761.bluehost.com (outbound-ss-761.bluehost.com [74.220.211.250]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53539C14F732 for <stir@ietf.org>; Thu, 12 May 2022 13:03:14 -0700 (PDT)
Received: from cmgw14.mail.unifiedlayer.com (unknown [10.0.90.129]) by progateway8.mail.pro1.eigbox.com (Postfix) with ESMTP id B66EB1004463C for <stir@ietf.org>; Thu, 12 May 2022 20:03:13 +0000 (UTC)
Received: from box5527.bluehost.com ([162.241.218.19]) by cmsmtp with ESMTP id pF1knsjtL53CXpF1lnXzqk; Thu, 12 May 2022 20:03:13 +0000
X-Authority-Reason: nr=8
X-Authority-Analysis: v=2.4 cv=OPfiYQWB c=1 sm=1 tr=0 ts=627d6801 a=KXpOjjFwo8kCkgxs2x2AJQ==:117 a=KXpOjjFwo8kCkgxs2x2AJQ==:17 a=dLZJa+xiwSxG16/P+YVxDGlgEgI=:19 a=MKtGQD3n3ToA:10:nop_fastflux_from_domain_1 a=1oJP67jkp3AA:10:nop_fastflux_mid_domain_1 a=oZkIemNP1mAA:10:nop_rcvd_month_year a=qMgonR0qfJAA:10:endurance_base64_authed_username_1 a=jqBRFv0mrdUA:10:from_fastflux_domain1 a=PeFO9FbFhS32YxYntvkA:9 a=M0OflfRGAAAA:8 a=ll-iCDY8AAAA:8 a=YRLU8ZVIAAAA:8 a=0FD05c-RAAAA:8 a=Z80JlwQ0AAAA:8 a=48vgC7mUAAAA:8 a=9bOKTyGbAAAA:8 a=dbcnAWtwAAAA:8 a=P4CXnp8pss32acaCLmAA:9 a=QEXdDO2ut3YA:10:nop_charset_2 a=ivbTfD_dPm4A:10:phone_number_3 a=uBj0Gdr_CfwA:10:demote_hacked_domain_2 a=yMhMjlubAAAA:8 a=SSmOFEACAAAA:8 a=2JLUh5-gAAAA:8 a=UqCG9HQmAAAA:8 a=UHY01sOJbk2Y47sRvJ0A:9 a=IR9ODTVwvRo_pqNR:21 a=gKO2Hq4RSVkA:10:nop_mshtml a=UiCQ7L4-1S4A:10:nop_mshtml_css_classes a=hTZeC7Yk6K0A:10:nop_msword_html a=frz4AuCg-hUA:10:nop_css_in_html a=6yl0mh0s51TKORVA8GqK:22 a=VpyrLIdO_Ztbr3SWPBuH:22 a=G0fnPMQLLrhXuW0VSdpZ:22 a=l1rpMCqCXRGZwUSuRcM3:22 a=Zz-tw7mMPhxMdvFcggwQ:22 a=w1C3t2QeGrPiZgrLijVG:22 a=2MnCfuFsdWRFdRCRZFaS:22 a=hnrGVjIjb-X0WoHtSFqa:22
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=shockey.us; s=default; h=Content-type:Mime-version:In-Reply-To:References:Message-ID:To: From:Subject:Date:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Yx3lY4+Yj65xqyhfC918CvKrj2ZCGouf0pCULEDVnns=; b=mfgqYfg1uLdB8t7TOZQvh3/Znh H7EHgP48b69Xjr4HE/plPWeJFLL5cv8L5EJbcKBD2xnBC05aWtBYa5/GX3VDDr1UpEqEZbD1CWyAe M0jUSzzNZE+fzQSAJvIT+psgW;
Received: from pool-108-56-134-98.washdc.fios.verizon.net ([108.56.134.98]:54603 helo=[192.168.1.214]) by box5527.bluehost.com with esmtpa (Exim 4.94.2) (envelope-from <richard@shockey.us>) id 1npF1k-000Gtu-E7; Thu, 12 May 2022 14:03:12 -0600
User-Agent: Microsoft-MacOutlook/16.61.22050700
Date: Thu, 12 May 2022 16:03:11 -0400
From: Richard Shockey <richard@shockey.us>
To: Christer Holmberg <christer.holmberg@ericsson.com>, Robert Sparks <rjsparks@nostrum.com>, "stir@ietf.org" <stir@ietf.org>
Message-ID: <D6D049BD-6A40-408D-B695-5681800DC02E@shockey.us>
Thread-Topic: [stir] Definition of STIR
References: <700E1CC1-37ED-4A26-9822-35874C925646@shockey.us> <HE1PR07MB4441A7BCA89EB795CFBA537993C89@HE1PR07MB4441.eurprd07.prod.outlook.com> <BYAPR02MB41685704706EFA588BAD1647D2C89@BYAPR02MB4168.namprd02.prod.outlook.com> <HE1PR07MB4441BB167B0AD82243F005B493C89@HE1PR07MB4441.eurprd07.prod.outlook.com> <0acb9af0-15f2-35bd-a5ed-30a00c1afdba@nostrum.com> <AA02ED4B-E584-4763-8D4D-C6F7808B0A7F@shockey.us> <HE1PR07MB4441F7174FD412BBAAF55BD293CB9@HE1PR07MB4441.eurprd07.prod.outlook.com>
In-Reply-To: <HE1PR07MB4441F7174FD412BBAAF55BD293CB9@HE1PR07MB4441.eurprd07.prod.outlook.com>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3735216192_3950338630"
