IETF Logo Mail Archive

Re: [stir] Interop related topics for STIR

Christer Holmberg <christer.holmberg@ericsson.com> Tue, 13 July 2021 20:03 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 711DC3A170E for <stir@ietfa.amsl.com>; Tue, 13 Jul 2021 13:03:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.452
X-Spam-Level:
X-Spam-Status: No, score=-2.452 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TtekNlI5uEcG for <stir@ietfa.amsl.com>; Tue, 13 Jul 2021 13:03:07 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2075.outbound.protection.outlook.com [40.107.22.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BD363A1702 for <stir@ietf.org>; Tue, 13 Jul 2021 13:03:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HcBn6S6KoGDVsfWmUa2d4lW1LUF2pud/kQ+/7/U+n6qlx9/M6oMqMS6JmDAqZDn4hCedlIkXmlzgc+cjmjEDMP4S6woX8Y4cvocSIYuOKksm2WPYLOJG+x3DldLEBCT/F5kdp6MvItn+40ATj6Jb3lBm5cy0Mc30/gvx9ZuGSonGiiVLzoK/niqdxZ9gO2SWromKqEp/uDwBSqGVQCiju2x+Mc3Lyd/UYVQdkQdbT75j9RulHNsgf9HgdAeZ+JrdogRG6D8k/ivB2EyB1Uh2zrLtSYK87UWlv0NTgtH3jPVGJYIpfPDzYDDqrRViNJZiIToXBm1l2sRwrQgtoQi8mg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hPBpWRP+/tROZGeZO2qBtPRrxtlgQXorXrAALfXlVd4=; b=N08siO4fbq+9/rG5Si6Fx51mL5ULfTBTp93djkj68JlKgv1EmEMR5cHIr7ra4WNWZmONti08P0CdtmzO58ZcNJYIJa86tKsKgMaa6hnNRbq21G85aTvJKRi61FOeQI+wlZ6/PnVya0qjctwMNbTNYV5zOmo0mLXo87O8oyPivmxMKjhhPcDbZuUfpoiYgooAYZ/Fsfki/3bvDUa92pyz6FhS0GEqvwP3STefh0Q5rZI/+a3JNqt4+8wKJZgTUIbjb656TILjsx2sRywi4/My/iKzZEddxmK36WsgBAUUIjh0Ka0X5C6jyXuavFtvWjwhRsyxc9Hj6PokgOo/EV44wQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hPBpWRP+/tROZGeZO2qBtPRrxtlgQXorXrAALfXlVd4=; b=AO/k77TvbGdvVMDDoY3HRXXhrLmndW+cKbUVCu/1hBkvPvRqN98iDtbT8E+khYeY1XaBeodctvyHHwOB5Yr0xwPdcRNIO1qwPHjDNgR7IsljpfUJLYY/7+bEEF7fLlm0O8+GDOU9ZP6PnA7EcleYfpf77X5oY7lvFZMB1rEvpns=
Received: from HE1PR07MB4441.eurprd07.prod.outlook.com (2603:10a6:7:9f::27) by HE1PR0701MB3004.eurprd07.prod.outlook.com (2603:10a6:3:4d::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.14; Tue, 13 Jul 2021 20:03:00 +0000
Received: from HE1PR07MB4441.eurprd07.prod.outlook.com ([fe80::8cb8:b3b2:b265:d65f]) by HE1PR07MB4441.eurprd07.prod.outlook.com ([fe80::8cb8:b3b2:b265:d65f%5]) with mapi id 15.20.4331.021; Tue, 13 Jul 2021 20:03:00 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: "Peterson, Jon" <jon.peterson=40team.neustar@dmarc.ietf.org>, Russ Housley <housley@vigilsec.com>, Roman Shpount <roman@telurix.com>
