Re: [stir] Proposal for update of erratum #6519

"Peterson, Jon" <jon.peterson@team.neustar> Tue, 20 April 2021 18:19 UTC

Return-Path: <prvs=7744d1f2de=jon.peterson@team.neustar>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A7B63A0BF9 for <stir@ietfa.amsl.com>; Tue, 20 Apr 2021 11:19:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.696
X-Spam-Level:
X-Spam-Status: No, score=-2.696 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=team.neustar header.b=wpFNVmLW; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=neustar.onmicrosoft.com header.b=bECf29R6
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V2vswJlJma36 for <stir@ietfa.amsl.com>; Tue, 20 Apr 2021 11:19:18 -0700 (PDT)
Received: from mx0b-0018ba01.pphosted.com (mx0b-0018ba01.pphosted.com [67.231.157.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 863FD3A0BF5 for <stir@ietf.org>; Tue, 20 Apr 2021 11:19:18 -0700 (PDT)
Received: from pps.filterd (m0078668.ppops.net [127.0.0.1]) by mx0b-0018ba01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 13KIGBXj016665 for <stir@ietf.org>; Tue, 20 Apr 2021 14:19:17 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=team.neustar; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=team-neustar; bh=n4fusfJuCp9XG7X4bJZk2hcNnzMzG0xP2ZsAzu/fyZs=; b=wpFNVmLWiyCkl3g3bhagh3Kp7ndndFSA+JXbISBR9zHk8IzVvc0lKITk7h8t3Ywm1Cd0 7pLJPRqaE/OVlO2oSxIpF4UYYm90OoJKClbbGUMAfkoS/sBFvdine9JNQoluZ20A7sqd 1i4/Y9pYJV5je11meO1E+ntx2aeadTryEhbHVqNaErtDEgGwcV1clNhglrYPPZl6d+IZ pnAR9iQp3StCZ8yTfsu4neM/dcRqeeUhu3AEReHNrYDkkJ9vSNFJaytZVNtnHuTU530S hjzHK/qseplpSOOWCzAGIFVHiXA39zyWLNrlQ69l8jtV6KVNPuSc9/QAlU56rM8qsKvS mA==
Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-0018ba01.pphosted.com with ESMTP id 381ev7abtf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <stir@ietf.org>; Tue, 20 Apr 2021 14:19:17 -0400
Received: from m0078668.ppops.net (m0078668.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 13KIJGjx020419 for <stir@ietf.org>; Tue, 20 Apr 2021 14:19:17 -0400
Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11lp2176.outbound.protection.outlook.com [104.47.56.176]) by mx0b-0018ba01.pphosted.com with ESMTP id 381ev7abtc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 20 Apr 2021 14:19:16 