Re: [stir] Minutes: STIR: IETF91 - stirring the pot
Richard Shockey <richard@shockey.us> Tue, 27 January 2015 03:42 UTC
Return-Path: <richard@shockey.us>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4AB21A1BBD for <stir@ietfa.amsl.com>; Mon, 26 Jan 2015 19:42:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.467
X-Spam-Level:
X-Spam-Status: No, score=-0.467 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, J_CHICKENPOX_111=0.6, J_CHICKENPOX_15=0.6, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pf5YdO0VhsxJ for <stir@ietfa.amsl.com>; Mon, 26 Jan 2015 19:42:41 -0800 (PST)
Received: from gproxy9-pub.mail.unifiedlayer.com (gproxy9-pub.mail.unifiedlayer.com [69.89.20.122]) by ietfa.amsl.com (Postfix) with SMTP id 0D81F1A1B99 for <stir@ietf.org>; Mon, 26 Jan 2015 19:42:40 -0800 (PST)
Received: (qmail 6901 invoked by uid 0); 27 Jan 2015 03:42:36 -0000
Received: from unknown (HELO cmgw3) (10.0.90.84) by gproxy9.mail.unifiedlayer.com with SMTP; 27 Jan 2015 03:42:36 -0000
Received: from box462.bluehost.com ([74.220.219.62]) by cmgw3 with id kriW1p00S1MNPNq01riZxj; Mon, 26 Jan 2015 20:42:36 -0700
X-Authority-Analysis: v=2.1 cv=BqwOn+n5 c=1 sm=1 tr=0 a=jTEj1adHphCQ5SwrTAOQMg==:117 a=jTEj1adHphCQ5SwrTAOQMg==:17 a=cNaOj0WVAAAA:8 a=f5113yIGAAAA:8 a=Fm5PWBbyStgA:10 a=8nJEP1OIZ-IA:10 a=8WrITzYgnNwA:10 a=HGEM6zKYvpEA:10 a=YNv0rlydsVwA:10 a=ll-iCDY8AAAA:8 a=M0OflfRGAAAA:8 a=48vgC7mUAAAA:8 a=Z80JlwQ0AAAA:8 a=XYeb9JL5MEjcw2vmtsYA:9 a=dfkV4rY-5gGSrYx9:21 a=6vk6-t-z4AvUIhCM:21 a=wPNLvfGTeEIA:10 a=ivbTfD_dPm4A:10 a=6fpOX-4qs7AA:10 a=BQYh4w-RC7EA:10
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=shockey.us; s=default; h=Content-transfer-encoding:Content-type:Mime-version:In-Reply-To:References:Message-ID:To:From:Subject:Date; bh=GsFcmfD10aYPBcVbOkj4h+pHLK9Gv/tQzpjCR1gKcdk=; b=KY4c76DoyJannwYnhR25c+wpRm6Rq2yxaA0YFXmPgehGKU2/yhXWgHirP5UYi7WsAnxCnP/TP/1R2uT+IHY5S+XtRbOO3fxaUbsY4MgRNuMiOtpbKRlpZ7yZ4S7FAiZG;
Received: from [108.56.131.201] (port=53049 helo=[192.168.1.4]) by box462.bluehost.com with esmtpa (Exim 4.82) (envelope-from <richard@shockey.us>) id 1YFx2s-0004tt-AU; Mon, 26 Jan 2015 20:42:30 -0700
User-Agent: Microsoft-MacOutlook/14.4.7.141117
Date: Mon, 26 Jan 2015 22:42:25 -0500
From: Richard Shockey <richard@shockey.us>
To: Henning Schulzrinne <Henning.Schulzrinne@fcc.gov>, Robert Sparks <rjsparks@nostrum.com>, "stir@ietf.org" <stir@ietf.org>
Message-ID: <D0EC72BF.1DB2C%richard@shockey.us>
Thread-Topic: [stir] Minutes: STIR: IETF91 - stirring the pot
References: <E6A16181E5FD2F46B962315BB05962D05BE0B103@fcc.gov>
In-Reply-To: <E6A16181E5FD2F46B962315BB05962D05BE0B103@fcc.gov>
Mime-version: 1.0
Content-type: text/plain; charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable
X-Identified-User: {3286:box462.bluehost.com:shockeyu:shockey.us} {sentby:smtp auth 108.56.131.201 authed with richard+shockey.us}
Archived-At: <http://mailarchive.ietf.org/arch/msg/stir/S5CsrUgjGAt5JqH5QD8FbxB1oQU>
Subject: Re: [stir] Minutes: STIR: IETF91 - stirring the pot
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jan 2015 03:42:45 -0000
Yes please. Is anyone willing to discuss the structure of the 509 or the CRL for instance? Don¹t worry about the distribution mechanism. That is being discussed in other forums. Richard Shockey Shockey Consulting LLC Chairman of the Board SIP Forum www.shockey.us Www.sipforum.org richard<at>shockey.us Skype-Linkedin-Facebook rshockey101 PSTN +1 703-593-2683 On 1/26/15, 10:20 PM, "Henning Schulzrinne" <Henning.Schulzrinne@fcc.gov> wrote: >The last frozen turkey left-over have hopefully been consumed, but it's >gotten awfully quiet on the list. The minutes below identify a number of >list discussion issues. Anybody care to kick off a new round? > >________________________________________ >From: stir [stir-bounces@ietf.org] on behalf of Robert Sparks >[rjsparks@nostrum.com] >Sent: Tuesday, November 25, 2014 11:06 AM >To: stir@ietf.org >Subject: [stir] Minutes: STIR: IETF91 > >Please send any necessary corrections to the chairs. >The proceeding submission cutoffs are 5-Dec for draft and 26-Dec for >corrections. >------------- >Minutes : STIR : IETF 91 : 11-Nov-2014 > >Key Points and Action Items: > >ITU Liaison Statements: > >* Richard Barnes will drive creation and review of responses to > the two statements from ITU-T SG 17 > >draft-ietf-stir-rfc4474bis: > >* Discussion supported the need to speak about multiple fingerprints. > The next revision of 4474bis will propose a mechanism > >* The broad latitude for local policy in canonicalization will be > preserved, and reasoning behind leaving this latitude will be > explained in the text. > >* Discussion supported including To: in the canon parameter. > >* Discussion supported accepting that given the protection of the > fingerprint, gatewaying through other protocols (at least those > that are not using DTLS-SRTP) is very likely to fail. No additional > work will occur in 4474bis around gatewaying other than to ensure > this consequence is