[stir] Protocol Action: 'Enhanced JWT Claim Constraints for STIR Certificates' to Proposed Standard (draft-ietf-stir-enhance-rfc8226-04.txt)

The IESG <iesg-secretary@ietf.org> Wed, 14 July 2021 21:38 UTC

Return-Path: <iesg-secretary@ietf.org>
X-Original-To: stir@ietf.org
Delivered-To: stir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A73D83A0E9E; Wed, 14 Jul 2021 14:38:13 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: "IETF-Announce" <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 7.34.0
Auto-Submitted: auto-generated
Precedence: bulk
Cc: The IESG <iesg@ietf.org>, ben@nostrum.com, draft-ietf-stir-enhance-rfc8226@ietf.org, rfc-editor@rfc-editor.org, rjsparks@nostrum.com, stir-chairs@ietf.org, stir@ietf.org, superuser@gmail.com
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <162629869366.29653.2752253409897997425@ietfa.amsl.com>
Date: Wed, 14 Jul 2021 14:38:13 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/SIy_0K9OaW3R7zgNDGrN8Vq07vE>
Subject: [stir] Protocol Action: 'Enhanced JWT Claim Constraints for STIR Certificates' to Proposed Standard (draft-ietf-stir-enhance-rfc8226-04.txt)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jul 2021 21:38:23 -0000

The IESG has approved the following document:
- 'Enhanced JWT Claim Constraints for STIR Certificates'
  (draft-ietf-stir-enhance-rfc8226-04.txt) as Proposed Standard

This document is the product of the Secure Telephone Identity Revisited
Working Group.

The IESG contact persons are Murray Kucherawy and Francesca Palombini.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-stir-enhance-rfc8226/





Technical Summary

   RFC 8226 specifies the use of certificates for Secure Telephone
   Identity Credentials, and these certificates are often called "STIR
   Certificates".  RFC 8226 provides a certificate extension to
   constrain the JSON Web Token (JWT) claims that can be included in the
   Personal Assertion Token (PASSporT) as defined in RFC 8225.  If the
   PASSporT signer includes a JWT claim outside the constraint
   boundaries, then the PASSporT recipient will reject the entire
   PASSporT.  This document updates RFC 8226 to define an additional way
   that the JWT claims can be constrained.

Working Group Summary

The draft was generally well supported and non-controversial. A previous version of the draft also included an "exludeValues" option to indicate disallowed claim values. This option was removed after WGLC discussion suggested that it would be easily circumvented for claims with free-form values and not needed for claims with enumerated values. The removal resulted in a second WGLC.

No appeals or other friction are anticipated.

Document Quality

The author has implemented a a module for the open source pyasn1-modules library. The RFC that this updates is currently implemented in a number of voice carrier networks, and is in fact a regulatory requirement for US carriers as part of the FCC anti-robocalling initiative.
	
The one version or another was reviewed by several people, including the authors of RFC 8226 and your humble document shepherd. The removal of "excludeValues" resulted from list discussion triggered by WGLC comments. This change resulted in a second WGLC.
	
There has been no external expert review at the time of this report.

Personnel

  Ben Campbell is the document shepherd.
  Murray Kucherawy is the responsible Area Director.