Re: [stir] Proposal for update of erratum #6519

[Marc Petit-Huguenin <marc@petit-huguenin.org>]

On 4/26/21 9:11 AM, Gorman, Pierce wrote:
> Jon,
> 
>   
> 
> I thought your suggestion of an Internet-Draft was very interesting.  I don’t think I’ve ever heard of an Internet-Draft updating two RFCs at the same time but that sounds like a good idea.  

RFC 8996 updated 84 RFCs, probably breaking a record.

> Are you thinking that would result in a new RFC?  The  <https://www.ietf.org/standards/ids/guidelines/> guidelines on authoring an I-D indicate that is a possible outcome.
> 
>   
> 
> If there is a willingness to do and accept those updates, and also a SIPiT event to help illuminate best choices, this could be a very good time to create the I-D.
> 
>   
> 
> Pierce
> 
>   
> 
> From: Alec Fenichel <alec.fenichel@transnexus.com>
> Sent: Tuesday, April 20, 2021 1:30 PM
> To: Peterson, Jon <jon.peterson@team.neustar>; Roman Shpount <roman@telurix.com>
> Cc: Peterson, Jon <jon.peterson=40team.neustar@dmarc.ietf.org>; Marc Petit-Huguenin <marc@petit-huguenin.org>; IETF STIR Mail List <stir@ietf.org>; Russ Housley <housley@vigilsec.com>; Christer Holmberg <christer.holmberg@ericsson.com>
> Subject: Re: [stir] Proposal for update of erratum #6519
> 
>   
> 
> Jon,
> 
>   
> 
> I don’t think it is an issue for an STI-VS to decode a PASSporT that comes from an untrusted source. Web servers decode JWTs received over the open internet all the time.
> 
>   
> 
> On second thought, perhaps we should get rid of the info parameter all together and instead use x5u, x5c, jku, etc. parameters. Otherwise, how does the STI-VS know which one to construct if a given PASSporT extension supports more than one?
> 
>   
> 
> We could even get rid of info, alg, and ppt parameters and just have generic params. RFC 8224 would basically say that when using compact form PASSporTs any claims not included in the signaling should be included as SIP parameters of the Identity header where the SIP parameter name matches the claim name, and the value matches the encoded claim value. Values would need to be quoted as they would be case/whitespace sensitive.
> 
>   
> 
> Sincerely,
> 
>   
> 
> Alec Fenichel
> 
> Senior Software Architect
> 
> alec.fenichel@transnexus.com <mailto:alec.fenichel@transnexus.com>
> 
> +1 (407) 760-0036
> 
> TransNexus
> 
>   
> 
> From: Peterson, Jon <jon.peterson@team.neustar <mailto:jon.peterson@team.neustar> >
> Date: Tuesday, April 20, 2021 at 14:19
> To: Alec Fenichel <alec.fenichel@transnexus.com <mailto:alec.fenichel@transnexus.com> >, Roman Shpount <roman@telurix.com <mailto:roman@telurix.com> >
> Cc: Peterson, Jon <jon.peterson=40team.neustar@dmarc.ietf.org <mailto:jon.peterson=40team.neustar@dmarc.ietf.org> >, Marc Petit-Huguenin <marc@petit-huguenin.org <mailto:marc@petit-huguenin.org> >, IETF STIR Mail List <stir@ietf.org <mailto:stir@ietf.org> >, Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com> >, Christer Holmberg <christer.holmberg@ericsson.com <mailto:christer.holmberg@ericsson.com> >
> Subject: Re: [stir] Proposal for update of erratum #6519
> 
>   
> 
> I do agree that we should transition away from x5u being the sole way to identify the keying material that signs PASSporTs. We ran into this already looking at x5c, for example, and I’ve heard of a couple others. That would be a patch for both RFC8224 and RFC8225, but it’s really more additive than corrective. From an IETF process perspective, I’d suggest doing that as an Internet-Draft that targets an update to RFC8224 and RFC8225 (rather than a bis of both).
> 
>   
> 
> Personally, I need to think more about the SIP Identity header “info” parameter being optional, but the original motivation for requiring it, as far as I can remember, was related to both compact form and to having VS’s sift through Identity headers by the trust anchors they trusted. For non-compact form PASSporTs used in closed networks with mandated trust anchors, those motivations at least are less of a concern. This is the first time I can recall that I’ve heard the suggestion that Date headers should not be added by AS’s, but on first glance I’m not sure I consider that a crucial thing to fix, anyway.
> 
>   
> 
> Jon Peterson
> 
> Neustar, Inc.
