Re: [stir] RFC 4474bis Last Call - Fingerprint
Chris Wendt <chris-ietf@chriswendt.net> Wed, 07 September 2016 02:33 UTC
Return-Path: <chris-ietf@chriswendt.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 551E612B49E for <stir@ietfa.amsl.com>; Tue, 6 Sep 2016 19:33:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=chriswendt-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0_xDzV3jEBbA for <stir@ietfa.amsl.com>; Tue, 6 Sep 2016 19:33:28 -0700 (PDT)
Received: from mail-qk0-x231.google.com (mail-qk0-x231.google.com [IPv6:2607:f8b0:400d:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A47912B484 for <stir@ietf.org>; Tue, 6 Sep 2016 19:33:28 -0700 (PDT)
Received: by mail-qk0-x231.google.com with SMTP id l2so2239623qkf.3 for <stir@ietf.org>; Tue, 06 Sep 2016 19:33:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chriswendt-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc:message-id:references :to; bh=/JCgUwvAHSVUkOG7qXFAorRKjR5ybGwOi+a6qluSlaI=; b=qlLN5NyJHX6RRrKfb++zKa/8XCACXcfFkJ4dhuX0UziTJHT6HtYh68xKtfoAWLF8/+ EZnE+c0oQm2hRbDZQiXVVROYD3NvSp5if5K0WGoV3kOu989alrI1FXUxriD4BDgcB4Eu lL+dwarT5wGYq/VriuyOY8Ey9Cz8CQ/W6KIlyzoJsfC4oiuiI3SfEgB/0KZVqm+pqtuX l9VUdmgAUA+RCMNPumM31y9ILfB+yljENmUTRwlRqJVvxfvZGGYv0nTcJHABKIazlMJu y6+gsrB4n+Vh9llHJgw2OlD+oHlWXUmOUIUiR20YDruicBGeK3AoRhiCT6Y2opxFTZJD +utA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=/JCgUwvAHSVUkOG7qXFAorRKjR5ybGwOi+a6qluSlaI=; b=P5ndoOvWtoG6b6EApOoUKT8s4UxcplMK37piPyN6LHx76azdKglZe8bCCtAXMgkLye FumYjNoZYSuh9+4Vwn8xLmmvbYJJRFHVySM7MBq+U3H+t2etu7EZ2BxipGdGGUwzYjTg 83CdFc10CfDG5lQlMtb9VUXHTdpSmmewwp1jGQNBpFw/PqWxO0fRJFiuCo/Hvm41rSSh enmfKMdXWa32B5oJ4Q0vXX0Pyzl5BCWJ8Sslhng0zWe7ReTDvhvJQwxFcBfrgXGooAie Q4+5Wn3FKk6xQIL+skq22NgywNOD8yE3Is4bE/47sTb9zfoMRbYqDJNxgI3OBi9ADXMI 6bmw==
X-Gm-Message-State: AE9vXwO5SNbZ6GouCpaggQJTstB5otBSCKKMvMUh3QwmxxQxARQw3NTQ0oG+D+84OTDtew==
X-Received: by 10.55.22.22 with SMTP id g22mr30739662qkh.267.1473215607561; Tue, 06 Sep 2016 19:33:27 -0700 (PDT)
Received: from ?IPv6:2601:41:c101:9364:e95e:7986:863:68b0? ([2601:41:c101:9364:e95e:7986:863:68b0]) by smtp.gmail.com with ESMTPSA id l22sm19767438qtl.34.2016.09.06.19.33.26 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 06 Sep 2016 19:33:27 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_22850B6F-C462-4589-A5B5-C5A11F3E5393"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Chris Wendt <chris-ietf@chriswendt.net>
In-Reply-To: <D3EF29A7.1AD1F2%jon.peterson@neustar.biz>
Date: Tue, 06 Sep 2016 22:33:37 -0400
Message-Id: <A7FD8E9B-FB5D-4C17-93AA-B9F8172A1D60@chriswendt.net>
References: <0ef901d20544$57cc7da0$076578e0$@zipdx.com> <7594FB04B1934943A5C02806D1A2204B4BC829D5@ESESSMB209.ericsson.se> <D3EF1C6E.1AD1DA%jon.peterson@neustar.biz> <7594FB04B1934943A5C02806D1A2204B4BC82CC7@ESESSMB209.ericsson.se> <D3EF29A7.1AD1F2%jon.peterson@neustar.biz>
To: "Peterson, Jon" <jon.peterson@neustar.biz>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/RdIKNoK8eoSH6Igp5OqQe3EIY-w>
Cc: "stir@ietf.org" <stir@ietf.org>, David Frankel <dfrankel@zipdx.com>, Christer Holmberg <christer.holmberg@ericsson.com>
Subject: Re: [stir] RFC 4474bis Last Call - Fingerprint
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Sep 2016 02:33:31 -0000
I did get this comment from other folks as well and for mky, I will be updating in the next release of passport incorporating a MUST for ordering fingerprint values in lexicographic order to guarantee it validating in the case where fingerprint order is changed. Hopefully this should solve your concerns. Thanks. > On Sep 2, 2016, at 4:12 PM, Peterson, Jon <jon.peterson@neustar.biz> wrote: > > > To recover these if they were removed requires the presence of "canon." That does not mean that "canon" is or should be required. > > Again, the decision to make "canon" optional depends on how common we anticipate these removal cases will be, and how heavily we would weigh the cost of increasing the message size every time we use Identity. We've had this discussion a number of times now, including a consensus call at the last meeting, and consistently the conclusion has been to keep "canon" optional. This "mkey" one especially I do not anticipate will result in a common failure condition. > > Jon Peterson > Neustar, Inc. > > From: Christer Holmberg <christer.holmberg@ericsson.com <mailto:christer.holmberg@ericsson.com>> > Date: Friday, September 2, 2016 at 1:01 PM > To: Jon Peterson <jon.peterson@neustar.biz <mailto:jon.peterson@neustar.biz>>, David Frankel <dfrankel@zipdx.com <mailto:dfrankel@zipdx.com>>, "stir@ietf.org <mailto:stir@ietf.org>" <stir@ietf.org <mailto:stir@ietf.org>> > Subject: RE: [stir] RFC 4474bis Last Call - Fingerprint > >> Hi, >> >> >PASSporT is designed to allow media streams to be reordered (again, this is one of the >cases Jonathan Lennox raised that got us to change the original "mkey" syntax). Setting an >"m=" line