IETF Logo Mail Archive

Re: [stir] Robert Wilton's No Objection on draft-ietf-stir-enhance-rfc8226-03: (with COMMENT)

"Rob Wilton (rwilton)" <rwilton@cisco.com> Tue, 29 June 2021 08:25 UTC

Return-Path: <rwilton@cisco.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8D103A2AF6; Tue, 29 Jun 2021 01:25:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.896
X-Spam-Level:
X-Spam-Status: No, score=-11.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=EbqavlCw; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=CyDYLNi7
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a_BdGLHsbdDk; Tue, 29 Jun 2021 01:25:18 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFBB43A2AF5; Tue, 29 Jun 2021 01:25:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2184; q=dns/txt; s=iport; t=1624955117; x=1626164717; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=DxRUVzVlAPseJ/0Hotwsvp0vHSX0nrJU3OugVbi9f9E=; b=EbqavlCwoAf0YiJDzGq7mrG03Bzh7vViW9oP1uZXFKvugC6i6tdw0EMT Gn5Vy2S3ItVLuHIxLqkNUY+onIUVrJW0ZrC/kwnC7H1eiYJz7ryWdu/2t 8whd3GoiTuiIoMmw3lhvv28kc2o/NH/XmqnNF/trWpxhqYkAwox6/VSgU E=;
IronPort-PHdr: A9a23:MlmMvh/RTPTDMf9uWMHoyV9kXcBvk6v1MQ8R8ZcszblJd/fr85fjORnZ4vNgxB/MUJ7A4v1Jw+zRr+j7WGMG7JrA1RJKcJFFWxIfz8lDmQsmDZ2bCEL6KOXnZGoxG8ERHFNg9muwZE5SHsu2blbOo3q0uDgVHBi3NQd8KunvXIDIiMHi3OGp8JqVaAJN11KA
IronPort-HdrOrdr: A9a23:q/GrIaPleuiMUMBcT33155DYdb4zR+YMi2TDiHoRdfUFSKKlfp6V88jzjSWE9wr4WBkb6Le90dq7MA3hHPlOkMks1NaZLUjbUQ6TTL2KgrGSuAEIdxeOk9K1kJ0QD5SWa+eATmSS7/yKmjVQeuxIqLLsnczY5pa9854ud3AWV0gK1XYeNu/vKDwPeOAwP+tBKHPz3LsimxOQPVAsKuirDHgMWObO4/fRkoj9XBIADxk7rCGTkDKB8tfBYlql9yZbdwkK7aYp8GDDnQC8zL6kqeuHxhjV0HKWx4hKmeHm1sBICKW3+40ow3TX+0KVjbZaKvu/VQMO0biSAZER4YHxSiIbToNOArXqDzqISFXWqlPdOX0Vmg7fIBej8AveSIrCNW8H4w4rv/MHTvMfgHBQ4O2UmZg7rF6xpt5ZCwjNkz/64MWNXxZ2llCsqX5niuILiWdDOLFuJYO5gLZvt3+9Kq1wVh4SKbpXZtVGHYXZ/rJbYFmaZ3fWsi1mx8GtRG06GlODTlIZssKY3jBKlDQhpnFoi/A3jzMF7tYwWpNE7+PLPuBhk6xPVNYfaeZ4CP0aScW6B2TRSVbHMX6UI17gCKYbUki956IfII9FrN1CXaZ4gqfatK6xJG+whFRCMn4GU/f+qaGj2iq9N1lVcw6duP1j2w==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CuDACO2Npg/5ldJa1aHgEBCxIMQIMqUQeBUTcxC4gFA4U5iGkDmiCCUwNUCwEBAQ0BAT8CBAEBhFICgnACJTgTAgQBAQESAQEFAQEBAgEGBHEThWgNhkUBAQEDARIoBgEBKQ4BCwQCAQgRBAEBHxAyHQgCBA4FCBqFJQMOIQEDnTgBgToCih94gTSBAYIHAQEGBASFQBiCMgmBOoJ7im8nHIFJRIEVQ4JgPoQiAQEig0uCLoMfAQhcBIErQCoUMSSRYJh+kgQKgyCeLBKDYJFokEC6QwICAgIEBQIOAQEGgWskgVlwFTuCaVAXAg6OHzeDOYpeczgCBgoBAQMJfIltAYEQAQE
X-IronPort-AV: E=Sophos;i="5.83,308,1616457600"; d="scan'208";a="636903212"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 29 Jun 2021 08:25:16 +0000
Received: from mail.cisco.com (xbe-rcd-004.cisco.com [173.37.102.19]) by rcdn-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 15T8PG77025401 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 29 Jun 2021 08:25:16 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xbe-rcd-004.cisco.com (173.37.102.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.792.15; Tue, 29 Jun 2021 03:24:51 -0500
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 29 Jun 2021 04:24:50 -0400