> 
>   
> 
> From: Alec Fenichel <alec.fenichel@transnexus.com <mailto:alec.fenichel@transnexus.com> >
> Date: Tuesday, April 20, 2021 at 10:54 AM
> To: Roman Shpount <roman@telurix.com <mailto:roman@telurix.com> >
> Cc: "Peterson, Jon" <jon.peterson=40team.neustar@dmarc.ietf.org <mailto:jon.peterson=40team.neustar@dmarc.ietf.org> >, "Peterson, Jon" <jon.peterson@team.neustar <mailto:jon.peterson@team.neustar> >, Marc Petit-Huguenin <marc@petit-huguenin.org <mailto:marc@petit-huguenin.org> >, IETF STIR Mail List <stir@ietf.org <mailto:stir@ietf.org> >, Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com> >, Christer Holmberg <christer.holmberg@ericsson.com <mailto:christer.holmberg@ericsson.com> >
> Subject: Re: [stir] Proposal for update of erratum #6519
> 
>   
> 
> Proposed changes:
> 
>   
> 
> 1.       Be prescriptive about whether quotes are required around the ppt parameter value or not
> 
> 2.       Make info param optional when using full form PASSporTs to make OOB easier for transit providers
> 
> 3.       Allow info param to match claims other than x5u (e.g., jku, etc.) to support DLT and other future PASSporT extensions that don’t use x5u
> 
> 4.       Make the Date header optional
> 
>   
> 
> I’m not following the SIPS recommendation for privacy due to the PASSporT. The destination number, origination number, etc. are already in the SIP signaling. How does the PASSporT add sensitive data?
> 
>   
> 
> Sincerely,
> 
>   
> 
> Alec Fenichel
> 
> Senior Software Architect
> 
> alec.fenichel@transnexus.com <mailto:alec.fenichel@transnexus.com>
> 
> +1 (407) 760-0036
> 
> TransNexus
> 
>   
> 
> From: Roman Shpount <roman@telurix.com <mailto:roman@telurix.com> >
> Date: Tuesday, April 20, 2021 at 13:48
> To: Alec Fenichel <alec.fenichel@transnexus.com <mailto:alec.fenichel@transnexus.com> >
> Cc: Peterson, Jon <jon.peterson=40team.neustar@dmarc.ietf.org <mailto:jon.peterson=40team.neustar@dmarc.ietf.org> >, Peterson, Jon <jon.peterson@team.neustar <mailto:jon.peterson@team.neustar> >, Marc Petit-Huguenin <marc@petit-huguenin.org <mailto:marc@petit-huguenin.org> >, IETF STIR Mail List <stir@ietf.org <mailto:stir@ietf.org> >, Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com> >, Christer Holmberg <christer.holmberg@ericsson.com <mailto:christer.holmberg@ericsson.com> >
> Subject: Re: [stir] Proposal for update of erratum #6519
> 
> Hi Alec,
> 
>   
> 
> In https://tools.ietf.org/html/rfc8224#section-6.1 Step 3:
> 
>   
> 
> An authentication service MUST add a Date header field to SIP requests that do not have one.
> 
>   
> 
> Best Regards,
> 
> 
> _____________
> Roman Shpount
> 
>   
> 
>   
> 
> On Tue, Apr 20, 2021 at 1:44 PM Alec Fenichel <alec.fenichel@transnexus.com <mailto:alec.fenichel@transnexus.com> > wrote:
> 
> Roman,
> 
>   
> 
> Is there text that I missed that makes the Date header required?
> 
>   
> 
> Let me rephrase my first proposed change:
> 
>   
> 
> 1.       The document should be prescriptive about whether quotes are required around the ppt parameter value or not
> 
>   
> 
> Sincerely,
> 
>   
> 
> Alec Fenichel
> 
> Senior Software Architect
> 
> alec.fenichel@transnexus.com <mailto:alec.fenichel@transnexus.com>
> 
> +1 (407) 760-0036
> 
> TransNexus
> 
>   
> 
> From: Roman Shpount <roman@telurix.com <mailto:roman@telurix.com> >
> Date: Tuesday, April 20, 2021 at 13:40
> To: Alec Fenichel <alec.fenichel@transnexus.com <mailto:alec.fenichel@transnexus.com> >
> Cc: Peterson, Jon <jon.peterson=40team.neustar@dmarc.ietf.org <mailto:40team.neustar@dmarc.ietf.org> >, Peterson, Jon <jon.peterson@team.neustar <mailto:jon.peterson@team.neustar> >, Marc Petit-Huguenin <marc@petit-huguenin.org <mailto:marc@petit-huguenin.org> >, IETF STIR Mail List <stir@ietf.org <mailto:stir@ietf.org> >, Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com> >, Christer Holmberg <christer.holmberg@ericsson.com <mailto:christer.holmberg@ericsson.com> >
> Subject: Re: [stir] Proposal for update of erratum #6519
> 
> Alec,
> 
>   
> 
> I would also like to add:
> 
>   
> 
> 1. The Date header should be optional when full PASSporT is used. The iat in PASSporT should provide enough protection for cut-and-paste attacks.
