[stir] WG Last Call comments on stir-oob-04
Russ Housley <housley@vigilsec.com> Wed, 17 April 2019 16:33 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13387120164 for <stir@ietfa.amsl.com>; Wed, 17 Apr 2019 09:33:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sonfJJqyfvWJ for <stir@ietfa.amsl.com>; Wed, 17 Apr 2019 09:33:10 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4F6012015E for <stir@ietf.org>; Wed, 17 Apr 2019 09:33:09 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id CA522300400 for <stir@ietf.org>; Wed, 17 Apr 2019 12:14:51 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id uFTbf_6DEei2 for <stir@ietf.org>; Wed, 17 Apr 2019 12:14:48 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (unknown [138.88.156.37]) by mail.smeinc.net (Postfix) with ESMTPSA id E1DD3300AA5; Wed, 17 Apr 2019 12:14:46 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <9BB03273-2BFA-4907-9234-EC8CE33E0186@team.neustar>
Date: Wed, 17 Apr 2019 11:58:21 -0400
Cc: IETF STIR Mail List <stir@ietf.org>
Content-Transfer-Encoding: 7bit
Message-Id: <C85EE94D-B228-4F23-9F2D-89D4D312F7EF@vigilsec.com>
References: <9BB03273-2BFA-4907-9234-EC8CE33E0186@team.neustar>
To: Jon Peterson <jon.peterson@neustar.biz>, Eric Rescorla <ekr@rtfm.com>
X-Mailer: Apple Mail (2.3445.104.8)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/PqU_LKcsFwPAIxs9T1d4GUNVNs0>
Subject: [stir] WG Last Call comments on stir-oob-04
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Apr 2019 16:33:12 -0000
Document: draft-ietf-stir-oob-04.txt Reviewer: Russ Housley Review Date: 2019-04-17 Major: Title page: As discussed on the mail list, please change the intended status to "Informational". Section 11: To date, STIR certificates are only used to digital signature. This document suggests that the public key in the certificate can also be used to provide confidentiality. This works if the public key is RSA, and the certificate has the appropriate key usage bits set. However, this does not work if the public key is DSA, ECDSA, Ed25519, or several others. I am not asking for a major change to the document, but this should be pointed out in the document. And, Section 11 should point out that finding the credential for the callee cannot leverage the "x5u" claim in the PASSporT when the public key can only be used for digital signature. Minor: Section 2: Please update the first paragraph to reference RFC 8174 in addition to RFC 2119, as follows: The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. Of course, also add a reference to RFC 8174. The figure in Section 7.2 can be easily adjusted to fit the normal margins. Also, the example telephone numbers should use the 555 conventions. I suggest: Alice Call Placement Service Bob -------------------------------------------------------------------- Store PASSporT for 2.222.555.2222 --> Call from 1.111.555.1111 ------------------------------------------> <-------------- Request PASSporT(s) for 2.222.555.2222 Obtain Encrypted PASSporT --------> (2.222.555.2222, 1.111.555.1111) [Ring phone with callerid = 1.111.555.1111] Also, adjust the text to reference these example telephone numbers. Likewise, please adjust the example telephone numbers in Section 9. It should be equally easy to remove three spaces from the figure in Section 7.4 to fit the normal margins. Section 7.3: Please add a reference for TLS. I assume you will use [RFC8446]. Section 7.5: s/Sign(K_cps, K_temp))/Sign(K_cps, K_temp)/ Section 11: Please add a reference for OCSP. I assume you will use [RFC2560]. Section 14: I think it would be helpful to include pointers to Sections 7.3 and 7.4 in the Security Considerations. Nits: Suggested spelling: s/CPSs/CPSes/ (Note: This spelling is used for Certificate Practice Statements.) Section 3: Please spell out the first use of "POTS". As an alternative, the sentence could be reworded to use PSTN, which has already been used many times by this point in the document. Sections 5.1 and 5.4: s/in the SIP world/in a SIP environment/ Section 5.4: s/back to the IP world/back to a SIP environment/ Section 5.4: s/returns to the IP world/returns to a SIP environment/ Section 5.5: s/a valid calls/a valid call/ Section 6.2: s/one that is valid/one or more that are valid/ Section 7.5: Please add an informative reference on blinded signatures.
- [stir] stir-oob-04 Peterson, Jon
- [stir] WG Last Call comments on stir-oob-04 Russ Housley
- Re: [stir] WG Last Call comments on stir-oob-04 Mary Barnes
- Re: [stir] WG Last Call comments on stir-oob-04 Chris Wendt
- Re: [stir] WG Last Call comments on stir-oob-04 Peterson, Jon
- Re: [stir] WG Last Call comments on stir-oob-04 Peterson, Jon