Re: [stir] Ben Campbell's Yes on draft-ietf-stir-rph-05: (with COMMENT)

"Das, Subir" <sdas@appcomsci.com> Fri, 18 May 2018 14:09 UTC

Return-Path: <sdas@appcomsci.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DC0F12D7F8; Fri, 18 May 2018 07:09:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rgZGISmQT63h; Fri, 18 May 2018 07:09:25 -0700 (PDT)
Received: from thumper.appcomsci.com (thumper.appcomsci.com [205.132.0.196]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C41CB12D947; Fri, 18 May 2018 07:09:24 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by thumper.appcomsci.com (Postfix) with ESMTP id 7A6176951C3; Fri, 18 May 2018 10:06:35 -0400 (EDT)
X-Virus-Scanned: by SpamTitan at appcomsci.com
Received: from thumper.appcomsci.com (localhost [127.0.0.1]) by thumper.appcomsci.com (Postfix) with ESMTP id 2D6C06951A2; Fri, 18 May 2018 10:06:35 -0400 (EDT)
Received: from bambi.appcomsci.com (bambi.appcomsci.com [192.4.5.54]) by thumper.appcomsci.com (Postfix) with ESMTPS id 145EB69519D; Fri, 18 May 2018 10:06:35 -0400 (EDT)
Received: from brg-exmb1.ats.atsinnovate.com (exch.appcomsci.com [192.4.5.112]) by bambi.appcomsci.com (8.14.4/8.13.4) with ESMTP id w4IE9M4M007826; Fri, 18 May 2018 10:09:22 -0400
Received: from RRC-ATS-EXMB2.ats.atsinnovate.com ([2002:c004:56a::c004:56a]) by brg-ats-exhb1.ats.atsinnovate.com ([fe80::fc05:b53:7f2b:84f9%18]) with mapi id 14.03.0389.001; Fri, 18 May 2018 10:09:22 -0400
From: "Das, Subir" <sdas@appcomsci.com>
To: Ben Campbell <ben@nostrum.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-stir-rph@ietf.org" <draft-ietf-stir-rph@ietf.org>, "Russ Housley" <housley@vigilsec.com>, "stir-chairs@ietf.org" <stir-chairs@ietf.org>, "housley@vigilsec.com" <housley@vigilsec.com>, "stir@ietf.org" <stir@ietf.org>
Thread-Topic: Ben Campbell's Yes on draft-ietf-stir-rph-05: (with COMMENT)
Thread-Index: AQHT7jBgL24kBgs3AEy+h1jnRziGB6Q1hPpw
Date: Fri, 18 May 2018 14:09:21 +0000
Message-ID: <AAC987F0CC2C7845A9FBD8A36D52E12DCBD598B3@rrc-ats-exmb2.ats.atsinnovate.com>
References: <152659695321.1530.2659397954219553276.idtracker@ietfa.amsl.com>
In-Reply-To: <152659695321.1530.2659397954219553276.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.109.16.82]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/OUvP5GX_ON8sU1xbJRzBVmv_95Q>
Subject: Re: [stir] Ben Campbell's Yes on draft-ietf-stir-rph-05: (with COMMENT)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 May 2018 14:09:27 -0000

Hello Ben,
Thanks for clearing your  discuss. On the following point, we will add some texts in next version. 

_Subir 

§7.2:
   o  The verification of the signature MUST include means of verifying
      that the signer is authoritative for the signed content of the
      resource priority namespace in the PASSporT."

The authors explained via email that they expect this to depend on some ATIS work. I understand that such work is in progress, but has not reached the point of being citable. I don't want to see this document blocked on that work, so I cleared my discuss. However, I still think it would be a good idea to add some scoping text early in the document to the effect that this mechanism is intended for environments where some means of verifying that the signer is authoritative is available. (In addition to keeping the normative text in §7.2)



-----Original Message-----
From: Ben Campbell <ben@nostrum.com>; 
Sent: Thursday, May 17, 2018 6:43 PM
To: The IESG <iesg@ietf.org>;
Cc: draft-ietf-stir-rph@ietf.org; Russ Housley <housley@vigilsec.com>;; stir-chairs@ietf.org; housley@vigilsec.com; stir@ietf.org
Subject: Ben Campbell's Yes on draft-ietf-stir-rph-05: (with COMMENT)

Ben Campbell has entered the following ballot position for
draft-ietf-stir-rph-05: Yes

When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-stir-rph/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thank you for addressing my first discussion point and comments. I still have a concern on the second discuss point:

§7.2:
   o  The verification of the signature MUST include means of verifying
      that the signer is authoritative for the signed content of the
      resource priority namespace in the PASSporT."

The authors explained via email that they expect this to depend on some ATIS work. I understand that such work is in progress, but has not reached the point of being citable. I don't want to see this document blocked on that work, so I cleared my discuss. However, I still think it would be a good idea to add some scoping text early in the document to the effect that this mechanism is intended for environments where some means of verifying that the signer is authoritative is available. (In addition to keeping the normative text in §7.2)