IETF Logo Mail Archive

Re: [stir] Review of: draft-ietf-stir-passport-05

"Peterson, Jon" <jon.peterson@neustar.biz> Fri, 29 July 2016 21:56 UTC

Return-Path: <prvs=10182c4863=jon.peterson@neustar.biz>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CAFD12D0C0 for <stir@ietfa.amsl.com>; Fri, 29 Jul 2016 14:56:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.601
X-Spam-Level:
X-Spam-Status: No, score=-102.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1vKW-sXrGzPv for <stir@ietfa.amsl.com>; Fri, 29 Jul 2016 14:56:51 -0700 (PDT)
Received: from mx0b-0018ba01.pphosted.com (mx0a-0018ba01.pphosted.com [67.231.149.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E8A012D5BE for <stir@ietf.org>; Fri, 29 Jul 2016 14:56:51 -0700 (PDT)
Received: from pps.filterd (m0078666.ppops.net [127.0.0.1]) by mx0a-0018ba01.pphosted.com (8.16.0.17/8.16.0.17) with SMTP id u6TLr9rV031552; Fri, 29 Jul 2016 17:56:49 -0400
Received: from stntexhc10.cis.neustar.com ([156.154.17.216]) by mx0a-0018ba01.pphosted.com with ESMTP id 24c4pqp3k9-1 (version=TLSv1 cipher=AES128-SHA bits=128 verify=NOT); Fri, 29 Jul 2016 17:56:49 -0400
Received: from STNTEXMB10.cis.neustar.com ([169.254.5.94]) by stntexhc10.cis.neustar.com ([169.254.4.225]) with mapi id 14.03.0279.002; Fri, 29 Jul 2016 17:56:48 -0400
From: "Peterson, Jon" <jon.peterson@neustar.biz>
To: "dcrocker@bbiw.net" <dcrocker@bbiw.net>
Thread-Topic: [stir] Review of: draft-ietf-stir-passport-05
Thread-Index: AQHR6Pa+qcjKJ8B9hE+IbOWpflw+YqAwC2aA///iyICAACbTAIAAF6MAgAAuNYA=
Date: Fri, 29 Jul 2016 21:56:48 +0000
Message-ID: <D3C19686.1A6A4E%jon.peterson@neustar.biz>
References: <07e0eb16-6758-cdf1-c571-1f1ed768e741@dcrocker.net> <D3C152B2.1A69BA%jon.peterson@neustar.biz> <b096b541-c8af-9617-c9d7-5a1beb5230e8@dcrocker.net> <D3C16040.1A6A09%jon.peterson@neustar.biz> <d66d91f0-9ea2-6295-e749-e48ea37b4892@dcrocker.net>
In-Reply-To: <d66d91f0-9ea2-6295-e749-e48ea37b4892@dcrocker.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.3.160329
x-originating-ip: [10.96.13.16]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <0C336C529FF2BB4699A99F7A3CB30A53@neustar.biz>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-07-29_14:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1604210000 definitions=main-1607290218
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/MeYfZw9SrBc5P9orUn6dTSgnnMA>
Cc: IETF STIR Mail List <stir@ietf.org>
Subject: Re: [stir] Review of: draft-ietf-stir-passport-05
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jul 2016 21:56:53 -0000

>JWT has nothing to do with SIP.  So when applied to a SIP context, it's
>entirely artificial.  And yes, I noted the views that thought it simpler
>or equivalent to the computed string, but could not see the explicit
>logic that made JWT a better choice, no does it seem obvious to me.
>Quite the contrary.

The only thing JWT has to do with SIP is that JWT can be a container for a
signed set of metadata and claims that might be useful in preventing
impersonation in a SIP request. JWT was chosen not because it has any
exclusive or special applicability to SIP, but instead because it could
have applicability both to SIP and other protocols.

I'm not sure I see much value in revisiting that consensus call, but I'm
sure the chairs could call it again if they see fit.

>Note that during the wg session in Berlin there was /still/ question
>about where to put the JWT information.

Kind of. It was a question about the best syntax for transporting only
part of a JWT object, and was as much a discussion about "if" as "where".
But that technical choice does not imply any discomfiture with JWT itself.

>> If you want a record of this intervention, I might point you to the Oct
>>9
>> 2015 virtual interim where this was the focus:
>>
>> https://www.ietf.org/mail-archive/web/stir/current/msg02140.html
>>
>>
>> ... and then the intense list discussion that followed hard upon it.
>
>The recording of that interim is not accessible and the very terse
>summary text of the session show nothing about an intervention.

The "intervention" is reflected in the summary text: "Chris Wendt
introduced the verified token being discussed in the IP-NNI task force."
That "verified token" was an early form of PASSporT, introducing a
JWT-based assertion. Then we can observe how "conversation focused on the
differences and similarities in what the signatures in the verified token
and RFC4474bis Identity header protected," where the latter option then
was the concatenated string I've mentioned. We made a decision there to
try to merge these into the core proposal, as the summary reads "An open
design team was formed to discuss finding a common way to address the
signaling." The design team than proceeded.

>  And 
>there was no mailing list activity for the next several days afterward.

You are absolutely correct that there were no submissions to the STIR
mailing list immediately following the interim on Friday October 9. Not a
single related email went out on Saturday the 10th, Sunday the 11th, or
even Monday October 12th (which, incidentally, was Columbus Day). Then, on
the 13th, the only mail that went out announced that the Doodle poll for
the design team had (behind the scenes) resolved, and that its first
meeting would be that coming Friday, the 16th. The day of that design call
there were 44 messages sent to the list on related subjects.

> 
>Nor do I see anything in the mailing list postings that /do/ show up
>those several days later.

I can imagine that since I had to annotate even the summary text of the
interim meeting in order to show how it related to this topic, it might
not be clear from the threads on encoding, the NNI and so on how they were
salient to these decisions if you weren't participating in the WG at the
time. Maybe looking at the design team minutes for Oct 16th would be
clearer? It at least mentioned JWT explicitly.

https://www.ietf.org/mail-archive/web/stir/current/msg02183.html

>So I've no idea what you meant by "hard upon it."

I understand you feel that progress should have been more immediate to
justify my characterization.

>Hence your explanation:
>
>      "we need to build more generically for real-time communications
>rather than just SIP."
>
>does not seem to reflected in the wg record.

Maybe you'll find the Oct 16th design team minutes clearer on this point.
Or maybe they too would require more annotation to clarify the subject and
thinking of the working group after the fact. The discussions that they
reflect, anyway, were sufficient to drive consensus at the time.

Jon Peterson
Neustar, Inc.

v2.23.0 | Report a Bug | By Email