CC: IETF STIR Mail List <stir@ietf.org>
Thread-Topic: [stir] Interop related topics for STIR
Thread-Index: AQHXeBa8FHdeKe4/h06Q+SwasVwBt6tBQZ4AgAAKawCAAAbxkA==
Date: Tue, 13 Jul 2021 20:03:00 +0000
Message-ID: <HE1PR07MB444105CF3A1F1E8C22553AD093149@HE1PR07MB4441.eurprd07.prod.outlook.com>
References: <2C876D56-5E92-462F-890D-383076B91233@vigilsec.com> <CAD5OKxtE=W=wg8FDOC=yOqB6cHEAf5hoLWArvs6ysoeaWsxZMQ@mail.gmail.com> <8C2E746A-2B02-44CD-99F0-CA55C4051818@vigilsec.com> <CAD5OKxsQ+WO6zPcF49_DZV+DdxuNZJbSVWJtaRCTUqHAf2t80g@mail.gmail.com> <62682C90-8635-42B4-8D04-A89243ED54FF@vigilsec.com> <20E31A90-44D4-4F55-B67E-6106DC9D9763@team.neustar>
In-Reply-To: <20E31A90-44D4-4F55-B67E-6106DC9D9763@team.neustar>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: aa427f4b-8dce-496b-1ee2-08d94639378b
x-ms-traffictypediagnostic: HE1PR0701MB3004:
x-microsoft-antispam-prvs: <HE1PR0701MB30042FB0072C11D2B68F14B693149@HE1PR0701MB3004.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Zjn5MJBFPkLVaqghOH5B7w8TECU/MY/RWT0+BFox1YauAdGAeQ6W6jUDipgpweeZjEbmg9suQ9ONppIcOOSRvYUSHXyW1PtRc3hMh1JPxbwoLSAd9yen3Zmea48IeQwfQ5nitY/rQ+Nra+i7+M1A6e+jzCApgkEKXtvFrMOsdePpqkC8ciNd4ES2dYOw+viXU5Zh1I8Xnz+7SoDYiQAZA9RSUfb4XdrZTKSzRw+iL1TmB7VcFjNhG6Rjo1WS7WjMcuK1bLVVyjbFbdk1hML9BYRTeYu3634xV6YkshOncTYjif6OoLEekWPJLpE+5Wx/idiDSheh+KjiJpn4ESiVhkjrEywmmlHBF0+8jAu5PDcwkotEqPoSGrK5EVCdch5lTECDxSngwCeV7sm8DlEtGevwN+ucWn8oyZstOzvxj/dCHia/Xx5CVnmmGK60Hsg81xXUVQ+7XlnbPzKKV/1Cb9vXp3L0Kk4/Hr/sMlyZO40IC4o1dKu/LypJqJC/YB3KeO6l9XqGv5xuMUhUll6IBdM5SS8ud7UmymuI/FfIYjVvF+p0HdTeFZcGv+QoTxob+CSWoueWuSkDcCV7HogAS15xV6EVS2rd3PnYpNplYSpl2jtoVxFnpbqvdbACr0JdJx3SQW9XenA2GG95m2fKADg3lysV3eWJHAlqa7ZTkqCScXEkyHEDprpYcTg3Nv+Ic56mqDVgVH5UzArAeriV7N18Rg05VfjnjefqgGhnxPU=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR07MB4441.