IETF Logo Mail Archive

Re: [stir] WGLC: draft-ietf-stir-identity-header-errors-handling-03.txt

Chris Wendt <chris-ietf@chriswendt.net> Fri, 26 August 2022 11:35 UTC

Return-Path: <chris-ietf@chriswendt.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2D3AC1524D0 for <stir@ietfa.amsl.com>; Fri, 26 Aug 2022 04:35:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.903
X-Spam-Level:
X-Spam-Status: No, score=-6.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=chriswendt-net.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zVhmdinCt94i for <stir@ietfa.amsl.com>; Fri, 26 Aug 2022 04:35:07 -0700 (PDT)
Received: from mail-qv1-xf2c.google.com (mail-qv1-xf2c.google.com [IPv6:2607:f8b0:4864:20::f2c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D9F6C1524B1 for <stir@ietf.org>; Fri, 26 Aug 2022 04:35:07 -0700 (PDT)
Received: by mail-qv1-xf2c.google.com with SMTP id de16so808021qvb.12 for <stir@ietf.org>; Fri, 26 Aug 2022 04:35:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chriswendt-net.20210112.gappssmtp.com; s=20210112; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc; bh=SHKLx3O5bbpIi01QzEC/vXIl5169oI/TWt1DNjKxRhc=; b=k6yxz5dp5Z1z+jjrEKncROT1R+XDJuS4ISj83aEaLynxoO64glH2wk6MoYSAXdyhFI rTEPx9LZY+M51+iuUb3Zsvbp3ufZcAtyL94ZcfmVESLCv2mlJNBmdBQq96z0qUxBjYtH dvmpJieeG9toikeuy5kN5gz6M5PhJ5+KHuM823KIZiFviZQMe+bfrN+2MtTcbMqR5tEo pv18ZeVtyE8X6+1zDNJkfpDn/sNyKocAlxm/5j6yEJ0YTXFE7Z6nh9TNpDjYvcn7jPyM x2Q5Vj3x55BF1cU9OsR+WWdUy0dMElGBfi0US4QrryR/nrM8p0UxpiBZfQA/IKCv1WdZ cKnA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc; bh=SHKLx3O5bbpIi01QzEC/vXIl5169oI/TWt1DNjKxRhc=; b=KX6hOncXH4h6hWzZi7hfbSjTvsHqokrOneRUmiIEJyG7uPCAEdorb+f+q4EouH0PMh 9mWNNLsXNr0whu9lcQkgKO6JNglZkrc7S3DZ0J8w3MVYG9MMa61kMfVNdSy0YwtQdQpT eed4n4wgGEeu0Hs7LLWRLBTVMw49EokEK+QpIyW5ROOBDYtG2V2e6H/oH1rfsIp/S+8d P2f1xEfiq52j9u2rNLg6NgOjA4nlQeLhhFzkhRiMMDiYBtEUqzh7O+HnzXDVhxtdyIqD 3wlmKcdtEztQrqlvih+nODfl9vom4fmLreNGamdyNTkkOkNDZXEYOKa7A80e4KRfIzUn O7vw==
X-Gm-Message-State: ACgBeo0CcfhVL+0EXS9jsZotpJqdHc5hmJm0rFQJZJoIEeuDA20/NZwT fg4K42dCiAPYT/NwC50qfQJ8pA==
X-Google-Smtp-Source: AA6agR4iRjTv+7zE0+p8HlYC5gbYRbm0nduBQlk/0PddVaRSrSbBHlN8pa+hj6ENNKCgYkErzZx+XQ==
X-Received: by 2002:ad4:576b:0:b0:496:61fb:4cbd with SMTP id r11-20020ad4576b000000b0049661fb4cbdmr7482680qvx.99.1661513706463; Fri, 26 Aug 2022 04:35:06 -0700 (PDT)
Received: from smtpclient.apple ([38.90.134.212]) by smtp.gmail.com with ESMTPSA id h8-20020ac846c8000000b00344c29bc045sm1088954qto.25.2022.08.26.04.35.04 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 26 Aug 2022 04:35:05 -0700 (PDT)
From: Chris Wendt <chris-ietf@chriswendt.net>
Message-Id: <E0631B6F-14FB-499D-BF68-2CE0BFC7237B@chriswendt.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_F728AA5D-530D-4864-BCAD-A0DC95F21A61"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
Date: Fri, 26 Aug 2022 07:35:06 -0400
In-Reply-To: <013c01d8b896$e818e360$b84aaa20$@numeracle.com>
Cc: Christer Holmberg <christer.holmberg=40ericsson.com@dmarc.ietf.org>, Robert Sparks <rjsparks@nostrum.com>, Ben Campbell <ben@nostrum.com>, IETF STIR Mail List <stir@ietf.org>, STIR Chairs <stir-chairs@ietf.org>
To: pierce@numeracle.com
References: <166092541721.15611.12331275110612885444@ietfa.amsl.com> <73813D32-314D-4086-BEB9-F37D2887DB90@nostrum.com> <HE1PR07MB44416763F30C0ED896226CCD93729@HE1PR07MB4441.eurprd07.prod.outlook.com> <480cb290-d2a6-8652-5d91-452e3a182b20@nostrum.com> <HE1PR07MB444178AC33337F65512FD19B93729@HE1PR07MB4441.eurprd07.prod.outlook.com> <013c01d8b896$e818e360$b84aaa20$@numeracle.com>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/O3IM8CxhKdigHT54_J1EixHYe1M>
Subject: Re: [stir] WGLC: draft-ietf-stir-identity-header-errors-handling-03.txt
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Aug 2022 11:35:08 -0000

