IETF Logo Mail Archive

Re: [stir] "iat" value to use during PASSPorT construction

"Asveren, Tolga" <tasveren@rbbn.com> Fri, 20 July 2018 20:35 UTC

Return-Path: <tasveren@rbbn.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF00E130DCC for <stir@ietfa.amsl.com>; Fri, 20 Jul 2018 13:35:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.489
X-Spam-Level:
X-Spam-Status: No, score=-2.489 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIM_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=sonusnetworks.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gVoGwIP73BWU for <stir@ietfa.amsl.com>; Fri, 20 Jul 2018 13:35:41 -0700 (PDT)
Received: from us-smtp-delivery-181.mimecast.com (us-smtp-delivery-181.mimecast.com [216.205.24.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E415130E5F for <stir@ietf.org>; Fri, 20 Jul 2018 13:35:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=SonusNetworks.onmicrosoft.com; s=selector1-rbbn-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aFwxaZLqtpbSYdolGDipkKvA8mQfIcrxIZBrfFqRjoE=; b=TSRXvkEhdEY5AFLEJQacjeUBP6CDASa+kLnuMqJtbja0o3dyVKTcjcMHCN1jOkiC0FqXdIv2tizKL2v0SzzDhFdoIbSJ7GTthnnZMIEO2b7eu7W6APfcl3EZtOgR17fvM8+cETUnwiBSjsg/8vG2goC0bvQBjImPpOEwJ3wno3I=
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02lp0022.outbound.protection.outlook.com [216.32.180.22]) (Using TLS) by us-smtp-1.mimecast.com with ESMTP id us-mta-149-jTYQNpLFMOqgMfgC0J-vrA-1; Fri, 20 Jul 2018 16:35:38 -0400
Received: from MWHPR03MB2815.namprd03.prod.outlook.com (10.175.135.9) by MWHPR03MB3328.namprd03.prod.outlook.com (10.174.249.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.973.20; Fri, 20 Jul 2018 20:35:33 +0000
Received: from MWHPR03MB2815.namprd03.prod.outlook.com ([fe80::c5c3:5bad:a1f7:52e9]) by MWHPR03MB2815.namprd03.prod.outlook.com ([fe80::c5c3:5bad:a1f7:52e9%9]) with mapi id 15.20.0973.018; Fri, 20 Jul 2018 20:35:33 +0000
From: "Asveren, Tolga" <tasveren@rbbn.com>
To: "Gorman, Pierce A [CTO]" <Pierce.Gorman@sprint.com>, williw <wilhelm@wimmreuter.de>
CC: "stir@ietf.org" <stir@ietf.org>
Thread-Topic: [stir] "iat" value to use during PASSPorT construction
Thread-Index: AdPrT9q/oUbx39SISTyhzIa9uuwWlA07J40AAAUuR2AAAxj3AAABNlBQAAFH6IAAAAgH4AAARg6AAAANrFA=
Date: Fri, 20 Jul 2018 20:35:33 +0000
Message-ID: <MWHPR03MB28153CA2A18BB43E5F49F947A5510@MWHPR03MB2815.namprd03.prod.outlook.com>
References: <CY4PR03MB3160EE4F4502CCF974B070CFA59C0@CY4PR03MB3160.namprd03.prod.outlook.com> <0C2B7B00-AB77-48E1-A666-F76A592DDC51@wimmreuter.de> <MWHPR03MB2815E6CDBA2DF7CD0D8E5BD0A5510@MWHPR03MB2815.namprd03.prod.outlook.com> <bcd76a29456e4456aab0a38d74d1f3ec@plswe13m04.ad.sprint.com> <MWHPR03MB2815AC2B559FC4C7B9772C9EA5510@MWHPR03MB2815.namprd03.prod.outlook.com> <2fcbf87cbbec4963a91eddf7d98133bf@plswe13m04.ad.sprint.com> <MWHPR03MB28158CBAF74A4A2C986783DBA5510@MWHPR03MB2815.namprd03.prod.outlook.com> <5a248e4afdfd418789a7da7aaf996cf8@plswe13m04.ad.sprint.com>
In-Reply-To: <5a248e4afdfd418789a7da7aaf996cf8@plswe13m04.ad.sprint.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [73.29.251.142]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR03MB3328; 20:kXE9J/lLSsFVfZCISagb4+qlbl8S/5kJdQ18sVvEuSl1i0dgEliWWLlWeWftnAPdMFejdzoD1HpKsuX/UABbPGMSIzaMWxzoxJnrGnsiVzenmvnuFXzXzO1JwgbBNQsdpSvTgYV24v2l+Tcyu6l3JaI0FvzR2SSTimk6JPgDDzc=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: e0d8ab2e-84e6-4206-d572-08d5ee8057ac
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600067)(711020)(2017052603328)(7153060)(7193020); SRVR:MWHPR03MB3328;
x-ms-traffictypediagnostic: MWHPR03MB3328:
x-microsoft-antispam-prvs: <MWHPR03MB33288E8A670317193FC4F565A5510@MWHPR03MB3328.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(18430343700868)(189930954265078)(159968658992688)(223705240517415)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231311)(944501410)(52105095)(3002001)(10201501046)(93006095)(93001095)(149027)(150027)(6041310)(201703131423095)(201703031522075)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(6072148)(201708071742011)(7699016); SRVR:MWHPR03MB3328; BCL:0; PCL:0; RULEID:; SRVR:MWHPR03MB3328;
x-forefront-prvs: 073966E86B
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(39850400004)(366004)(136003)(376002)(346002)(189003)(199004)(66066001)(7736002)(105586002)(6436002)(6246003)(5250100002)(53936002)(106356001)(8676002)(3846002)(229853002)(6306002)(8936002)(236005)(54896002)(55016002)(26005)(446003)(2900100001)(86362001)(790700001)(11346002)(97736004)(9686003)(6116002)(68736007)(81156014)(81166006)(186003)(5660300001)(33656002)(19609705001)(102836004)(2906002)(93886005)(99286004)(74316002)(76176011)(476003)(14454004)(4326008)(296002)(486006)(25786009)(478600001)(14444005)(5024004)(6506007)(606006)(966005)(7696005)(53546011)(316002)(110136005)(256004); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR03MB3328; H:MWHPR03MB2815.namprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
x-microsoft-antispam-message-info: OcknYN542gqql3/K0wDqlyhb7+aWAN8PMS/MwRw2Dxdl4wPdg7vaQx/EWiqiWwZPYG2k/6L1LQLV/mNYQHJbFVFU/xQgqIJnBTyNDCcDQijhc0OsSt+FnndahOPRJexc3Z6uabwVP+9MjvnAm+wpRQNeh3f1sh+mnf8R5FgDZvFPq+m3odlcq3irT5B09vX7v6AYutVhTFGYLlwHuXDsYr0tlyB6m0YxWKiSm3o8xWpRDgOdkgUAKfXu9k9DuvjeQN5ZPDyrn9oyRqes/GUmGuyyRCGrjKQcJ55CEiE/UjdO5GMl4VKytynqAwv5xu+zf5i5smRehTTWQ+AR+pKEBpk6JfVn3MQ283Cdxif0cXM=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
MIME-Version: 1.0
X-OriginatorOrg: rbbn.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e0d8ab2e-84e6-4206-d572-08d5ee8057ac
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jul 2018 20:35:33.5140 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 29a671dc-ed7e-4a54-b1e5-8da1eb495dc3
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR03MB3328
X-MC-Unique: jTYQNpLFMOqgMfgC0J-vrA-1
Content-Type: multipart/alternative; boundary="_000_MWHPR03MB28153CA2A18BB43E5F49F947A5510MWHPR03MB2815namp_"
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/QwT07v4oPxrX3DOwBw_b6fpcQGQ>
Subject: Re: [stir] "iat" value to use during PASSPorT construction
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jul 2018 20:35:47 -0000