clearly documented. > >* Discussion converged on recommending a one-minute threshold for > inspecting Date header fields for staleness. > >* Compliance examples would be useful - Robert Sparks and Cullen > Jennings will investigate whether prior work on tools generating > 4474 examples can help > >* While some editorial work is expected in addition to the points above, > the draft is essentially complete, and the next version will likely > be ready for WGLC. > >draft-ietf-stir-certificates: > >* Discussion supported moving forward with a baseline mechanism for > retreiving credentials by dereferencing the Identity-Info URI. The > mechanic should support credential caching (including invalidation). > >* Discussion supported exploring an indirection mechanism for > determinining what set of numbers a certificate is currently > covered by a certificate. The chairs and ADs will discuss > how to structure this work. > >* Discussion of what should be telegraphed through the certificate's > subject name was inconclusive and will continue on list. > >Checkpoint: out-of-band: > >* It is likely the certificates being defined for the in-band > solution will be reusable for out-of-band. Please keep > out-of-band in mind as the work progresses. > >Details (based on notes from Peter Yee): > >Cullen Jennings says that the Cisco may have some IPR >draft-ietf-stir-rfc4474bis. He's working with Cisco legal to make that >determination and will let the WG know as soon as possible. > >***** ITU Liaison Statements: (Jon Peterson) > >2 liaisons received. ITU-T SG 17 (Security) indicates that voice spam >may have >a solution in draft Recommendation ITU-T X.ticvs. This is done by >analyzing >SS7 data and blocking calls within the network. There are privacy >concerns >over the methods used to combat voice spam. A reply to liaison is due >by the >end of the March. The IETF solution to voice spam is more VOIP focused, >so >there may be no clash between the two solutions. A volunteer is needed to >write the response. > > >The other liaison also from SG 17, but it VoIP oriented (via VoLTE). An >IMS-based server hanging off the IMS core would make determinations of >whether >to pass calls based on their determination of the spaminess of a call. >They >are interested in hearing from the IETF for feedback and information on >what we >are doing in this space. This liaison seems more like a request for >info than >the previous one which seemed more defensive. > > >Keith Drage: Calling out IMS is a red herring. You don't need to know >anything >about IMS to respond. It's just a centralized server accessed via SIP. >Peterson notes that the accompanying picture does show a lot of IMS >infrastructure and seems specific to IMS. Drage reiterates that you >shouldn't >need to know anything about IMS to answer the liaison. The IMS Core >doesn't >really matter. 3GPP has discussed something similar to the question in >the >second liaison, but their new study item is more closely related to STIR. > > >Richard Barnes: summary: don't see a lot of conflict, they seem to cover >separate domains, STIR's work would cover both cases. Barnes accepted >the pen >for writing the responses, although he kept the right to pass the pen on >to >others. > >***** RFC4474bis: (Jon Peterson) > >Jon Peterson: rfc4474bis-02: Work is separated into two buckets: 1) >signaling >(what is signed, how signing/verification works, canonicalization) and >credentials (how signers enroll, how verifiers acquire credentials, how to >determine the authority of a credential for a identity). This draft >deals with >signaling. Since the -01 draft, changes are: 1) added mandatory >signature over >a=fingerprint; 2) integrated "canon"; 3) split the references; 4) filled >in >IANA Considerations; 5) added pointers to the STIR problem statement and >threats. > >For 1) generally there isn't a problem with using multiple certificates > it's >a corner case. Jennings suggests sorting the fingerprints by value and >dropping them in. We need to make sure the case is covered, but more >consideration is needed. Is something more beyond media security needed >to >address baiting attacks? Robert Sparks thinks Peterson's text on the >issue is >fine. > >On the "canon" issue: a) Is the latitude for local policy too broad? If >it is >too broad, it's harder for the far side to successfully generate the >value. >"canon" is only used with From. Should it cover To? Perhaps not. Example >given is that a toll-free number ends up translated to a different >destination >URL than the number dialed. Since the auth service can munge the To/From >headers before signing, text has been added to make this possibility >clear. Is >there a narrower constraint that can be added to delimit the scope of the >further transformations that are applied to the To/From fields and the >repercussion of those transformations how far can transformations be >taken >before the recipient is unable to recreate the canonical values. There's a >real problem with