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HzRE/nUh9q28+HhHOB+4QL0g0q91CtNrkWUgzn3NNLa4XAQOPoEFUojM73kVJJ3O3q9WmBHV8gDpAwdoFXJ54GlmB9P5UNhX8b9sDRiYhFreK8nc/BS1kE/TRzpAialXJ9cgRWXTXFFO0MwS+fcTewZEZzFgUoa63n0ZMwtblT/kCRHybsm33W9K4CDk7Oeg+uO9OwwY7140jmsjr6I+z1Len3KzrGtCBNtEUw16WLQNeF3fxfMUElZ21W3sydV7msSoqN7NS3bev3XrLUDtQ7hgxKAeKKEiYhAOJn79hcpSfcXxybJubdC3w0vTi0vkIvBzDidPwzVuvILFMwOYdw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WPfUugp4hTevTRzMAkBaDq0IE2jlwZk0o2PZnglLtHg=; b=QGfoqqhB3DhXgLw7ozYFE5Lf40xQ5R/tc1Aq0QaJxsVC+0PgAqrpiXEg/sR1Im61wPIAVCHGd6zFsOoEyCEnOUc3e8tlpqCYxKUYQ011c7BqI30cPR5t6V55RuujjkxDS+wkSfZHv91HRdUDIUMrdegW32yKRS3OQ5cS/9BH4B9VM42T/+YdVDkjXLYYArWE0bKN1cdt45+4yIc8okNbAqltOezc6s6exQguRISM07z2E+5AQVLsJrI3ur3n9Ne6c+dChfaqt4ZxSXwVGAWkUTvSM83wCjtW3f5HYIySW7Q+ur+JBsSLBsWdas5wjVVKAnItM2IgUWVU6eL9hZpDHQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=team.neustar; dmarc=pass action=none header.from=team.neustar; dkim=pass header.d=team.neustar; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=neustar.onmicrosoft.com; s=selector1-neustar-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WPfUugp4hTevTRzMAkBaDq0IE2jlwZk0o2PZnglLtHg=; b=bECf29R6RH82zw1jggNknhM7zQ0Ipil2fWIiUaRQGqy5hXCW6JMToRo7dnYdEl92iHMXVuwF0en/HBH3cT7evf89YePuFEfyh/yBhcvS8Iv8ebrniOzjaJhhPSpklrpV5WmsaKsGokKSiTJ252resFyWatoxEJIVdT0xlXW8Bvg=
Received: from BY5PR17MB3569.namprd17.prod.outlook.com (2603:10b6:a03:1b9::20) by BYAPR17MB2838.namprd17.prod.outlook.com (2603:10b6:a03:e7::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4042.18; Tue, 20 Apr 2021 18:19:13 +0000
Received: from BY5PR17MB3569.namprd17.prod.outlook.com ([fe80::fd51:22ce:499d:3ae4]) by BY5PR17MB3569.namprd17.prod.outlook.com ([fe80::fd51:22ce:499d:3ae4%3]) with mapi id 15.20.4042.024; Tue, 20 Apr 2021 18:19:12 +0000
From: "Peterson, Jon" <jon.peterson@team.neustar>
To: Alec Fenichel <alec.fenichel@transnexus.com>, Roman Shpount <roman@telurix.com>
CC: "Peterson, Jon" <jon.peterson=40team.neustar@dmarc.ietf.org>, Marc Petit-Huguenin <marc@petit-huguenin.org>, IETF STIR Mail List <stir@ietf.org>, Russ Housley <housley@vigilsec.com>, Christer Holmberg <christer.holmberg@ericsson.com>
Thread-Topic: [stir] Proposal for update of erratum #6519
Thread-Index: AQHXNGtH973RDOeJ+U2ZYUH0GO8mK6q8DuYAgAAaegCAAAOBgIAADd+AgAAs2wCAAB63AIAAIcUAgABhmACAAHjcAP//jGcAgAB8oQCAAAiygIAACIWAgAASwwCAAAEkgIAAAQKAgAAB4AD//5GRAA==
Date: Tue, 20 Apr 2021 18:19:12 +0000
Message-ID: <64219E07-0F3B-4D6F-9DD4-1CCB7FCAA62C@team.neustar>