Hi Pierce,

I think in the context of this specification, we really need to view authentication service as the RFC8224 defined authentication service.  Beyond that is industry and implementation specific.  Recall that ATIS-1000074 has same Reason header requirements, so I would claim that current implementations ignored this if they can’t support this functionality as a split SIP/HTTP based “authentication service” implementation as you are defining it.

-Chris

> On Aug 25, 2022, at 11:25 AM, pierce@numeracle.com wrote:
> 
> The text "in the next provisional or final responses sent to the authentication service" assumes the STI-AS will receive those responses and can do something with them. E.g., include them in a log.
>  
> This is not a good assumption.  Many (most?) AS/VS designs use an outboard server which is called using SIP INVITE or HTTPS and which responds using SIP 302 or HTTPS.  In both of those cases an AS may never see responses from verification services.
>  
> I recommend removing the language “sent to the authentication service” as being unnecessary and potentially misleading.
>  
> Pierce
>  
>  
> From: stir <stir-bounces@ietf.org> On Behalf Of Christer Holmberg
> Sent: Thursday, August 25, 2022 9:41 AM
> To: Robert Sparks <rjsparks@nostrum.com>; Ben Campbell <ben@nostrum.com>; IETF STIR Mail List <stir@ietf.org>
> Cc: Chris Wendt <chris-ietf@chriswendt.net>; STIR Chairs <stir-chairs@ietf.org>
> Subject: Re: [stir] WGLC: draft-ietf-stir-identity-header-errors-handling-03.txt
>  
> Hi,
>  
> Yes, I meant Reasonse+STIR. It also seems I forgot the background information for my question in my previous e-mail. Sorry for that.
>  
> RFC 3326 says:
>  
>    "Initially, the Reason header field defined here appears to be most
>    useful for BYE and CANCEL requests, but it can appear in any request
>    within a dialog, in any CANCEL request and in any response whose
>    status code explicitly allows the presence of this header field."
>  
> So, my reading it needs to be explicitly indicated for which SIP response status codes Reason can be included.
>  
> For example, RFC 6432, which defines the Reason Q.850 protocol says:
>  
> "This document allows SIP responses to carry Reason header fields as
>    follows:
>  
>       Any SIP Response message, with the exception of a 100 (Trying),
>       MAY contain a Reason header field with a Q.850 [Q.850] cause code."
>  
> Regards,
>  
> Christer
>  
>  
>  
>  
> -----Original Message-----
> From: stir <stir-bounces@ietf.org <mailto:stir-bounces@ietf.org>> On Behalf Of Robert Sparks
> Sent: torstai 25. elokuuta 2022 17.21
> To: Christer Holmberg <christer.holmberg@ericsson.com <mailto:christer.holmberg@ericsson.com>>; Ben Campbell <ben@nostrum.com <mailto:ben@nostrum.com>>; IETF STIR Mail List <stir@ietf.org <mailto:stir@ietf.org>>
> Cc: Chris Wendt <chris-ietf@chriswendt.net <mailto:chris-ietf@chriswendt.net>>; STIR Chairs <stir-chairs@ietf.org <mailto:stir-chairs@ietf.org>>
> Subject: Re: [stir] WGLC: draft-ietf-stir-identity-header-errors-handling-03.txt
>  
> (Assuming you meant Reason+STIR below, and wearing no hats):
>  
> It isn't clear to me that there's a need to say anything more here than what RFC3326 says. Perhaps the text can be clear that this uses the rules for where the header can occur as RFC3326. I don't think we want something _different_, and I don't want to try to restate those rules in this document.
>  
> RjS
>  
>  
> On 8/25/22 9:05 AM, Christer Holmberg wrote:
> > Hi,
> > 
> > When the STIR protocol is used, in which SIP response codes can the Reason header(s) be included?
> > 
> > I can only find the following statement: "in the next provisional or final responses sent to the authentication service.".
> > 
> > That is not every explicit. If we want to allow Reason+SIP with *any* SIP response code it would be good to say so.