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - box5527.bluehost.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - shockey.us
X-BWhitelist: no
X-Source-IP: 108.56.134.98
X-Source-L: No
X-Exim-ID: 1npF1k-000Gtu-E7
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: pool-108-56-134-98.washdc.fios.verizon.net ([192.168.1.214]) [108.56.134.98]:54603
X-Source-Auth: richard+shockey.us
X-Email-Count: 1
X-Source-Cap: c2hvY2tleXU7c2hvY2tleXU7Ym94NTUyNy5ibHVlaG9zdC5jb20=
X-Local-Domain: yes
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/MRMocSad6Zm6X-znVGCkNYZDoVM>
Subject: Re: [stir] Definition of STIR
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 May 2022 20:03:18 -0000
Ok Christer I don’t want to sound snarky but when you refer to ATIS you are actually referring to the Joint ATIS SIP Forum Network to Network Task Force that has done most of the SHAKEN framework. The design of this TF was done specifically to permit the widest possible participation by institutions that typically are not ATIS members. Many of them are other national regulatory authorities that I’m in regular contact with. The latest being COMREG in Ireland. In no way am I being critical of ATIS. As a SDO ATIS has their business model the SIP Forum and IETF has their own. This Joint Venture has proven to be invaluable to both organizations. I’m very very grateful for this ongoing partnership. We, the SIP Forum, agreed to use many of the excellent ATIS secretariat functions in the interest of efficiency. All of our documentation is publicly available. You are probably aware that the SIP Forum runs the largest conference on Call Authentication anywhere. https://www.sipforum.org/news-events/sipnoc-2022-overview/schedule/ And as a practical matter the chairs of the ATIS SIP Forum NNI TF Martin Dolly and Chris Wendt are both members of my Board of Directors. And yes Ericsson is well represented as well. https://www.sipforum.org/about/board-of-directors/ — Richard Shockey Shockey Consulting LLC Chairman of the Board SIP Forum www.shockey.us www.sipforum.org www.sipnoc.org (2022) richard<at>shockey.us Skype-Linkedin-Facebook –Twitter rshockey101 PSTN +1 703-593-2683 From: Christer Holmberg <christer.holmberg@ericsson.com> Date: Thursday, May 12, 2022 at 3:35 PM To: Richard Shockey <richard@shockey.us>, Robert Sparks <rjsparks@nostrum.com>, "stir@ietf.org" <stir@ietf.org> Subject: RE: [stir] Definition of STIR Hi, At least in my experience, ”RTCWEB” is normally not used outside of the circles that worked on it. People normally talk about “WebRTC”. Also, as far as I remember, there are no RFCs with “RTCWEB” in the title (they all talk about defining this and that for “WebRTC”), or RFCs using “RTCWEB” to refer to some specific mechanism. Also, I don’t think it is problem when “STIR/SHAKEN” etc is used as an abstract “marketing term”, referring to the work that IETF and ATIS have done. The problem comes when we start using it in technical terms, talking about “STIR mechanism”, “extending STIR”, etc. Then it becomes much more abstract. I think the sentences suggested by Robert ("The set of mechanisms beginning with RFC8224 and its extensions" or "The set of mechanism defined by the STIR working group.") would clarify a lot, eventhough it may seem obvious to those involved in the IETF/ATIS