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(396003)(366004)(39860400002)(376002)(136003)(9686003)(66946007)(7696005)(64756008)(66476007)(55016002)(166002)(8676002)(4326008)(76116006)(66446008)(66574015)(83380400001)(122000001)(5660300002)(478600001)(66556008)(2906002)(52536014)(53546011)(86362001)(71200400001)(110136005)(44832011)(38100700002)(8936002)(33656002)(6506007)(316002)(26005)(186003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: GzbRUAbnHxDslinTxh+NqdsMXIIljuzuaCNoMweOfAl1s7CwVW2VtBnkojMPrUWtyQkUIr74J+AQe4Z/IPy3LYkHhLu8znrttn65hI5M6msZFv/KjplB9AHxvrNeon4d+L5oMYplXGqy4xbGSAaPPhpSAARDlynTjlKFdhiHo9IdpUoqknVKwafq9ptj6Hq+mIW8cqIKFTQHDoQ63nWj9j12nNYp8BMFDDRyfJDTNKxW36KH8wdgXe73SSGdUH6VbaraF8lI6Z9RZi5yu78s3PJom9bX1WAb8VBMh/1ujfCUuowzAwshg2c7sCgCbMBkxPk1uODR3RQ0lqPeky+t5Yqya/nRMn7qvoOgKq2lqfF1ujFQb39ZFOGG9mo3yzP07TzTOHrZ/P+DUcjMEB37WHrRR0R9W1FSgxgFg1wRugIk0Y2DEr9l0ZTlZZxbLVO+FliiqM/qfJfHTcxJr8c57p+FenSI3AznU+BOwXKaZGEhK+pBfpc3MVT0V83+OzUYCDFBvAkz2+1GnJ0VdzUc2cVMwArnxuHUjW2fqJpVsUlrCi4IaL62bYg3T/PweXYt8G2nfJx2H5Spmou732ekUnmcNTSU+THOU7JqSfkqhtfp+tuMA4m8sUnushrZJloi/DD4PezfdwWC0+UudRF3oZjjDf2lPm0BiC2yMrw9Ry0nvWev3VtaD/nnxesGIHUcwfCqzGbCpVT6mrCK9UzQicJu0CAOI9oKYKpOKYEa5wirsD0atxX5IEc01Vdih3UDKSm1KnIwjSahpqIAzmBpbsTUWNSiRz735v0IcIvXXXCmR5PRd7Sdtl5AnC33OEyhtrc+hqRiQApQRdMwjWrTmJvYiIHvh9Qj+DdtzXu8cGP5rKiyaDRP4Z9g+5jMYLdAfBMzD/lhs3r1VAE7ywyLkdXi933YtWAufDcm+WMHAn2rIxf2MtTcrRnrU2o5zuAmlcXfXl0hLASS3isKFijVhZWOCy6grZIltzciMnoF61fEPxtjqlIl/dLje2Q6zjJoHnN7K3qqOmzkjYSjKM+OPApN+tLBA72cAzVtDjuiEGBfJ0Y1Wz0Ngb07h8QAEpsAwZs5zJW3GMGcqbyQLKZxNV6VKjwFYveh5JjMGVmbW5i491vO6CVAPCEd7zcOcGYXbQG2siEAwh39Uy87p3n1h+af9Sr8U2zF0uRw1XKIy5EJ40eEu+Vux+tsJ6Plvf3klUVbR5blSjPqFhtmP2tS3L8QR6lIr+S2BkSLdYupVnaSdQ9NKwJf9NY1Vfcn5OWMxZfu5qwMN//0hf8MckVs/YCDV5X8+7vqakoA5b5PRRM88B2ZZoS4Z6cSKdCz5UmP
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_HE1PR07MB444105CF3A1F1E8C22553AD093149HE1PR07MB4441eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR07MB4441.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: aa427f4b-8dce-496b-1ee2-08d94639378b
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jul 2021 20:03:00.7980 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: CInJPwXjdkuLjrPSNGwpUyJji6p2DEKJlmiqrRs5+B/7qccVCXak0dz3NpaStMtwTL6Rc+FbSeDm1bgQ6O5yVihi4MdIyEQGvZiSEDJlFH4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB3004
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/MYn0o5s2sOtOtNHWwlW6Ajnzk0g>
Subject: Re: [stir] Interop related topics for STIR
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jul 2021 20:03:13 -0000