to zero and removing the associated fingerprint will also be captured by "canon" >and should be recoverable - provided of course that the intermediaries are willing to let >"canon" through. >> >> Doesn’t that require “canon”, and the claims, to be present in the request? In the latest version of 4474bis they are still optional… >> >> Regards, >> >> Christer >> >> >> >> From: stir <stir-bounces@ietf.org <mailto:stir-bounces@ietf.org>> on behalf of Christer Holmberg <christer.holmberg@ericsson.com <mailto:christer.holmberg@ericsson.com>> >> Date: Friday, September 2, 2016 at 12:02 PM >> To: David Frankel <dfrankel@zipdx.com <mailto:dfrankel@zipdx.com>>, "stir@ietf.org <mailto:stir@ietf.org>" <stir@ietf.org <mailto:stir@ietf.org>> >> Subject: Re: [stir] RFC 4474bis Last Call - Fingerprint >> >>> Hi, >>> >>> In addition to the cases David presented, there can also be an intermediary disables media by setting the m= line port value to zero. In such cases the intermediary may also remove all fingerprint attributes associated with the m= line. >>> >>> And, even if all fingerprints sent by the signer reach the verifier, there is no guarantee they will be in the same matter. Not sure whether it matters as far as calculating the signature is concerned, but just to keep in mind… >>> >>> In general, assuming we are going to use (or at least allow) Appendix F, we cannot change any “MUST” to “MAY”, because we need to specify exactly what content is used to calculate the signature, as that information will not be carried in the SIP message. >>> >>> Regards, >>> >>> Christer >>> >>> >>> >>> From: stir [mailto:stir-bounces@ietf.org <mailto:stir-bounces@ietf.org>] On Behalf Of David Frankel >>> Sent: 02 September 2016 21:04 >>> To: stir@ietf.org <mailto:stir@ietf.org> >>> Subject: [stir] RFC 4474bis Last Call - Fingerprint >>> >>> Greetings. >>> >>> I find myself worried about the following text in the 4474bis draft at 4.1: >>> >>> “Fourth, if the request contains an SDP message body, and if that SDP contains one or more "a=fingerprint" attributes, then the JSON key "mky" MUST appear with the algorithm(s) and value(s) of the fingerprint attributes (if they differ), following the format given in [I-D.ietf-stir-passport] Section 3.2.2.2.” >>> >>> As I understand it, this is done to ensure that the fingerprint has not been altered (perhaps by a “man in the middle”) and give confidence that the media is encrypted end-to-end. >>> >>> However, I fear that this may break STIR in some not-entirely-uncommon situations. Public network SIP calls are routinely re-originated (as we’ve discussed). Sometimes the RTP will still go end-to-end unaltered, but in other cases it may be necessary to terminate and re-originate the stream as well as the SIP messaging. For example, a transit operator might need to transcode the audio if the operators on either side don’t have matching codecs. For example, a transit operator might transcode wideband audio between G.722.2 (AMR-WB) and G.722. Or between G.729 and G.711. Or possibly between G.711 a-law and mu-law. (The reality may be that anybody that can handle a-law can handle mu-law, so transcoding should “never” be required for G.711.) There could be other examples. I guess for lawful intercept (CALEA) the interceptor would still be able to LISTEN without altering the fingerprint, so perhaps that wouldn’t break the STIR signature. >>> >>> I raise the point for discussion. (The details here are a bit outside my expertise, and I probably missed some earlier discussion.) One possible suggestion is to change “MUST” to “MAY” in the text I quoted above. This gives the originator of the call the opportunity to decide whether they want downstream operators to have the flexibility to alter the fingerprint but still maintain the end-to-end identity assurance offered with STIR. An originator may be mostly concerned with protecting their media on the first hop; this would let them do that (I think). >>> >>> While protecting the fingerprint is a nice-to-have, I didn’t recall it in the STIR charter or problem statement. >>> >>> David >>> >>> David Frankel >>> ZipDX® LLC >>> Monte Sereno, CA USA >>> Tel: 1-800-FRANKEL (1-800-372-6535) >>> Watch Our Video! <http://www.zipdx.info/features/> >>> > _______________________________________________ > stir mailing list > stir@ietf.org > https://www.ietf.org/mailman/listinfo/stir
- [stir] RFC 4474bis Last Call - Fingerprint David Frankel
- Re: [stir] RFC 4474bis Last Call - Fingerprint Christer Holmberg
- Re: [stir] RFC 4474bis Last Call - Fingerprint Christer Holmberg
- Re: [stir] RFC 4474bis Last Call - Fingerprint Peterson, Jon
- Re: [stir] RFC 4474bis Last Call - Fingerprint Peterson, Jon
- Re: [stir] RFC 4474bis Last Call - Fingerprint Christer Holmberg
- Re: [stir] RFC 4474bis Last Call - Fingerprint Peterson, Jon
- Re: [stir] RFC 4474bis Last Call - Fingerprint Chris Wendt