work. Regards, Christer From: stir <stir-bounces@ietf.org> On Behalf Of Richard Shockey Sent: torstai 12. toukokuuta 2022 3.29 To: Robert Sparks <rjsparks@nostrum.com>; stir@ietf.org Subject: Re: [stir] Definition of STIR Robert did you really have to bring up RTCWEB? LOL +1 plus the implementation of the STIR/SHAKEN framework is a national regulatory specific issue. US CA now. France is coming. UK wants to do it but has very specific problems that take precedence. I’m on the FCC NANC Federal Advisory Committee and we just completed a report on the current state of affairs not only in the US but other countries. Lots of folks on this list participated in this effort. https://access.atis.org/apps/org/workgroup/catawg2/document.php?document_id=65705 — Richard Shockey Shockey Consulting LLC Chairman of the Board SIP Forum www.shockey.us www.sipforum.org www.sipnoc.org (2022) richard<at>shockey.us Skype-Linkedin-Facebook –Twitter rshockey101 PSTN +1 703-593-2683 From: stir <stir-bounces@ietf.org> on behalf of Robert Sparks <rjsparks@nostrum.com> Date: Wednesday, May 11, 2022 at 7:06 PM To: <stir@ietf.org> Subject: Re: [stir] Definition of STIR Hi Christer - While I sort of see your concern, I think you may be overthinking the need to have a single document that says what "STIR" is? The language that you pointed to when you started this thread could be restated as "The set of mechanisms beginning with RFC8224 and its extensions" or "The set of mechanism defined by the STIR working group.", or for _that particular sentence_ we can just point at a particular RFC. But really, for readability even into the future, STIR is a well enough known acronym now that the sentence will not confuse or mislead, and readers will be able to follow it to the necessary documents (via the Normative References) to understand what the document is saying. Charters do "last forever" fwiw. And replay your question using "RTCWEB" :) RjS On 5/11/22 3:20 PM, Christer Holmberg wrote: Hi, >Does it need to be in an RFC? Maybe update the WG charter instead? I don’t think we normally define terminology in the charter. Also, as the WG/charter may not “last forever”, I don’t know if we can reference it. >I’m not against it being in an RFC, but don’t know if there is a need. The word “STIR” is used in many RFCs, but there is no (AFAIK) definition or reference anywhere. draft-ietf-stir-identity-header-errors-handling references RFC 8224 for the new “STIR” Reason header protocol value. Regards, Christer From: Christer Holmberg <christer.holmberg@ericsson.com> Sent: Wednesday, May 11, 2022 2:23 PM To: Richard Shockey <richard@shockey.us>; Gorman, Pierce <Pierce.Gorman@t-mobile.com>; stir@ietf.org Subject: RE: [stir] Definition of STIR Hi, >Pierce that about covers it… But that is not documented in any RFC, is it? Regards, Christer — Richard Shockey Shockey Consulting LLC Chairman of the Board SIP Forum www.shockey.us www.sipforum.org www.sipnoc.org (2022) richard<at>shockey.us Skype-Linkedin-Facebook –Twitter rshockey101 PSTN +1 703-593-2683 From: stir <stir-bounces@ietf.org> on behalf of "Gorman, Pierce" <Pierce.Gorman@t-mobile.com> Date: Wednesday, May 11, 2022 at 2:04 PM To: Christer Holmberg <christer.holmberg=40ericsson.com@dmarc.ietf.org>, "stir@ietf.org" <stir@ietf.org> Subject: Re: [stir] Definition of STIR I suppose