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.18 via Frontend Transport; Tue, 29 Jun 2021 04:24:50 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YASdTK4KsjBSTHrAgDyX4U26CG8bbWGj36+iNuqB8Yq1a3VCpPisY4LiajPZGiY7vweOy2JrPv+sMcojCjYHq2tP3PvThutSZzI1ZWpp5Yn+YMLnDIelqbVpprJ3mXCXcFPF4QikavYoJlFvMocCnPw5hlSQWyCCywoMEhUvItgSWrBjyEZhw8vuPMcfFUsvXGJFagrrFTcZa97/aokBYQi8q4upwhliXjXj7DpK727EnIX8il5CYxV2s/UciQ83cx93tx0LeZ3hz5QK2ce2ugrJs+/XI5FyRG5VIMyC93xVjpsg8Z4eNVuwT3cAwgn9OwV6LlOpD8Aa6CWXvTY5wg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FP6D623tqW3dEIIyE2klbD+N9LM3pufAXOwrsKWBpZ0=; b=KBOad5WbPi2pOmK86nafViBLV42ROcSlzfbMkA6AyCjaB6arcUd56xWWWk+4MjOdr5fYNNukcLHz5WnhYdiB68/hzyO12QoG0BufizqE0/Wr4QSHIe1B/hhFN0t5n0Sj+dVcayERml7/mm8ErTFCpIinlJGJJy7IlvRc442LuUKTwSn53Ubi5Wgh+HlN/U6lRKoxspmChM8u9TmAuKfLBx6W4HDA7qZUdAQS5LuoEA6LCj9pagLTEFKerimbo95cB6YPvVlPwEFL3y02NJG4NEis3kiP3q/TcQxYPkrzl1ngNw5rKyZ51Nmd3Q88Zf6Rg+cyRvmaaSrWGFF2dTFD8A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FP6D623tqW3dEIIyE2klbD+N9LM3pufAXOwrsKWBpZ0=; b=CyDYLNi7l+vHZlUwWfwyuKi0wVWX3xXzPf63AlM6BS/8RJpRsPtcf8jAzgSjlIu2uoLwUqxCCAOfnN+UOmL1TFgZz6cjyYqqRQnRyWvPv5BWV8Z1gnwd2RbtgWr5coWvY+53vkpMGzhkT7D3W4a74Tn/jJHzjHkaXKXpX4cNy5w=
Received: from DM4PR11MB5438.namprd11.prod.outlook.com (2603:10b6:5:399::21) by DM4PR11MB5536.namprd11.prod.outlook.com (2603:10b6:5:39b::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.20; Tue, 29 Jun 2021 08:24:49 +0000
Received: from DM4PR11MB5438.namprd11.prod.outlook.com ([fe80::e14c:8880:1101:bb0c]) by DM4PR11MB5438.namprd11.prod.outlook.com ([fe80::e14c:8880:1101:bb0c%7]) with mapi id 15.20.4264.026; Tue, 29 Jun 2021 08:24:49 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: Russ Housley <housley@vigilsec.com>
CC: IESG <iesg@ietf.org>, IETF STIR Mail List <stir@ietf.org>, Ben Campbell <ben@nostrum.com>, Robert Sparks <rjsparks@nostrum.com>
Thread-Topic: [stir] Robert Wilton's No Objection on draft-ietf-stir-enhance-rfc8226-03: (with COMMENT)
Thread-Index: AQHXbABHEDqvapBT4EKnvv04LFGql6spv02AgADpBOA=
Date: Tue, 29 Jun 2021 08:24:49 +0000
Message-ID: <DM4PR11MB5438B2E873A84194391AEA22B5029@DM4PR11MB5438.namprd11.prod.outlook.com>
References: <162487263632.15104.7075847684500025031@ietfa.amsl.com> <A65B0F2A-AAF4-4FC8-87A7-3A40144CEBBB@vigilsec.com>
In-Reply-To: <A65B0F2A-AAF4-4FC8-87A7-3A40144CEBBB@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: vigilsec.com; dkim=none (message not signed) header.d=none;vigilsec.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [82.12.233.180]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4a0d3358-a562-4683-4255-08d93ad75c98
x-ms-traffictypediagnostic: DM4PR11MB5536:
x-microsoft-antispam-prvs: <DM4PR11MB5536AD3A64807B0D2D5D2E72B5029@DM4PR11MB5536.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Z6ttJn/Heafz952bXENK5s9VG4TZ/7d8nTuYqT0VvcZY7KGnJhz9kQuD5w+5+sN8LVHd7clGJMF7/cQf872P26kA1f5Q+Q+SDzidqCKHm3cg+UoapfG9fjBjPc6ncrqhetf/mYkJB+u0+/prvGg8Y5+H22h65PvEEhGsL+bbNTDDE1IaWDWs7xpa3gKRlqRKmVIqgqwGwdqz1stEMRSj25F/a7Gxtw6DCjbg358Mo4bcHxDlglnkI4gQd9KBYx0gGfTd8xfBjqGWhdDU6C4OsLXSnLMyha9ErD+pu1NKn5EVLUzy4/aCNDQIRQQTnNLmCQ//tvkAK6lBqrUhQFP8WTpUpojvcQw0vsK+TfKD6M4NBhun8Iswn1qcXDWewo0wZqHL+7GeSsOwDFqpSQpRGFBGZLcLYoZ1ozI8AK0SeQC+COn5ieTI0RVjJuECn0Tq35rRlWVEuigeHwg4aLvbUtxrolc32TaAxxamNp5TNLVowPnFJMEOgd9vMG8PU9aYHOIOY7/mjERjSmGy2RDnXt4/AEB98TmLMVu90ioKDWxfUsLK4jjOQH97qjJ6pvTZdCqV2L11YPrYqgsfwmiD3/gXC6AYLiHQFyGrdix+DdrYwOa9FGEwOlqnWn96RLSIBUxoIkISWoqaUoUkyZbgyg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM4PR11MB5438.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(39860400002)(366004)(376002)(346002)(136003)(53546011)(6506007)(4326008)(7696005)(38100700002)(8936002)(8676002)(122000001)(316002)(186003)(478600001)(6916009)(54906003)(55016002)(9686003)(26005)(2906002)(52536014)(76116006)(86362001)(5660300002)(66946007)(66476007)(66556008)(64756008)(71200400001)(33656002)(66446008)(83380400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: aG0B+ofLxg2zVaKZJ8OhyVX0UXkTgjN95cY3yZBNpo/DGzDhL8WM+b/Q1U6tQijYezkgcwqcQhS3qINXWHtN5TvINDuhsR2UB5yvWTYXnizkwXtAL7FXFytbofs7QZegwwodeayf5Hvp0ADTLkjCU4VSd3c+ry+//hnGGSR+kDIctTT7t+dnkv6qRJNiBBpoeWGxdsyw0srM5bkL8laEMs/szr7tkNyYI0P03o6dwEid6dEsS+1SybbtZwrzJbmAZoVuXfyeUTnQtezGqjcSj7Zm5LmHdsk6ybWRhL+qpa+kQ2Lv+aauwFFRcdp2V0Nb0hLlU08Q0ELSjNYjPfgtCkhlqivw5DHAKWYNJHn9Qfl7+1JYtW3/7Wa73sCIhUGZtTwgmr7NSm2OOM/56KlCE3k8OInAn9/HCz2Dk1Is2RcrcpNxT96XfyEwwffykFOfRsOJc0UaR6c0ric1d6KEqKnoXLc8yf5YnS+wCj8wVb/aqIZJfUJFOsJHA8FrQ26wOHbmol3Q5THWpIcImA1dkoqX/D39nv6li7ebCfdq/Y7U/tGusqZFsvmdNSOSuboI9dkP+bDAcjyE//SnvY2W6Qjn3JKu7tXdnab5eInzwyJ2zih1XxJZhxXaDTQ7fxDIaQ4Q3IS08nkhzpr1S+tBzVa2uJJIr0C4P+0NJMiR20hEv1v0wtZG6VKUHXvPRXL+0tzm5UxyCfyeWMKKrtDwEhsrH4LcA96CFlgYJsjPU9eigua1cbaD2nP/7r0/Ir+/m+ULFCTz6ctHqPyfX29bOwYGCo333ENaVq89V7ZZrHwxS6eQm8QUHrsHTkgYpBtwIsnr9S52v4hGuRnpEJCjj57gXkQxi3IlgbS4R4YxiUaAov0oLlBqTxdcdmuCGT43IoJhmzzZ/3k9gUAILl5Mihojd6cuwPpeS12BM4WGauzGnMjFxpZO1HdXTYOr5i6cCkudZ3CWaJzpeNGp2KOqZ+25OumxmH2luBZvyF8fMi0ODbp4p4HKt/3sfdXi+6HzQw5/9DJIiHlPpCebW2wOin/RwCqRSsU8hAG+CElGvOO8kODuHDFzbuUkG2Ou1z/fRcQimFJiWstUwef4VWWNLxR4LcBatfyA7ZpOgtFrQG4RbkUczBWo3leE6OPL7x6IxXXpoObvrMl01gC4n34yU5dTjtOfZXG4PUo5IQAiCEJvtM5G3+h4CaMziBtn/QGOyG3mOt4/hF4EDkMcKZMsYxPw2dnQKb7y2i6dYTjEhXpwm6ZSvp95wEV/xUPVn9W9GMg/A6tH5kGMLws/JSHL01OpFFVOQAb/Nj25n13O3dkpZH3/zIpaCKTv52vLva3I
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM4PR11MB5438.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4a0d3358-a562-4683-4255-08d93ad75c98
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jun 2021 08:24:49.4701 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ZYcI4xnSTPnExQrpS78dzjXODybviS+cq7nVG88WpZAg4Jwghbo/2+/Nkbclrhf0f05Y5H7lI65Y0zM769VcdQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR11MB5536
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.19, xbe-rcd-004.cisco.com
X-Outbound-Node: rcdn-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/NEh0nAtAOj30IyGmx--NEXEvHwA>
Subject: Re: [stir] Robert Wilton's No Objection on draft-ietf-stir-enhance-rfc8226-03: (with COMMENT)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jun 2021 08:25:23 -0000