References: <42e964d3-2a16-660b-f8b4-fd9daedad115@petit-huguenin.org> <AM0PR07MB38604255784FF9E621257B2D93499@AM0PR07MB3860.eurprd07.prod.outlook.com> <3d8e2fce-d124-99b9-e295-734a36ad564a@petit-huguenin.org> <7558AA11-A7F9-4091-BFD3-F42C742AABAE@vigilsec.com> <167dde10-f242-2b6f-a7ce-96991158589a@petit-huguenin.org> <CAD5OKxvkN+BSY0XuBmfApDDWOLhqCLLFuQgVQryE+yHUftWs4w@mail.gmail.com> <15fc4a20-b5c8-cd27-b30e-76e1f479b4ff@petit-huguenin.org> <CAD5OKxvmvmotpxB8BGJfqRrVTjEGKQkQRow37gmwRMFaBGjEoA@mail.gmail.com> <DF470A3C-6033-48F4-8A61-3442C5DD2239@team.neustar> <BN6PR11MB39216109781BE5DE5C35AB6399489@BN6PR11MB3921.namprd11.prod.outlook.com> <6F5317AE-44F5-4CAA-82B8-830FF5223179@team.neustar> <BN6PR11MB3921A7E9996332ED9E057E4C99489@BN6PR11MB3921.namprd11.prod.outlook.com> <CAD5OKxuwB=VxjcJ6LRboHTY5evQap9k-g=M+L8OQChPDdt3BFQ@mail.gmail.com> <BN6PR11MB392155D7F465C334B96DB92199489@BN6PR11MB3921.namprd11.prod.outlook.com> <CAD5OKxvdgOzvcgc6DMN6_kpL0bsdXu8EnGzCxSqhAhKGeqiiPw@mail.gmail.com> <BN6PR11MB3921FF3AE658E7FAEB8DCE1F99489@BN6PR11MB3921.namprd11.prod.outlook.com> <CAD5OKxsUDarfzV3-Bo9e9Zvt7pj=0fLmaE5n4a0X8Scu2kvpvg@mail.gmail.com> <BN6PR11MB3921FE4F071D4EA4CE1CE06099489@BN6PR11MB3921.namprd11.prod.outlook.com>
In-Reply-To: <BN6PR11MB3921FE4F071D4EA4CE1CE06099489@BN6PR11MB3921.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.1b.201012
authentication-results: transnexus.com; dkim=none (message not signed) header.d=none;transnexus.com; dmarc=none action=none header.from=team.neustar;
x-originating-ip: [108.208.24.189]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4a2b9bef-7104-4031-5070-08d90428ccb7
x-ms-traffictypediagnostic: BYAPR17MB2838:
x-microsoft-antispam-prvs: <BYAPR17MB283851FCF632AD74B6A15F78E2489@BYAPR17MB2838.namprd17.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: =?utf-8?B?cjhvazNVSWdDcTFzeGJETGhBNS9rcmRObGFyc05PRXh6a05JMUI2RStvbndL?= =?utf-8?B?QllYbWdmUm00amR6VUNmZXU2SDNRZEJOOWhia2VsMzN4R2xvQ1loWFIrYy9q?= =?utf-8?B?dEdZaHlaaks2azNDdW9HUkhyNnp6RFJsYWJ3NStNMDBWNmR3ZGZ2L2FhWjlL?= =?utf-8?B?bElYQngrK0cwWThmMjhMalczM1h6VUhVZVFsTUxIY2RDYTcwaGdzV1FlbWZP?= =?utf-8?B?Zkh3ZlRzbElwcW1Od2dHQzlxS09DYmcxVlc1MlAxbTVaaTRYRTdHMlFzRjJT?= =?utf-8?B?bml2U1NDTWhJTnhIeFJyM1hQd0Z3Q25hc1VHb2tyUUdnOEhUbklEc2N1dlpK?= =?utf-8?B?UmcvRGtScnoxbmpHSUJDd2JDa2dLZS9ITEVtQ29CaXl0cElRRzlmWHRwc3cx?= =?utf-8?B?c1diUm9acDB5ZnhudDFXVU5WMy90RCtsTUlJd0VYamV4UXJ3UnJFUkFhRytJ?= =?utf-8?B?emVRUjBPSk4wVHRSSWxTSGZPNUVRTzdJc09GNzNtV1F4aTNRRDBKL0Fxd0VD?= =?utf-8?B?S0huTUJrT3p6OWlOWDdYa3Q0YStZUEFzMlQ1U1c3dnFMK0RFbm52YVBmcWRV?= =?utf-8?B?dGNxcjJrV3hIVVlRdEI1dVRUZ285QTk2NHdyVTBzaGI2RktqcjlFcHdxNnhq?= =?utf-8?B?a0tyU2NZdmN3dVZIamxsc1VPUHhMR1pweDdkOEZXSEFFUWFnOEtHSVRYMytD?= =?utf-8?B?dmxLTlFFTjBJRkdZRTRJbVh4UG9uUHNjeVg0RUYvcGgvV3hUZjN4SlRrRkZy?