[stir] Comments on draft-ietf-stir-passport-divert
Ben Campbell <ben@nostrum.com> Mon, 08 April 2019 18:01 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FEB11200A1; Mon, 8 Apr 2019 11:01:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.68
X-Spam-Level:
X-Spam-Status: No, score=-1.68 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wuNmaHVv97h2; Mon, 8 Apr 2019 11:01:06 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E7311200B5; Mon, 8 Apr 2019 11:01:06 -0700 (PDT)
Received: from bens-macbook.lan (cpe-66-25-20-105.tx.res.rr.com [66.25.20.105]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id x38I14kq053998 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Mon, 8 Apr 2019 13:01:05 -0500 (CDT) (envelope-from ben@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1554746465; bh=cQpi7v7FeU2FkPZqI0OLozZ/+ByQjDgPO7MGjT2Ios8=; h=From:Subject:Date:To; b=g2S6gPKIeGhuxyyqCKLcFeafKvO/zj0BlOR8bnmWj0BPnHYWOmdyorZqfJnPcIaIo HmOkSBvrCs9+HUl2PlgGvWsKkjTlqrc5ATB2YshBram63CnZghj0chuBvMfvO9oTi7 7c8EAdIwspLVB1hK7EsG2g3A2Ggk/5dKCob1YPCE=
X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-20-105.tx.res.rr.com [66.25.20.105] claimed to be bens-macbook.lan
From: Ben Campbell <ben@nostrum.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_B61672C2-444F-416F-A0D3-4950D88B0423"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\))
Message-Id: <CB96AAE5-2220-4ECB-A45D-C5E1CD3A9071@nostrum.com>
Date: Mon, 08 Apr 2019 13:00:58 -0500
To: stir@ietf.org, draft-ietf-stir-passport-divert@ietf.org
X-Mailer: Apple Mail (2.3445.104.8)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/S2xIrGN0BMnOKCiNfLHPGP9eU5g>
Subject: [stir] Comments on draft-ietf-stir-passport-divert
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Apr 2019 18:01:08 -0000
Hi, I agreed in Prague to review draft-ietf-stir-passport-divert, and have done so. I think it’s mostly in good shape, but have some minor comments and questions. Thanks! Ben. *** Substantive Comments *** §4.2: - What happens if a “div” passport chains back to a PASSporT object with an unknown “ppt” value? Is the answer the same if the offending ppt occurs at the innermost PASSporT vs in the middle of the chain? (That is, is there any possibility of traversing a ppt of unknown type when verifying the chain?) - "The verification service SHOULD also verify that all other "div" PASSporTs in the chain share the same "orig" value.” What is the benefit of doing this? What would be the consequences of not doing it? What would be reasonable behavior if the verifier discovered a non-matching orig? (And depending on the answers: Why not MUST?) - "It is furthermore RECOMMENDED that the verification service check that the "iat" field of the innermost PASSporT is also within the date freshness interval; otherwise the verification service could allow attackers to replay an old, stale PASSporT embedded in a fresh "div”.” Why is this not a MUST? Do you envision situations where it would be reasonable not to comply? - "PASSporT. Note that (per Section 4.1) a chain may terminate at more than one innermost PASSporT, in cases where a single "div" is used to retarget from multiple based PASSporTs.” What happens if some of the terminating PASSporTs fail verification but others succeed? §6: Is “opt" intended for general purpose use? If so, I suggest splitting it out into a separate draft. “Div" seems like a strange place to hide it. Is there a hard 3 letter limit for passport parameter names? “opt” seems rather non-mnemonic due to the collision with the plain English word. §11: Are there scenarios wheret the original destination in a diverted call could be privacy sensitive? *** Editorial Comments and Nits *** - There are some minor complaints from IDNits that should be addressed prior to pubreq. - Please expand the following acronyms: PASSporT (in title, abstract and body) JWT STIR §1: - "practically speaking some operational environments do alter the To header field” That may be a bit of an understatement. Perhaps “some” should be “many”? - "and they both can capture minor syntactical changes in URIs that do not reflect a change to the actual target of a call.” I’m not sure what “capture” means in this contexrt. Are we talking about otherwise unnecessary H-I entries due to semantically equivalent but syntactically different URIs? §2: Is there a reason not to use the updated boilerplate from RFC8174? §4.2: It seems early in the evolution of STIR to call base verification services “traditional” :-)
- [stir] Comments on draft-ietf-stir-passport-divert Ben Campbell
- Re: [stir] Comments on draft-ietf-stir-passport-d… Peterson, Jon