> -----Original Message-----
> From: Russ Housley <housley@vigilsec.com>
> Sent: 28 June 2021 19:30
> To: Rob Wilton (rwilton) <rwilton@cisco.com>
> Cc: IESG <iesg@ietf.org>; IETF STIR Mail List <stir@ietf.org>; Ben Campbell
> <ben@nostrum.com>; Robert Sparks <rjsparks@nostrum.com>
> Subject: Re: [stir] Robert Wilton's No Objection on draft-ietf-stir-enhance-
> rfc8226-03: (with COMMENT)
> 
> Rob:
> 
> > ----------------------------------------------------------------------
> > COMMENT:
> > ----------------------------------------------------------------------
> >
> > Hi,
> >
> > Thanks for the document, despite not being my area of expertise I found it
> easy
> > to read and understand.
> >
> > A couple of minor comments:
> >
> > (1) Like Erik, when reading section 4, I was wondering whether it would be
> > helpful to have an example that included both mustInclude and
> permittedValues.
> > But of course, I note that you effectively do that in section 5.
> 
> I hope the change proposed to resolve Erik's comment is also sufficient to
> resolve your comment.
> 
I'm sure it will.


> > (2) In the security section, it states:
> >
> >   Certificate issuers should not include an entry in mustExclude for
> >   the "rcdi" claim for a certificate that will be used with the
> >   PASSporT Extension for Rich Call Data defined in
> >   [I-D.ietf-stir-passport-rcd].  Excluding this claim would prevent the
> >   integrity protection mechanism from working properly.
> >
> > I was wondering whether it would be helpful to include this as RFC 2119
> SHOULD
> > NOT in 3, or perhaps have a forward reference from the section 3
> description of
> > mustExclude to the "rcdi" consideration in the security section.
> 
> Sure:
> 
>    Certificate issuers SHOULD NOT include an entry in mustExclude for
>    the "rcdi" claim for a certificate that will be used with the
>    PASSporT Extension for Rich Call Data defined in
>    [I-D.ietf-stir-passport-rcd].  Excluding this claim would prevent the
>    integrity protection mechanism from working properly.

Thanks!

Rob


> 
> Russ

v2.23.0 | Report a Bug | By Email