= =?utf-8?B?QlVKeEVRTkM2Sm1HUjRJRVJDV3VBUHZLYTRKaENEVDdldGd0blRxbGlJRHFT?= =?utf-8?B?a3M4Vk9FM3laUmp5eTB4czI2a1NUaVBUTk5telNlNzhvZGJLS29oZFN5dk9s?= =?utf-8?B?cXEvMHhJZ2U1TTJ2TUYyTDAzbERWMDRuK3hWWHhCdCtxL1VBM3NIMHdzV3Rv?= =?utf-8?B?d3BaV2lkcnZJZjBIN0g1OThEVldqN1ZaQy9ZdWUxNktNeHhTbWFKaFA2NS9S?= =?utf-8?B?d2JXVlBrY1YraTl5eHZYNUplTWNCR3RPWUx5VUMwdWUyT3VlVWFMWGNXWkhw?= =?utf-8?B?czlXVUgwZXNUUUxYU1htMklwamVhamkxeW5hMmFHUU5XZ3RuK2lpL1QybDVK?= =?utf-8?B?emVpVzMwWXpMalhjaEVhSHJHaklmYUEveWlEdU01MnZZUEpKMDJzWlFLaEZJ?= =?utf-8?B?L0dHenFYMEpPcncycU9iUnhWcHk4RERVUE1xSUFEblY3QU4yMzl5b1hNVGZ1?= =?utf-8?B?NHVqamErUzNBOUk1YnZjNEhFMnI2SWhCY21KWG5ydk5tMjdjM3o3cWxxRllk?= =?utf-8?B?U3FJZnM5MUhGK0hMTks3VS9OUWxXY3gxdFNsdTI3S0c4VXZRTnpqVlZaY1B1?= =?utf-8?B?OXRRYnZITUx5RnJuaDYwS2wwWTlJYnZRdlVHSHhBWE13Si9hY2ZraFROaXV4?= =?utf-8?B?eVVQYVM3SWdEQWkrZTNHRE1kRHdkczRQWlNCWWFZTjFNWVRvd3VNOEtOS2dD?= =?utf-8?Q?40Jl6c=3D?=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:5; SRV:; IPV:NLI; SFV:SPM; H:BY5PR17MB3569.namprd17.prod.outlook.com; PTR:; CAT:OSPM; SFS:(4636009)(136003)(396003)(376002)(366004)(39850400004)(346002)(64756008)(83380400001)(2906002)(66556008)(4326008)(76116006)(26005)(966005)(66446008)(66946007)(15650500001)(316002)(86362001)(66476007)(54906003)(122000001)(5660300002)(6486002)(186003)(38100700002)(66574015)(6512007)(2616005)(8676002)(166002)(71200400001)(53546011)(478600001)(6506007)(33656002)(8936002)(110136005)(61000200002)(46492009)(45980500001); DIR:OUT; SFP:1501;
x-ms-exchange-antispam-messagedata: =?utf-8?B?N2kvTVpiVkJmcXZWRTFDOHVOc01ldzd5d2hXb2RXVEhLWkFVMlUrTTBGNG44?= =?utf-8?B?TVpxQVY1MlIrYktwNzBCSmwvam1vYXVGKzZiWGZGNDVVY0psQjVCRHVZaVVp?= =?utf-8?B?SlZ2c2wrQzdmTXU4dGJnR2lpVlZpRnRRZUsvQnJZUER3TDZST2V1VUp3ZEVM?= =?utf-8?B?WG5MYXY1VnM1d2pFM21ueXg0QWlEOUNaTk9TbmhzR2d4cVIzZ1d6ekFwb2Rq?= =?utf-8?B?azUvUXFMeDdLVExGV20rUGlwVUxCdnVvRDFZR1JWQjE4NWpuT3VDMEY4ck5P?= =?utf-8?B?TjcxdFRUaXBvUGZzcHh0MGhiRFg4OWg2VkVXN2Vabjc5UDVOWDZjNUlWR1ZC?= =?utf-8?B?eUY5algwbWEvcTN5d0QvT0svbXBhZ2F3UHhEOWFiekpGYkEvSHJYOFcvYTgz?= =?utf-8?B?UFVpbmV3elBEV3czSHJMWS9GOVJCWWxXUjdHTTRmRDh1NmxBVkNvWHBFTGgv?= =?utf-8?B?WjdVVGFmekI0a3lhYkMvRUROTksyZjRQRUQvU3hYUk5icm1qditsWXpGbHZl?= =?utf-8?B?REdMZFJmdmZvWjNsNzErVkV1dS9qbnNLMW43cU9QTENXa25lTHNIM3k3TmMz?= =?utf-8?B?T2VaOXJvMVAxdkVkdldGcnNiTDJQTjlEQWxzT25mMnFkTkVKdUY1VzZtL2dL?= =?utf-8?B?REtzYUYvdDB2REcvbXBPK3lsTDVrQTQ2WjlrMGxOdldDcGtnakFhYkgwVmJn?= =?utf-8?B?UHdzWVpscjhvZzJSUUl2Q0FKcjhrc3ZzakRDbnYrMmExSG1oZllSb1cwNGV3?= =?utf-8?B?eTliSUZkZHpRdkRvNEVsSHVBYmpLQVFGdUpWQXdYU1NadjlSdXZxV1F3VlQ4?