I didn’t say I disagree. What I said is that none of these are introduced by “sign a call only if it leaves my network when I am the originating network” approach. It is how things are in general.

Thanks,
Tolga

From: stir <stir-bounces@ietf.org> On Behalf Of Gorman, Pierce A [CTO]
Sent: Friday, July 20, 2018 4:32 PM
To: Asveren, Tolga <tasveren@rbbn.com>; williw <wilhelm@wimmreuter.de>
Cc: stir@ietf.org
Subject: Re: [stir] "iat" value to use during PASSPorT construction

________________________________
NOTICE: This email was received from an EXTERNAL sender
________________________________

None of which invalidates the concern Willi asked about.

I’m not saying there aren’t approaches available for dealing with signed and verified but still bad calls.  All I am saying is Willi is correct to be concerned because it happens today without the signatures.  What we’re discussing is constraints and limitations and those are worth identifying and acknowledging.

Pierce


From: Asveren, Tolga [mailto:tasveren@rbbn.com]
Sent: Friday, July 20, 2018 3:27 PM
To: Gorman, Pierce A [CTO] <Pierce.Gorman@sprint.com<mailto:Pierce.Gorman@sprint.com>>; williw <wilhelm@wimmreuter.de<mailto:wilhelm@wimmreuter.de>>
Cc: stir@ietf.org<mailto:stir@ietf.org>
Subject: RE: [stir] "iat" value to use during PASSPorT construction

Again, there should be a policy to cover that, e.g. such organizations won’t be trusted anymore or at least not on the same level with others which did a good job on their end  as originating network. And probably some regulatory action can be taken based on complaints.

Thanks,
Tolga

From: Gorman, Pierce A [CTO] <Pierce.Gorman@sprint.com<mailto:Pierce.Gorman@sprint.com>>
Sent: Friday, July 20, 2018 4:24 PM
To: Asveren, Tolga <tasveren@rbbn.com<mailto:tasveren@rbbn.com>>; williw <wilhelm@wimmreuter.de<mailto:wilhelm@wimmreuter.de>>
Cc: stir@ietf.org<mailto:stir@ietf.org>
Subject: RE: [stir] "iat" value to use during PASSPorT construction

________________________________
NOTICE: This email was received from an EXTERNAL sender
________________________________

I think you missed my point.  There will be authoritatively signed calls with legitimate numbers from bad actors placing illegal or unwanted calls with bad intent.  Get enough of them and you can think of it as poisoning the well.

