Re: [stir] I-D Action: draft-ietf-stir-enhance-rfc8226-00.txt
Russ Housley <housley@vigilsec.com> Mon, 22 February 2021 00:24 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BCC43A03FA for <stir@ietfa.amsl.com>; Sun, 21 Feb 2021 16:24:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.398
X-Spam-Level:
X-Spam-Status: No, score=-1.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, PDS_BTC_ID=0.499, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mvgpY_n19YTY for <stir@ietfa.amsl.com>; Sun, 21 Feb 2021 16:24:22 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1C9C3A040F for <stir@ietf.org>; Sun, 21 Feb 2021 16:24:21 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 22D4B300BD9 for <stir@ietf.org>; Sun, 21 Feb 2021 19:24:19 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 1PJ4SWrtbAh5 for <stir@ietf.org>; Sun, 21 Feb 2021 19:24:17 -0500 (EST)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id 76FC3300B03; Sun, 21 Feb 2021 19:24:17 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <BN7PR03MB3827841E60A92319A7204810A5819@BN7PR03MB3827.namprd03.prod.outlook.com>
Date: Sun, 21 Feb 2021 19:24:18 -0500
Cc: IETF STIR Mail List <stir@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <4C30ED37-C7A4-4BAA-BEE8-1AA963B0A715@vigilsec.com>
References: <161341882637.31439.118940094335922643@ietfa.amsl.com> <BN7PR03MB3827841E60A92319A7204810A5819@BN7PR03MB3827.namprd03.prod.outlook.com>
To: "Asveren, Tolga" <tasveren@rbbn.com>
X-Mailer: Apple Mail (2.3445.104.17)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/NVvhrWI2sZ83rjrii91rd2EsATE>
Subject: Re: [stir] I-D Action: draft-ietf-stir-enhance-rfc8226-00.txt
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Feb 2021 00:24:24 -0000
I think that can already be accomplished with the mustExclude and excludedValues. Section 5 has an example: - The "priority" claim must not be present in the PASSporT. It can include any other claims. - The "assurance" claim, if present in the PASSporT, must not have a value of "low". It can have any other value. Russ > On Feb 21, 2021, at 7:14 PM, Asveren, Tolga <tasveren@rbbn.com> wrote: > > Would adding "*" be useful as possible claim/value value? That would allow "exclude everything else except explicitly allowed claim/value" semantics. > > Thanks, > Tolga > > -----Original Message----- > From: stir <stir-bounces@ietf.org> On Behalf Of internet-drafts@ietf.org > Sent: Monday, February 15, 2021 2:54 PM > To: i-d-announce@ietf.org > Cc: stir@ietf.org > Subject: [stir] I-D Action: draft-ietf-stir-enhance-rfc8226-00.txt > > NOTICE: This email was received from an EXTERNAL sender. > > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Secure Telephone Identity Revisited WG of the IETF. > > Title : Enhanced JWT Claim Constraints for STIR Certificates > Author : Russ Housley > Filename : draft-ietf-stir-enhance-rfc8226-00.txt > Pages : 10 > Date : 2021-02-15 > > Abstract: > RFC 8226 provides a certificate extension to constrain the JWT claims > that can be included in the PASSporT as defined in RFC 8225. If the > signer includes a JWT claim outside the constraint boundaries, then > the recipient will reject the entire PASSporT. This document defines > additional ways that the JWT claims can be constrained. > > > The IETF datatracker status page for this draft is: > https://clicktime.symantec.com/3PYwFpZMV3FwPb3NcvPGXPN6H2?u=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-stir-enhance-rfc8226%2F > > There are also htmlized versions available at: > https://clicktime.symantec.com/3SxqBweeUCx4XKQ4nGVMheq6H2?u=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-stir-enhance-rfc8226-00 > https://clicktime.symantec.com/3EufEdHEi4e6411xonCH6Jm6H2?u=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-stir-enhance-rfc8226-00 > > > Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > stir mailing list > stir@ietf.org > https://clicktime.symantec.com/3CzNhNFFMs26vG2C9Kjx6Sq6H2?u=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fstir > > Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. and its Affiliates that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments. > > _______________________________________________ > stir mailing list > stir@ietf.org > https://www.ietf.org/mailman/listinfo/stir
- [stir] I-D Action: draft-ietf-stir-enhance-rfc822… internet-drafts
- Re: [stir] I-D Action: draft-ietf-stir-enhance-rf… Asveren, Tolga
- Re: [stir] I-D Action: draft-ietf-stir-enhance-rf… Russ Housley