= =?utf-8?B?Wk4xam5XTnBEV01DdXk2ZjIxTklSZWFlWUdUYlE2T1RRUzBWek5FQXZDN1VS?= =?utf-8?B?L3JOdGEyT05BV1BkVG5OWm9seXMyU3h6cm1BMEVRM2lvNVRHNnhrai9IanRi?= =?utf-8?B?ODJmK3FpZHprQ21hczZvVG1MOVBPWFZ4SGsvb1o0L2NKZkFFWjZoY21SaHBN?= =?utf-8?B?SjNMTnRXTFNSL041UkhnZDN5THkzaFZ5d3VFSU1JYmd3b2hqQ2J0S0NTSVhQ?= =?utf-8?B?OS9zcnNnV0ZLbGorOHBtTHh2em5mWFpxcmMwRDBHNXZhaHd5WGUxclFNclNv?= =?utf-8?B?dldqOG0wUng5VVJDc0JZWjVhQnBRZjk3TmxBV3NxY1dGNzRaT3JCajNOdmlh?= =?utf-8?B?VkVKZm5qMGtwQkFoSmNDdnNscWkySlVELzE1Z1NicTZEQzU5dk40eDM4TVVJ?= =?utf-8?B?N3E0UWEvZk1ucVNZZGc2UkhMV3J6TlNKYWRFVUg4NmgydmhrYVU0MUJ0VVFr?= =?utf-8?B?NXkrb1hCcy9kMFBvV3ZpeHJNNGtKMnMzNmV6WWpVQlhoVFNhL2ZETlpxK1cz?= =?utf-8?B?alpVYlkrSkhjWGthSU1SN0tEYWk1bVRJVEI3QWZJVks1YTRjcDV4SmhTcXlS?= =?utf-8?B?dGNoSE5Td0xuNTl2U3Y4czllYzBFbnR1cTRFclh3YTIxK1FQbWM5aGt2TERR?= =?utf-8?B?d3ZQZm52d3B6dlJlTXJpbklnQTB1aVIyR3UzNldSRHZFYVhaOUVUTDN3S2FV?= =?utf-8?B?Vnllc0hBdFZIZlFkdzRtRW9lTmdRNXoyempOa1UxWW5Ta2MwRlpmRm84TTBP?= =?utf-8?B?VW9Lb2NBaXMyNm9Ua1FNc0lXbVdjRmE5UERiUjJQREJONDMrV2s1UzN1Vkw4?= =?utf-8?B?blFHSUIyNkJpZ0pqY2VYbmJ1WHJYaW50Sk81Yy9XZmVQbldHdWhYQkR6dVA0?= =?utf-8?B?TTdZME1tQUxmQUt0UFprOTZkNHBGZUtzVFo2Tjh4azRHZnNoNDhoaThmYjdx?= =?utf-8?B?MDFEaVVLUmdkQjVvdjNBQT09?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_64219E070F3B4D6F9DD41CCB7FCAA62Cteamneustar_"
X-OriginatorOrg: team.neustar
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR17MB3569.namprd17.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4a2b9bef-7104-4031-5070-08d90428ccb7
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Apr 2021 18:19:12.8065 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 73a2bbc1-f307-47c4-8f94-5f379c68bc30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: DVgCxWArtclt2C8wGvNtrUrDya42uo1ym0RijnM2pVUewY287ncWWaI4xKeVA8Bh90eVRvFihKw0Fczbk4M8j/JYMDI+a9YTeLulqXL9OU0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR17MB2838
X-Proofpoint-GUID: ej6BCE6_rk4s1sn4cxKyNSYB-Ilptrr8
X-Proofpoint-ORIG-GUID: ej6BCE6_rk4s1sn4cxKyNSYB-Ilptrr8
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-04-20_08:2021-04-20, 2021-04-20 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 adultscore=0 bulkscore=0 mlxlogscore=999 mlxscore=0 lowpriorityscore=0 impostorscore=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=2 engine=8.12.0-2104060000 definitions=main-2104200125
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/NVxZEK3_62Qf2Sr8CLDpAnU1_UE>
Subject: Re: [stir] Proposal for update of erratum #6519
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Apr 2021 18:19:24 -0000