> 
> 2. I think privacy considerations should be added that recommend using SIPS since the data carried in PASSporT is likely considered personally identifiable information and should not be transmitted in encrypted form.
> 
>   
> 
> Still, I wouldn't say I like quotes around the ppt param value since this parameter differs from every other token parameter in SIP headers.
> 
> 
> _____________
> Roman Shpount
> 
>   
> 
>   
> 
> On Tue, Apr 20, 2021 at 12:33 PM Alec Fenichel <alec.fenichel@transnexus.com <mailto:alec.fenichel@transnexus.com> > wrote:
> 
> Roman,
> 
>   
> 
> Makes sense. I think a new version would be great. Proposed changes:
> 
>   
> 
> 1.       Require quotes around ppt param value
> 
> 2.       Make info param optional when using full form PASSporTs to make OOB easier for transit providers
> 
> 3.       Allow info param to match claims other than x5u (e.g., jku, etc.) to support DLT and other future PASSporT extensions that don’t use x5u
> 
>   
> 
> Sincerely,
> 
>   
> 
> Alec Fenichel
> 
> Senior Software Architect
> 
> alec.fenichel@transnexus.com <mailto:alec.fenichel@transnexus.com>
> 
> +1 (407) 760-0036
> 
> TransNexus
> 
>   
> 
> From: Roman Shpount <roman@telurix.com <mailto:roman@telurix.com> >
> Date: Tuesday, April 20, 2021 at 12:02
> To: Alec Fenichel <alec.fenichel@transnexus.com <mailto:alec.fenichel@transnexus.com> >
> Cc: Peterson, Jon <jon.peterson=40team.neustar@dmarc.ietf.org <mailto:40team.neustar@dmarc.ietf.org> >, Peterson, Jon <jon.peterson@team.neustar <mailto:jon.peterson@team.neustar> >, Marc Petit-Huguenin <marc@petit-huguenin.org <mailto:marc@petit-huguenin.org> >, IETF STIR Mail List <stir@ietf.org <mailto:stir@ietf.org> >, Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com> >, Christer Holmberg <christer.holmberg@ericsson.com <mailto:christer.holmberg@ericsson.com> >
> Subject: Re: [stir] Proposal for update of erratum #6519
> 
> Alec,
> 
>   
> 
> My personal opinion is that we should try to organize an open SipIt interop event for both STIR and SHAKEN implementations. Based on the interop results, it might be good to do a new version of RFC 8224.
> 
>   
> 
> Meanwhile, we really need this errata so that we can deal with current interop issues.
> 
>   
> 
> Best Regards,
> 
> 
> _____________
> Roman Shpount
> 
>   
> 
>   
> 
> On Tue, Apr 20, 2021 at 11:31 AM Alec Fenichel <alec.fenichel@transnexus.com <mailto:alec.fenichel@transnexus.com> > wrote:
> 
> Jon,
> 
>   
> 
> Understood. Then maybe we could just leave it as is until RFC 8224 is updated? Is there any implementation out there that doesn’t support receiving with or without quotes?
> 
>   
> 
> Sincerely,
> 
>   
> 
> Alec Fenichel
> 
> Senior Software Architect
> 
> alec.fenichel@transnexus.com <mailto:alec.fenichel@transnexus.com>
> 
> +1 (407) 760-0036
> 
> TransNexus
> 
>   
> 
> From: Peterson, Jon <jon.peterson=40team.neustar@dmarc.ietf.org <mailto:40team.neustar@dmarc.ietf.org> >
> Date: Tuesday, April 20, 2021 at 11:05
> To: Alec Fenichel <alec.fenichel@transnexus.com <mailto:alec.fenichel@transnexus.com> >, Peterson, Jon <jon.peterson@team.neustar <mailto:jon.peterson@team.neustar> >, Roman Shpount <roman@telurix.com <mailto:roman@telurix.com> >, Marc Petit-Huguenin <marc@petit-huguenin.org <mailto:marc@petit-huguenin.org> >
> Cc: IETF STIR Mail List <stir@ietf.org <mailto:stir@ietf.org> >, Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com> >, Christer Holmberg <christer.holmberg@ericsson.com <mailto:christer.holmberg@ericsson.com> >
> Subject: Re: [stir] Proposal for update of erratum #6519
> 
>   
> 
> I mean, no, it’s just pushy. It’s the same reason we don’t propose that you MUST only accept quoted. Given that it was the ambiguity in the original spec that caused this problem, I’m a little hesitant to be that pushy.
> 
>   
> 
> Maybe for the errata we could be less pushy, but when we (inevitably, someday) do an actual update or bis to RFC8224, we could be more pushy about it.