you or others could volunteer attempts at a definition. Once satisfactorily achieved, what would you do with it? Not trying to be a smart alec. I’m seriously curious. I will volunteer that I think of “STIR” as being the collection of work in the IETF that is referenced in “SHAKEN” call authentication specifications in use in the US and Canada (so far). “STIR” is the collection of work that tells you how to create a SIP Identity header of whatever type you need for a particular call type, and how to create an X.509 security certificate (chain) with extensions and constraints needed to verify the contents of a SIP Identity header. “SHAKEN” (a body of work in the ATIS/SIP Forum Joint Task Force on IP-NNI) tells you how to create and use various SIP Identity types defined in “STIR” and about the governance, policy, and certificate authorization framework used to acquire SHAKEN-specific X.509 end-entity certificates. Beyond this, the call authentication governance authorities in the US and Canada have created requirements and selected entities to be Policy Administrators (PAs) and also created Certificate Policies which outline the requirements to be an authorized (within their respective jurisdictions) Certification Authority (CA), thus creating the SHAKEN GA/PA/CA Secure Telephone Identity (STI) Public Key Infrastructures (PKIs). I expect others can volunteer alternative, and potentially better, definitions. Best regards, Pierce Gorman From: stir <stir-bounces@ietf.org> On Behalf Of Christer Holmberg Sent: Wednesday, May 11, 2022 11:52 AM To: stir@ietf.org Subject: [stir] Definition of STIR [External] Hi, What exactly is ”STIR”, other than the name of an IETF WG? Sometimes “STIR” used in document titles, sometimes there is text saying “STIR”/“the STIR mechanism” does this and that, provides this and that etc. draft-ietf-stir-identity-header-errors-handling talks about “extending STIR”. RFC 7340 is supposed to describe the STIR problem, but 7340 does not even say what STIR stands for (Secure Telephone Identity Revisited), and there is no RFC named “STIR”. The question came up while I was reviewing the messaging draft, which says: “Secure Telephone Identity Revisited (STIR) provides a means of attesting the identity of a telephone caller…” Regards, Christer _______________________________________________ stir mailing list stir@ietf.org https://www.ietf.org/mailman/listinfo/stir _______________________________________________ stir mailing list stir@ietf.org https://www.ietf.org/mailman/listinfo/stir _______________________________________________ stir mailing list stir@ietf.org https://www.ietf.org/mailman/listinfo/stir
- [stir] Definition of STIR Christer Holmberg
- Re: [stir] Definition of STIR Gorman, Pierce
- Re: [stir] Definition of STIR Richard Shockey
- Re: [stir] Definition of STIR Christer Holmberg
- Re: [stir] Definition of STIR Gorman, Pierce
- Re: [stir] Definition of STIR Christer Holmberg
- Re: [stir] Definition of STIR Robert Sparks
- Re: [stir] Definition of STIR Richard Shockey
- Re: [stir] Definition of STIR Christer Holmberg
- Re: [stir] Definition of STIR Richard Shockey
- Re: [stir] Definition of STIR Richard Shockey
- Re: [stir] Definition of STIR Richard Shockey
- Re: [stir] Definition of STIR Richard Shockey
- Re: [stir] Definition of STIR Christer Holmberg