I do agree that we should transition away from x5u being the sole way to identify the keying material that signs PASSporTs. We ran into this already looking at x5c, for example, and I’ve heard of a couple others. That would be a patch for both RFC8224 and RFC8225, but it’s really more additive than corrective. From an IETF process perspective, I’d suggest doing that as an Internet-Draft that targets an update to RFC8224 and RFC8225 (rather than a bis of both).

Personally, I need to think more about the SIP Identity header “info” parameter being optional, but the original motivation for requiring it, as far as I can remember, was related to both compact form and to having VS’s sift through Identity headers by the trust anchors they trusted. For non-compact form PASSporTs used in closed networks with mandated trust anchors, those motivations at least are less of a concern. This is the first time I can recall that I’ve heard the suggestion that Date headers should not be added by AS’s, but on first glance I’m not sure I consider that a crucial thing to fix, anyway.

Jon Peterson
Neustar, Inc.

From: Alec Fenichel <alec.fenichel@transnexus.com>
Date: Tuesday, April 20, 2021 at 10:54 AM
To: Roman Shpount <roman@telurix.com>
Cc: "Peterson, Jon" <jon.peterson=40team.neustar@dmarc.ietf.org>rg>, "Peterson, Jon" <jon.peterson@team.neustar>ar>, Marc Petit-Huguenin <marc@petit-huguenin.org>rg>, IETF STIR Mail List <stir@ietf.org>rg>, Russ Housley <housley@vigilsec.com>om>, Christer Holmberg <christer.holmberg@ericsson.com>
Subject: Re: [stir] Proposal for update of erratum #6519

Proposed changes:


1.       Be prescriptive about whether quotes are required around the ppt parameter value or not

2.       Make info param optional when using full form PASSporTs to make OOB easier for transit providers

3.       Allow info param to match claims other than x5u (e.g., jku, etc.) to support DLT and other future PASSporT extensions that don’t use x5u

4.       Make the Date header optional

I’m not following the SIPS recommendation for privacy due to the PASSporT. The destination number, origination number, etc. are already in the SIP signaling. How does the PASSporT add sensitive data?

Sincerely,

Alec Fenichel
Senior Software Architect
alec.fenichel@transnexus.com
+1 (407) 760-0036
TransNexus

From: Roman Shpount <roman@telurix.com>
Date: Tuesday, April 20, 2021 at 13:48
To: Alec Fenichel <alec.fenichel@transnexus.com>
Cc: Peterson, Jon <jon.peterson=40team.neustar@dmarc.ietf.org>rg>, Peterson, Jon <jon.peterson@team.neustar>ar>, Marc Petit-Huguenin <marc@petit-huguenin.org>rg>, IETF STIR Mail List <stir@ietf.org>rg>, Russ Housley <housley@vigilsec.com>om>, Christer Holmberg <christer.holmberg@ericsson.com>
Subject: Re: [stir] Proposal for update of erratum #6519
Hi Alec,

In https://urldefense.com/v3/__https://tools.ietf.org/html/rfc8224*section-6.1__;Iw!!N14HnBHF!tzqxtEpKWbcWzoqX-dhXQBq80PGw0mmVDUDpwaaQpYmaG-VLLmuJsui2zJU$ <https://urldefense.com/v3/__https://nam12.safelinks.protection.outlook.com/?url=https*3A*2F*2Ftools.ietf.org*2Fhtml*2Frfc8224*23section-6.1&data=04*7C01*7Calec.fenichel*40transnexus.com*7Cdbfa0be305214ff23a2b08d90424708f*7C8e2972a2d21d49acb00518e8ceaadee3*7C1*7C0*7C637545376833535180*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=*2FXjXtPkSDbBEwhecGcTO6EAJbikQr1cbR8PypfS1BdE*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUlJSU!!N14HnBHF!tzqxtEpKWbcWzoqX-dhXQBq80PGw0mmVDUDpwaaQpYmaG-VLLmuJ_NrFKU8$ > Step 3:

An authentication service MUST add a Date header field to SIP requests that do not have one.

Best Regards,
_____________
Roman Shpount


On Tue, Apr 20, 2021 at 1:44 PM Alec Fenichel <alec.fenichel@transnexus.com<mailto:alec.fenichel@transnexus.com>> wrote:
Roman,

Is there text that I missed that makes the Date header required?