cut-and-pasting of packet headers to spoof calls. Brian >Rosen: "canon" is not part of the signature. So you can't use it to >determine >the origin of the call. Peterson: the recipient canonicalizes the To >field and >compares it with the To field in "canon". If they match, then it's >probably >worth processing the call. Otherwise, perhaps not. > > >On the gateway issue, what about tunneling cryptographic signatures across >non-SIP protocols. Protocols such as XMPP, SS7 UUI, etc. Rosen >(channeling >Hadriel Kaplan) a=fingerprint will not work through gateways, so don't >bother >trying. Other data could work through a gateway and would have meaning to >other protocols. Martin Dolly: gatewaying shouldn't be done. With AT&T >and >Verizon doing VoLTE interop, there's much less call for gatewaying. >Peterson >will not continue working on gateway for the draft, other than to >document (or >verify that the existing text documents) that all but the simplest of >gateway >scenarios will likely cause failures. > > >Path forward: > >1) the Date threshold text is inconsistent for what the cut-off is. 1 >hour is >far too generous. Input is requested on the duration that provides >suitable >security without requiring ultra precise synchronization. Brian Rosen >thinks a >minute would be a suitable value. The draft should have a >recommendation and >explanation of that value, but it shouldn't be a hard requirement >because some >unusual scenarios might take several sigmas more time than the usual >case. The >group consensus is that a minute should be fine as the default value when >no >other value has been determined by the use case. > >2) Are compliance examples merited? It seems like they are genuinely >useful to >get the draft right. > >3) The major stuff is in place. Any cruft remaining that should be >excised? >Any objection to going to WGLC with the next draft? > > >***** Certificates: (Jon Peterson) > >Jon Peterson: STIR Certificate Credentials: the draft is now a working >group >item for a certificate-based STIR credential system. Covers telephone >numbers >and number ranges with some new attributes. Defines ways to obtain these >certificates. But it uses certs differently from X.509 PKIs. Enrollment >can >be done through 1) direct assignment (from an authority or provider, >which is >the traditional model), delegation from above (from intermediate holders >of >numbers), and 3) proof of possession (demonstrated ability to use the >number >"proves" it's yours; Cullen Jennings will present on this topic later). >Do we >need to have different levels of assurance for the different enrollment >schemes >and the resulting credentials? It should be made clear that signing can >be >done by endpoints or (more likely) intermediaries. Credential >verification can >be done an intermediary or endpoint as well. > >Question: how does a verifier find a credential? Given an incoming >call, what >does the verifier need in order to retrieve a credential from a >certificate >store? Peterson suggests using the Identity-Info URI to provide the >disambiguating information that allows for a certificate retrieval. Sean >Turner says a lookup pointer is mandatory. This particular one seems >fine. >Rosen: I thought this was a hint, not the answer. Peterson: the >original 4474 >does say this is a hint. Rosen: what about going to the logical >authority and >asking for all of the certificates assigned to a number. That's not >likely to >be a large number. Russ Housley: this doesn't work in the delegated >certificate issuing model. Rosen: a delegator should cause the >certificate to >be issued by the logical authority. Housley: it's unlikely that we're >going to >see a single certificate issuer. Delegated issuance is pretty certain. >Rosen: >remember, we had the logical authority to prevent long, >difficult-to-handle >chains of trust. Credential caching is migrating to the credential >specification rather than being in the RFC4474bis. > >Question: should the Identity-Info contain a lightweight credential hash >to >allow verifiers to know they already have the relevant credential. >Jennings: a >serial number suffices for this need. Turner: Agreed. That way you >don't have >to worry about picking among hashing algorithms. Peterson: there are >options >for how the hash is represented in the URI. Rosen thinks that the URI >should >change with the certificate. Peterson feels that a single URI with a >changing >hash attribute would be helpful for cleaning up the cache. Otherwise, >stale >URIs are cached with no way direct way to find and remove them. For >credential >acquisition protocols, there are (too) many methods: >push/pull/prefetch/others. >Do we need a mandatory-to-implement method such as dereferencing the >Identity-Info URI? Rosen: I'm leaning that way. We want to document >push, >make Identity-Info URI mandatory, and have a bulk/go-to-the-source method >available as well. Peterson: why isn't there a notification system to >alert an >entity when a new