IETF Logo Mail Archive

Re: [stir] Setting Direction for the STIR WG Last Call

Tony Rutkowski <tony@yaanatech.com> Thu, 18 August 2016 00:40 UTC

Return-Path: <tony@yaanatech.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF24312D827 for <stir@ietfa.amsl.com>; Wed, 17 Aug 2016 17:40:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KlSqza5cK4ts for <stir@ietfa.amsl.com>; Wed, 17 Aug 2016 17:40:31 -0700 (PDT)
Received: from sc9-admin2.yaanatech.net (63-128-177-42-static.dzbja.com [63.128.177.42]) by ietfa.amsl.com (Postfix) with ESMTP id A4C0312D75D for <stir@ietf.org>; Wed, 17 Aug 2016 17:40:31 -0700 (PDT)
Received: from extmail1.yaanatech.com (extmail1.yaanatech.com [63.128.177.51]) by sc9-admin2.yaanatech.net (Postfix) with ESMTP id 4BB3F1B8; Thu, 18 Aug 2016 00:40:31 +0000 (UTC)
Received: from [192.168.1.51] (pool-173-67-205-17.clppva.fios.verizon.net [173.67.205.17]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by extmail1.yaanatech.com (Postfix) with ESMTP id CACF758090; Thu, 18 Aug 2016 00:40:26 +0000 (UTC)
References: <07e0eb16-6758-cdf1-c571-1f1ed768e741@dcrocker.net> <D9E1B04E-EE62-44AD-B98E-05A264FD044C@vigilsec.com> <2D7E9FF7-6121-4E0C-BBCA-FD730F252713@brianrosen.net>
To: Brian Rosen <br@brianrosen.net>, Russ Housley <housley@vigilsec.com>
From: Tony Rutkowski <tony@yaanatech.com>
Organization: Yaana Technologies
Message-ID: <cb12f6e6-c883-0c8e-a83d-ce180623a3ed@yaanatech.com>
Date: Wed, 17 Aug 2016 20:40:29 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <2D7E9FF7-6121-4E0C-BBCA-FD730F252713@brianrosen.net>
Content-Type: multipart/alternative; boundary="------------A919657BD77E8C596017C3A7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/Rfg6VeS2LaaVq3e8mVJx4bDB1zA>
Cc: IETF STIR Mail List <stir@ietf.org>
Subject: Re: [stir] Setting Direction for the STIR WG Last Call
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: tony@yaanatech.com
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2016 00:40:34 -0000

+1 (alternatively just do it under FCC auspices
or another venue, e.g., 3GPP SA3, where one
person cannot waste everyone's time.)

On 2016-08-17 5:00 PM, Brian Rosen wrote:
> Thanks for this.
>
> May I offer a suggestion?  Let’s ask the authors to submit updates to their drafts that resolve as many of the comments they see as worthy to fix that can be done quickly.  Then let’s ask commenters to look at the diff, identify changes that were NOT made, and use the issue tracker to document them.
>
> That way we can avoid a lot of simple issues in the tracker, and have separate threads for each issue remaining open.
>
> Brian
>
>> On Aug 17, 2016, at 4:52 PM, Russ Housley <housley@vigilsec.com> wrote:
>>
>> It is not fun for a WG Chair to take a vacation and then return to find that WG Last Call discussion has escalated from a straight forward document review to accusations of bad acts on the list.  Well, that is where I find myself, so I’d like to take a step back and try to focus this energy in a productive direction.  First, I think that recounting a bit of history may be helpful.
>>
>> Well before the STIR BOF, there was consensus that the solution needed two parts.  First, there needed to be a digital signature that covered the claimed source telephone number and some other things to prevent replay.  Second, there needed to be credentials to provide the public key to validate that signature.
>>
>> During the STIR WG chartering discussion we talked about where that signature might be carried.  We got direction from the Area Director that we should focus on in-band mechanisms before looking at out-of-band mechanisms.  The STIR WG charter gives direction:
>>
>>    As its priority mechanism work item, the working group will specify a
>>    SIP header-based mechanism for verification that the originator of a SIP
>>    session is authorized to use the claimed source telephone number, where
>>    the session is established with SIP end to end.
>>
>> The WG decided that a replacement to RFC 4474 was the best way to accomplish this, and the first WG draft on that topic was adopted in June 2014.
>>
>> Before the STIR BOF, there was discussion about the type of credential that would best scale to represent the telephone number space.  The WG recognized that using certificates for the credential meant that some aspects of the public key infrastructure associated would need to be left to the regulators in each country.  This is a political reality associated with telephone numbers.  This was discussed and understood.  See the hum results regarding credential format at IETF 90 in July 2014:
>>
>>    https://www.ietf.org/proceedings/90/minutes/minutes-90-stir
>>
>> The WG decided on certificates for the credential format, and the first WG draft on that topic was adopted in October 2014.
>>
>> In most of 2015, the WG was making slow progress.  Frankly, I was a bit frustrated; with these fundamental decisions behind us, we could have made faster progress.  But then, we saw renewed energy starting in the Summer of 2015.  One recent example of this can been seen in the blog post from last month by FCC Chairman Wheeler:
>>
>>    https://www.fcc.gov/news-events/blog/2016/07/22/cutting-robocalls
>>
>> As part of the renewed energy, there was a suggestion to use the signature format specified by the JOSE WG instead of a bespoke design.  The result was PASSporT, and the first WG draft on that topic was adopted in February 2016.
>>
>> Now, all three of these documents are in WG Last Call.  It seems that some of the fundamental decisions that were made almost two years ago are being called into question.  If there is a technical problem, let’s identify it and fix it.  If there is a lack of clarity, let’s fix that too.  However, WG Last Call is not the time to revisit each decision that brought the WG to this point.
>>
>> If you are the author of a review that raises a large technical problem, I ask you to provide a concise description of the problem in a message of its own.  I am trying to separate the discussion of any such problems from the resolution of other document comments.
>>
>> I ask the authors of each document to review the comments that have been posted and offer a way forward.
>>
>> Thanks,
>> Russ
>>
>> _______________________________________________
>> stir mailing list
>> stir@ietf.org
>> https://www.ietf.org/mailman/listinfo/stir
> _______________________________________________
> stir mailing list
> stir@ietf.org
> https://www.ietf.org/mailman/listinfo/stir
>

v2.23.0 | Report a Bug | By Email