Hi,

Regarding 4), I agree with Jon. As I’ve said before, a SIP message can exceed 1300 bytes even without STIR. If the usage of TCP for SIP needs to be better explained, that belongs to 3261 (or, perhaps a generic TCP-for-SIP draft).

Regards,

Christer

From: stir <stir-bounces@ietf.org> On Behalf Of Peterson, Jon
Sent: tiistai 13. heinäkuuta 2021 22.35
To: Russ Housley <housley@vigilsec.com>; Roman Shpount <roman@telurix.com>
Cc: IETF STIR Mail List <stir@ietf.org>
Subject: Re: [stir] Interop related topics for STIR


I think 1 needs to be fixed as an errata; it’s an actual bug in the current spec.  From my perspective, 2 and 3 are more “it would be nice” sorts of issues that we’d explore if we had some more substantial motivations to do an rfc8224bis – I don’t think they are worth doing a bis for on their own merits, especially not given the current state of deployment. 4 is not really a STIR issue, just a 20-year-old SIP issue that STIR is the latest thing to exacerbate. And as for 5, I’m not sure what the issue is… elaborate?

Jon Peterson
Neustar, Inc.

From: stir <stir-bounces@ietf.org<mailto:stir-bounces@ietf.org>> on behalf of Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>>
Date: Tuesday, July 13, 2021 at 11:57 AM
To: Roman Shpount <roman@telurix.com<mailto:roman@telurix.com>>
Cc: IETF STIR Mail List <stir@ietf.org<mailto:stir@ietf.org>>
Subject: Re: [stir] Interop related topics for STIR

Roman:

Assuming that others agree with the way forward, it seems that 1-3 are the start of 8224bis, and it seems that 4 might be a new Operational Considerations in 8224bis.

Again, assuming agreement on the way forward, 8226bis should reflect real implementation.  That said, 8226 also envisions finer granularity than we have seen so far.

I think a STIR Torture Test document would be very valuable.

Russ


On Jul 13, 2021, at 2:41 PM, Roman Shpount <roman@telurix.com<mailto:roman@telurix.com>> wrote:

I am moving this into a new thread.

So far the following RFC8224 issues were identified:

1. Errata regarding quotes in ppt value (Errata ID: 6519). Need to verify that both ppt values with and without quotes are supported when Identity header is received

2. Date header is required. It should probably be optional since the information there is redundant when the Full-Form PASSportT is used. Several known implementations omit it.

3. Should it be possible to omit ident-info and ident-info-params when the Full-Form PASSportT is used? All implementations I have seen include it, but there are occasional mismatches.

4. When SIP message is over 1300 bytes, the request MUST be sent using a congestion-controlled transport protocol such as TCP (https://datatracker.ietf.org/doc/html/rfc3261#section-18.1.1<https://protect2.fireeye.com/v1/url?k=903fe637-cfa4ded5-903fa6ac-86073b36ea28-33d90488cafd9ba9&q=1&e=0b2e7635-bc78-4316-8051-c8abb27c2107&u=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc3261%2Asection-18.1.1__%3BIw%21%21N14HnBHF%21oAy6J5s7jZgI4_5_yZuq0vQqaQNof-Hm5As08cXc4f_4q6Ey-LKdpEIAy_v4cJVm6QTc4w%24>). Considering that the Identity header is typically around 1000 bytes, this requires all networks to start using reliable protocols which is not currently the case. There is a way to work around this for the private links where MTU is under vendor control, but for links over the public internet, this needs to be clearly stated and tested.

5. I do not think RFC8226 reflects the actual practices for STIR certificates.

We should also consider an informational document with STIR Torture test messages as well as BCP.
_____________
Roman Shpount


On Tue, Jul 13, 2021 at 1:57 PM Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>> wrote:
I think that a SIPIT would be a very good thing, but that is not and IRTF activity.  That said, I would be very happy to use this list to know about a SIPIT once it is organized.
Are there other interoperability or ops-orient topics about STIR that needed to be discussed?  If so, please start a thread.

v2.23.0 | Report a Bug | By Email