> > 
> > Regards,
> > 
> > Christer
> > 
> > -----Original Message-----
> > From: stir <stir-bounces@ietf.org <mailto:stir-bounces@ietf.org>> On Behalf Of Ben Campbell
> > Sent: maanantai 22. elokuuta 2022 2.50
> > To: IETF STIR Mail List <stir@ietf.org <mailto:stir@ietf.org>>
> > Cc: Chris Wendt <chris-ietf@chriswendt.net <mailto:chris-ietf@chriswendt.net>>; STIR Chairs <stir-chairs@ietf.org <mailto:stir-chairs@ietf.org>>
> > Subject: [stir] WGLC: draft-ietf-stir-identity-header-errors-handling-03.txt
> > 
> > Hi,
> > 
> > This starts a STIR working group last call for draft-ietf-stir-identity-header-errors-handling-03. Please send feedback tot he authors and the STIR list by September 7. Note that we added a couple of days to the WGLC period due to the US Labor Day holiday.      
> > 
> > As always,any constructive feedback, including feedback to the effect of “I’ve read this and it is ready to go” is helpful.
> > 
> > Thanks!
> > 
> > Ben (For the STIR chairs)
> > 
> > 
> >> On Aug 19, 2022, at 11:10 AM, internet-drafts@ietf.org <mailto:internet-drafts@ietf.org> wrote:
> >> 
> >> 
> >> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> >> This draft is a work item of the Secure Telephone Identity Revisited WG of the IETF.
> >> 
> >>         Title           : Identity Header Errors Handling
> >>         Author          : Chris Wendt
> >>   Filename        : draft-ietf-stir-identity-header-errors-handling-03.txt
> >>   Pages           : 7
> >>   Date            : 2022-08-19
> >> 
> >> Abstract:
> >>    This document extends STIR and the Authenticated Identity Management
> >>    in the Session Initiation Protocol (SIP) error handling procedures to
> >>    include the mapping of verification failure reasons to STIR defined
> >>    4xx codes so the failure reason of an Identity header field can be
> >>    conveyed to the upstream authentication service when local policy
> >>    dictates that the call should continue in the presence of a
> >>    verification failure.  This document also defines procedures that
> >>    enable enable a failure reason to be mapped to a specific Identity
> >>    header for scenarios that use multiple Identity header fields where
> >>    some may have errors and others may not and the handling of those
> >>    situations is defined.
> >> 
> >> 
> >> The IETF datatracker status page for this draft is:
> >> https://datatracker.ietf.org/doc/draft-ietf-stir-identity-header-errors-handling/ <https://datatracker.ietf.org/doc/draft-ietf-stir-identity-header-errors-handling/>
> >> 
> >> There is also an htmlized version available at:
> >> https://datatracker.ietf.org/doc/html/draft-ietf-stir-identity-header-errors-handling-03 <https://datatracker.ietf.org/doc/html/draft-ietf-stir-identity-header-errors-handling-03>
> >> 
> >> A diff from the previous version is available at:
> >> https://www.ietf.org/rfcdiff?url2=draft-ietf-stir-identity-header-errors-handling-03 <https://www.ietf.org/rfcdiff?url2=draft-ietf-stir-identity-header-errors-handling-03>
> >> 
> >> 
> >> Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
> >> 
> >> 
> >> _______________________________________________
> >> stir mailing list
> >> stir@ietf.org <mailto:stir@ietf.org>
> >> https://www.ietf.org/mailman/listinfo/stir <https://www.ietf.org/mailman/listinfo/stir>
> > _______________________________________________
> > stir mailing list
> > stir@ietf.org <mailto:stir@ietf.org>
> > https://www.ietf.org/mailman/listinfo/stir <https://www.ietf.org/mailman/listinfo/stir>
>  
> _______________________________________________
> stir mailing list
> stir@ietf.org <mailto:stir@ietf.org>
> https://www.ietf.org/mailman/listinfo/stir <https://www.ietf.org/mailman/listinfo/stir>

v2.23.0 | Report a Bug | By Email