credential is available? Housley: historical >perspective: >way back when, LDAP was believed to be on a trajectory to be available >ubiquitously as a way to find certificates. Peterson: do we take >prefetch off >the table? Or do we actually run with it? Jennings: we should talk to >the >Security Area and ask them for a way to do it. SIP SUBSCRIBE is >probably not >the right way to do it. Peterson: I could add web push. Turner: I do >have an >extension to EST that allows for pulling down other certificates. Rosen: I >really want to have a simple web service where I supply a phone number >and get >all the assigned certificates in response. Consensus to go with >Identity-Info >URI as the MTI. HTTPS will be used for confidentiality, primarily, not >integrity. > >Another open issue: how to handle ranges. STIR certificates can >have handle many numbers in it. A major carrier might have a single >certificate that can sign for any of their numbers. Delegation might >split an >authorities range of numbers over multiple sub-authorities. Adam Roach: >how is >number portability handled? Numbers can be moved to new authorities >with ease, >but that would lead to constantly changing certificates, especially if a >certificate covers a large range. If putting the number or number range >in the >certificate is problematic, how about putting a pointer (URL) into the >certificate that points to the list of numbers. Or perhaps the URL >points to a >service that can answer whether the number is covered by the certificate. >Peterson: please give me input on these ideas. He doesn't feel, given the >threat model, that a CA would be unwilling to sign a certificate that >points to >a non-signed list of numbers. Rosen: if you have a cert, you need to do >cert >validation, and you could use something like OCSP with extensions to >check both >the validity of the cert and the validity of the cert for a particular >number. >Barnes: are lists meant to solve a bloat problem or some other problem. >And it >would be a good idea to make sure the certificate/number binding >validator is >actually correlated with the provider. Jennings: the churn on a >certificate >depends on how many numbers are covered by a certificate. Knowing the >optimal >number for entries covered by a certificate would be really useful to >know in >order to reduce churn without having a massive number of small-range >certificates. This also seems to point to using the by-reference >approach as a >solution. Rosen: a simple OCSP extension seems like it would be do the >trick >with ease. Peterson: I hope this would be palatable to others; I like the >idea. Barnes: in the WebPKI, OCSP is not very popular at the moment due >to the >latency it adds. A new charter item for this scheme seems reasonable. >And >there are optimizations that can be done to reduce latency. > >Last issue: should certificates be public or confidential. The subject >name is >the attribute in question, giving the ability to assemble of list of >numbers >that are affiliated with which provider. We need feedback from the >operator >community to know if they care about this issue. Martin Dolly (AT&T): we >do >see some value in the terminating carrier being able to display a >message that >says "verified by <originating carrier>". There is some information we >would >want to protect from our competitors, but it's not a problem. Barnes: >from the >RPKI, subject names are not meaningful. There's also the PKIX subject >information access attribute that can be used as well. Housley: >consider the >overlap between the RPKI and WHOIS as a useful example. Jennings: I >question >whether confidentiality is really an issue. > > >***** Out-of-Band: (Cullen Jennings) (This discussion was pressed for >time) > >Cullen Jennings: trying to revive the out-of-band signaling case. (It was >originally agreed to work on the in-band case first). In the >out-of-band case, >the security data is sent to a CRS (Call Recording Service) while the >actual >call is cleanly passed over a network that doesn't handle in-band >signaling. >The receiving entity talks to a proxy that verifies the calling identity >via >the CRS. There are 3 pieces of work to be done in specifying out-of-band >certificate usage: Proof-of-possession enrollment, proof-of-possession >acquisition, and out-of-band certificate discovery. Let's pay attention >to >out-of-band requirements while we are working on in-band certificate >support. >It's not clear that in-band and out-of-band certificates are the same. >They >might be. > >_______________________________________________ >stir mailing list >stir@ietf.org >https://www.ietf.org/mailman/listinfo/stir > >_______________________________________________ >stir mailing list >stir@ietf.org >https://www.ietf.org/mailman/listinfo/stir
- Re: [stir] Minutes: STIR: IETF91 - stirring the p… Henning Schulzrinne
- Re: [stir] Minutes: STIR: IETF91 - stirring the p… Richard Shockey
- Re: [stir] Minutes: STIR: IETF91 - stirring the p… Peterson, Jon