Let me rephrase my first proposed change:


1.       The document should be prescriptive about whether quotes are required around the ppt parameter value or not

Sincerely,

Alec Fenichel
Senior Software Architect
alec.fenichel@transnexus.com<mailto:alec.fenichel@transnexus.com>
+1 (407) 760-0036
TransNexus

From: Roman Shpount <roman@telurix.com<mailto:roman@telurix.com>>
Date: Tuesday, April 20, 2021 at 13:40
To: Alec Fenichel <alec.fenichel@transnexus.com<mailto:alec.fenichel@transnexus.com>>
Cc: Peterson, Jon <jon.peterson=40team.neustar@dmarc.ietf.org<mailto:40team.neustar@dmarc.ietf.org>>, Peterson, Jon <jon.peterson@team.neustar>ar>, Marc Petit-Huguenin <marc@petit-huguenin.org<mailto:marc@petit-huguenin.org>>, IETF STIR Mail List <stir@ietf.org<mailto:stir@ietf.org>>, Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>>, Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>>
Subject: Re: [stir] Proposal for update of erratum #6519
Alec,

I would also like to add:

1. The Date header should be optional when full PASSporT is used. The iat in PASSporT should provide enough protection for cut-and-paste attacks.
2. I think privacy considerations should be added that recommend using SIPS since the data carried in PASSporT is likely considered personally identifiable information and should not be transmitted in encrypted form.

Still, I wouldn't say I like quotes around the ppt param value since this parameter differs from every other token parameter in SIP headers.
_____________
Roman Shpount


On Tue, Apr 20, 2021 at 12:33 PM Alec Fenichel <alec.fenichel@transnexus.com<mailto:alec.fenichel@transnexus.com>> wrote:
Roman,

Makes sense. I think a new version would be great. Proposed changes:


1.       Require quotes around ppt param value

2.       Make info param optional when using full form PASSporTs to make OOB easier for transit providers

3.       Allow info param to match claims other than x5u (e.g., jku, etc.) to support DLT and other future PASSporT extensions that don’t use x5u

Sincerely,

Alec Fenichel
Senior Software Architect
alec.fenichel@transnexus.com<mailto:alec.fenichel@transnexus.com>
+1 (407) 760-0036
TransNexus

From: Roman Shpount <roman@telurix.com<mailto:roman@telurix.com>>
Date: Tuesday, April 20, 2021 at 12:02
To: Alec Fenichel <alec.fenichel@transnexus.com<mailto:alec.fenichel@transnexus.com>>
Cc: Peterson, Jon <jon.peterson=40team.neustar@dmarc.ietf.org<mailto:40team.neustar@dmarc.ietf.org>>, Peterson, Jon <jon.peterson@team.neustar>ar>, Marc Petit-Huguenin <marc@petit-huguenin.org<mailto:marc@petit-huguenin.org>>, IETF STIR Mail List <stir@ietf.org<mailto:stir@ietf.org>>, Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>>, Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>>
Subject: Re: [stir] Proposal for update of erratum #6519
Alec,

My personal opinion is that we should try to organize an open SipIt interop event for both STIR and SHAKEN implementations. Based on the interop results, it might be good to do a new version of RFC 8224.

Meanwhile, we really need this errata so that we can deal with current interop issues.

Best Regards,
_____________
Roman Shpount


On Tue, Apr 20, 2021 at 11:31 AM Alec Fenichel <alec.fenichel@transnexus.com<mailto:alec.fenichel@transnexus.com>> wrote:
Jon,

Understood. Then maybe we could just leave it as is until RFC 8224 is updated? Is there any implementation out there that doesn’t support receiving with or without quotes?

Sincerely,

Alec Fenichel
Senior Software Architect
alec.fenichel@transnexus.com<mailto:alec.fenichel@transnexus.com>
+1 (407) 760-0036
TransNexus

From: Peterson, Jon <jon.peterson=40team.neustar@dmarc.ietf.org<mailto:40team.neustar@dmarc.ietf.org>>
Date: Tuesday, April 20, 2021 at 11:05
To: Alec Fenichel <alec.fenichel@transnexus.com<mailto:alec.fenichel@transnexus.com>>, Peterson, Jon <jon.peterson@team.neustar>ar>, Roman Shpount <roman@telurix.com<mailto:roman@telurix.com>>, Marc Petit-Huguenin <marc@petit-huguenin.org<mailto:marc@petit-huguenin.org>>
Cc: IETF STIR Mail List <stir@ietf.org<mailto:stir@ietf.org>>, Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>>, Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>>
Subject: Re: [stir] Proposal for update of erratum #6519

I mean, no, it’s just pushy. It’s the same reason we don’t propose that you MUST only accept quoted. Given that it was the ambiguity in the original spec that caused this problem, I’m a little hesitant to be that pushy.