Pierce

From: Asveren, Tolga [mailto:tasveren@rbbn.com]
Sent: Friday, July 20, 2018 2:54 PM
To: Gorman, Pierce A [CTO] <Pierce.Gorman@sprint.com<mailto:Pierce.Gorman@sprint.com>>; williw <wilhelm@wimmreuter.de<mailto:wilhelm@wimmreuter.de>>
Cc: stir@ietf.org<mailto:stir@ietf.org>
Subject: RE: [stir] "iat" value to use during PASSPorT construction

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Not disagreeing with your points in general but:

I don’t think there is “protocol level” check possible whether a signature generated by an intermediary and verified successfully is created maliciously or not. This has to depend on policy. Depending on attestation level one may check whether signer is authoritative for  origin or whether it can be trusted for the particular attestation level without such a check. Whom to trust for which attestation level is really an operational/administrative decision and doesn’t have anything to do with protocol semantics AFAICS. But eventually, it may be “learned”, based on ratio of valid/spam/malicious/etc… calls signed by a certain organization.

Thanks,
Tolga

From: Gorman, Pierce A [CTO] <Pierce.Gorman@sprint.com<mailto:Pierce.Gorman@sprint.com>>
Sent: Friday, July 20, 2018 3:12 PM
To: Asveren, Tolga <tasveren@rbbn.com<mailto:tasveren@rbbn.com>>; williw <wilhelm@wimmreuter.de<mailto:wilhelm@wimmreuter.de>>
Cc: stir@ietf.org<mailto:stir@ietf.org>
Subject: RE: [stir] "iat" value to use during PASSPorT construction

________________________________
NOTICE: This email was received from an EXTERNAL sender
________________________________

Because of the large volume of porting and ported numbers I assume it is impractical (or at least undesirable) to validate in real-time that a number is “owned” by the originating carrier.  This also won’t work for the scenarios where the call is signed by a transit or gateway carrier (say for automated traceback).

It has been said many times that just as all unwanted and illegal robocalls do not use spoofed calling numbers, it should be assumed that bad actors will originate signed calls with bad intent.  Prepaid phones and ephemeral enterprise SIP trunks will be a good home for these kinds of calls.  And there are other scenarios as well.



From: Asveren, Tolga [mailto:tasveren@rbbn.com]
Sent: Friday, July 20, 2018 1:18 PM
To: williw <wilhelm@wimmreuter.de<mailto:wilhelm@wimmreuter.de>>
Cc: stir@ietf.org<mailto:stir@ietf.org>
Subject: Re: [stir] "iat" value to use during PASSPorT construction

I don’t think that is an issue as that signature is cryptographically valid doesn’t mean that is “completely fine”. It also should be checked that signing organization is authoritative for the claimed (and verified) origination.

Please consider that the scenario you mention is not related with “originating network signs only if the call leaves the network” policy. It can happen for any case: an intermediary (maybe with malicious intent) just can generate a valid signature for any call by using its own key; but then the above check I mentioned would detect that signer is not authoritative for the origination, i.e. signature is not generated by the originating network.

Thanks,
Tolga

From: stir <stir-bounces@ietf.org<mailto:stir-bounces@ietf.org>> On Behalf Of williw
Sent: Friday, July 20, 2018 11:15 AM
To: Asveren, Tolga <tasveren@rbbn.com<mailto:tasveren@rbbn.com>>
Cc: stir@ietf.org<mailto:stir@ietf.org>
Subject: Re: [stir] "iat" value to use during PASSPorT construction

________________________________
NOTICE: This email was received from an EXTERNAL sender
________________________________

Sorry, I unsuccessfully submitted my concern on jabber list during the meeting.
However, this could be valid in this and applies possibly other areas of stir as well.


My concern that came up while seeing the cat slides in meeting was the following:


Signing outbound / E-gres calls only.
This emulates the old PSTN paradigm and enables impersonation as we have it in SS7.
Without originating signatures this seems to be a big impersonation hole I assume.

In fact, operators will happily sign my robocalls and other malicious stuff.
And this will guarantee that my robocalls have a valid signature that will also be perfect for OOB signalling etc.

Is this concern valid?

Sorry this did not come through the scribe and to the mic.

Thanks

Willi

_______________________________________________
stir mailing list
stir@ietf.org<mailto:stir@ietf.org>
https://www.ietf.org/mailman/listinfo/stir<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fstir&data=02%7C01%7Cpierce.gorman%40sprint.com%7C7bd5c71eb8c44aaea07308d5ee7a7e60%7C4f8bc0acbd784bf5b55f1b31301d9adf%7C0%7C0%7C636677132235044610&sdata=4xbcc%2BA815i2iwOqQnmym6xX3%2FI1%2Boe%2Fv%2Bj7rRXO%2FAo%3D&reserved=0>

________________________________

This e-mail may contain Sprint proprietary information intended for the sole use of the recipient(s). Any use by others is prohibited. If you are not the intended recipient, please contact the sender and delete all copies of the message.

v2.23.0 | Report a Bug | By Email