> 
>   
> 
> Jon Peterson
> 
> Neustar, Inc.
> 
>   
> 
> From: stir <stir-bounces@ietf.org <mailto:stir-bounces@ietf.org> > on behalf of Alec Fenichel <alec.fenichel=40transnexus.com@dmarc.ietf.org <mailto:40transnexus.com@dmarc.ietf.org> >
> Date: Tuesday, April 20, 2021 at 7:59 AM
> To: "Peterson, Jon" <jon.peterson=40team.neustar@dmarc.ietf.org <mailto:40team.neustar@dmarc.ietf.org> >, Roman Shpount <roman@telurix.com <mailto:roman@telurix.com> >, Marc Petit-Huguenin <marc@petit-huguenin.org <mailto:marc@petit-huguenin.org> >
> Cc: IETF STIR Mail List <stir@ietf.org <mailto:stir@ietf.org> >, Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com> >, Christer Holmberg <christer.holmberg@ericsson.com <mailto:christer.holmberg@ericsson.com> >
> Subject: Re: [stir] Proposal for update of erratum #6519
> 
>   
> 
> Is it really a problem to just say that you must (or must not, either way) include quotes and be done? STI-AS and STI-VS implementations will need to be updated frequently over the next few years due to all of the new PASSporT extensions, so expecting implementations to add/remove quotes seems reasonable. Implementations could accept both values at their discretion, even if it violates the standard.
> 
>   
> 
> Sincerely,
> 
>   
> 
> Alec Fenichel
> 
> Senior Software Architect
> 
> alec.fenichel@transnexus.com <mailto:alec.fenichel@transnexus.com>
> 
> +1 (407) 760-0036
> 
> TransNexus
> 
>   
> 
> From: stir <stir-bounces@ietf.org <mailto:stir-bounces@ietf.org> > on behalf of Peterson, Jon <jon.peterson=40team.neustar@dmarc.ietf.org <mailto:40team.neustar@dmarc.ietf.org> >
> Date: Tuesday, April 20, 2021 at 10:47
> To: Roman Shpount <roman@telurix.com <mailto:roman@telurix.com> >, Marc Petit-Huguenin <marc@petit-huguenin.org <mailto:marc@petit-huguenin.org> >
> Cc: IETF STIR Mail List <stir@ietf.org <mailto:stir@ietf.org> >, Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com> >, Christer Holmberg <christer.holmberg@ericsson.com>
> Subject: Re: [stir] Proposal for update of erratum #6519
> 
>   
> 
> Inline.
> 
>   
> 
> From: stir <stir-bounces@ietf.org <mailto:stir-bounces@ietf.org> > on behalf of Roman Shpount <roman@telurix.com <mailto:roman@telurix.com> >
> Date: Monday, April 19, 2021 at 6:57 PM
> To: Marc Petit-Huguenin <marc@petit-huguenin.org <mailto:marc@petit-huguenin.org> >
> Cc: IETF STIR Mail List <stir@ietf.org <mailto:stir@ietf.org> >, Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com> >, Christer Holmberg <christer.holmberg@ericsson.com <mailto:christer.holmberg@ericsson.com> >
> Subject: Re: [stir] Proposal for update of erratum #6519
> 
>   
> 
> On Mon, Apr 19, 2021 at 7:56 PM Marc Petit-Huguenin <marc@petit-huguenin.org <mailto:marc@petit-huguenin.org> > wrote:
> 
> A literalist.  Fantastic.
> 
> 
> 
> That was not my understanding.
> 
>   
> 
> We can go back to the recording to check on the decision.
> 
>   
> 
> More importantly, what is the normative strength of "be tolerant to the absence of quotes when receiving"? Is this MUST accept quotes? SHOULD accept quotes?
> 
>   
> 
> In the sentence "Implementations SHOULD use quotes around the token when sending", what would be the valid use cases when implementations are allowed not to use quotes?
> 
>   
> 
> My understanding is that SHOULD implies well know exceptions.
> 
>   
> 
> The exception we are aware of is that implementations exhibiting this behavior exist. It is, in other words, for backwards compatibility reasons.
> 
>   
> 
> Regardless of what the recording says (we were kinda all over the place, if I recall), I think I agree that the right semantics are that you MUST accept quoted and unquoted, and SHOUD send quotes (the exception to the SHOULD being backwards compatibility). If we said you MUST send quotes, well, then implementations that don’t are violating the spec. As you pointed out, it’s kind of a mixed bag at the moment out there in terms of where implementations are.
> 
>   
> 
> Jon Peterson
> 
> Neustar, Inc.
> 
> 


-- 
Marc Petit-Huguenin
Email: marc@petit-huguenin.org
Blog: https://marc.petit-huguenin.org
Profile: https://www.linkedin.com/in/petithug