Maybe for the errata we could be less pushy, but when we (inevitably, someday) do an actual update or bis to RFC8224, we could be more pushy about it.

Jon Peterson
Neustar, Inc.

From: stir <stir-bounces@ietf.org<mailto:stir-bounces@ietf.org>> on behalf of Alec Fenichel <alec.fenichel=40transnexus.com@dmarc.ietf.org<mailto:40transnexus.com@dmarc.ietf.org>>
Date: Tuesday, April 20, 2021 at 7:59 AM
To: "Peterson, Jon" <jon.peterson=40team.neustar@dmarc.ietf.org<mailto:40team.neustar@dmarc.ietf.org>>, Roman Shpount <roman@telurix.com<mailto:roman@telurix.com>>, Marc Petit-Huguenin <marc@petit-huguenin.org<mailto:marc@petit-huguenin.org>>
Cc: IETF STIR Mail List <stir@ietf.org<mailto:stir@ietf.org>>, Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>>, Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>>
Subject: Re: [stir] Proposal for update of erratum #6519

Is it really a problem to just say that you must (or must not, either way) include quotes and be done? STI-AS and STI-VS implementations will need to be updated frequently over the next few years due to all of the new PASSporT extensions, so expecting implementations to add/remove quotes seems reasonable. Implementations could accept both values at their discretion, even if it violates the standard.

Sincerely,

Alec Fenichel
Senior Software Architect
alec.fenichel@transnexus.com<mailto:alec.fenichel@transnexus.com>
+1 (407) 760-0036
TransNexus

From: stir <stir-bounces@ietf.org<mailto:stir-bounces@ietf.org>> on behalf of Peterson, Jon <jon.peterson=40team.neustar@dmarc.ietf.org<mailto:40team.neustar@dmarc.ietf.org>>
Date: Tuesday, April 20, 2021 at 10:47
To: Roman Shpount <roman@telurix.com<mailto:roman@telurix.com>>, Marc Petit-Huguenin <marc@petit-huguenin.org<mailto:marc@petit-huguenin.org>>
Cc: IETF STIR Mail List <stir@ietf.org<mailto:stir@ietf.org>>, Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>>, Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>>
Subject: Re: [stir] Proposal for update of erratum #6519

Inline.

From: stir <stir-bounces@ietf.org<mailto:stir-bounces@ietf.org>> on behalf of Roman Shpount <roman@telurix.com<mailto:roman@telurix.com>>
Date: Monday, April 19, 2021 at 6:57 PM
To: Marc Petit-Huguenin <marc@petit-huguenin.org<mailto:marc@petit-huguenin.org>>
Cc: IETF STIR Mail List <stir@ietf.org<mailto:stir@ietf.org>>, Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>>, Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>>
Subject: Re: [stir] Proposal for update of erratum #6519

On Mon, Apr 19, 2021 at 7:56 PM Marc Petit-Huguenin <marc@petit-huguenin.org<mailto:marc@petit-huguenin.org>> wrote:
A literalist.  Fantastic.


That was not my understanding.

We can go back to the recording to check on the decision.

More importantly, what is the normative strength of "be tolerant to the absence of quotes when receiving"? Is this MUST accept quotes? SHOULD accept quotes?

In the sentence "Implementations SHOULD use quotes around the token when sending", what would be the valid use cases when implementations are allowed not to use quotes?

My understanding is that SHOULD implies well know exceptions.

The exception we are aware of is that implementations exhibiting this behavior exist. It is, in other words, for backwards compatibility reasons.

Regardless of what the recording says (we were kinda all over the place, if I recall), I think I agree that the right semantics are that you MUST accept quoted and unquoted, and SHOUD send quotes (the exception to the SHOULD being backwards compatibility). If we said you MUST send quotes, well, then implementations that don’t are violating the spec. As you pointed out, it’s kind of a mixed bag at the moment out there in terms of where implementations are.

Jon Peterson
Neustar, Inc.