Re: [stir] Ben Campbell's Discuss on draft-ietf-stir-rph-03: (with DISCUSS and COMMENT)

Ben Campbell <ben@nostrum.com> Thu, 19 April 2018 09:47 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C163E12D82F; Thu, 19 Apr 2018 02:47:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.867
X-Spam-Level:
X-Spam-Status: No, score=-1.867 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PAdDJCh9i7Es; Thu, 19 Apr 2018 02:47:00 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E1A6127058; Thu, 19 Apr 2018 02:47:00 -0700 (PDT)
Received: from [10.0.2.111] (ip-32-232-239-173.texas.us.northamericancoax.com [173.239.232.32]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id w3J9kpZH014774 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 19 Apr 2018 04:46:53 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host ip-32-232-239-173.texas.us.northamericancoax.com [173.239.232.32] claimed to be [10.0.2.111]
Content-Type: multipart/alternative; boundary=Apple-Mail-A5FC2A1D-B1C1-4DC5-833C-7C383A436734
Mime-Version: 1.0 (1.0)
From: Ben Campbell <ben@nostrum.com>
X-Mailer: iPad Mail (15E216)
In-Reply-To: <CAFb8J8o=TKvvEkzuBP1QZuQ5wKpKmooScKdRXSOQxp7WbND0vA@mail.gmail.com>
Date: Thu, 19 Apr 2018 11:46:51 +0200
Cc: IETF STIR Mail List <stir@ietf.org>, rhousley@vigilsec.com, The IESG <iesg@ietf.org>, draft-ietf-stir-rph@ietf.org, STIR Chairs <stir-chairs@ietf.org>
Content-Transfer-Encoding: 7bit
Message-Id: <5716BD0B-CF7B-46BF-87A4-0C33E4EDE553@nostrum.com>
References: <152393202955.26114.3853075658304497317.idtracker@ietfa.amsl.com> <CAFb8J8o=TKvvEkzuBP1QZuQ5wKpKmooScKdRXSOQxp7WbND0vA@mail.gmail.com>
To: Subir Das <subirdas21@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/Twq_QGxB6BNjvM0qmhjFEgzDWW4>
Subject: Re: [stir] Ben Campbell's Discuss on draft-ietf-stir-rph-03: (with DISCUSS and COMMENT)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Apr 2018 09:47:09 -0000


> On Apr 18, 2018, at 4:04 PM, Subir Das <subirdas21@gmail.com>; wrote:
> 
> Hello Ben,
> Thanks for your review and comments. Please see the answers inline.
>  
> Regards,
> _Subir
>  
> -----Original Message-----
> From: Ben Campbell <ben@nostrum.com>; 
> Sent: Monday, April 16, 2018 10:27 PM
> To: The IESG <iesg@ietf.org>;
> Cc: draft-ietf-stir-rph@ietf.org; Russ Housley <rhousley@vigilsec.com>;; stir-chairs@ietf.org; rhousley@vigilsec.com; stir@ietf.org
> Subject: Ben Campbell's Discuss on draft-ietf-stir-rph-03: (with DISCUSS and COMMENT)
>  
> Ben Campbell has entered the following ballot position for
> draft-ietf-stir-rph-03: Discuss
>  
> When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)
>  
>  
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>  
>  
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-stir-rph/
>  
>  
>  
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
>  
> Thanks for this work. I plan to ballot "yes", but I have a couple of points I think need to be discussed first.
> 
> SD> Appreciate it. 
>  
> §4.2: " If the signature validation fails, the verification service should infer
>    that the calling party is not authorized for ’Resource-Priority’ as
>    indicated in the claim.  In such cases, the priority treatment for
>    the associated communication service is handled as per the local
>    policy."
>  
> I suspect there will be deployments where the node making these local policy decisions is downstream from the verifier. How do they know RPH verification failed? Should the verifier strip resource priority header fields for which validation failed?
>  
> SD> We will clarify the last sentence of the paragraph as follows:
>  
> “In such cases, the priority treatment for the associated communication service is handled as per the local policy of the verifier (e..g., the RPH may be  stripped and call can be treated as an ordinary call)."

Can you envision a case where it would make sense to leave RPH verifiers where verification has failed? That seems like a dangerous practice worthy of at least a SHOULD NOT.

>  
> §7.2:
>    o  The verification of the signature MUST include means of verifying
>       that the signer is authoritative for the signed content of the
>       resource priority namespace in the PASSporT."
>  
> I gather the intent is to leave that means to local policy, or to be specified elsewhere. I think that's a problem from an interoperability standpoint. The verifier needs a way to know whether the authorizer is authoritative for the RPH. If we want authorizers and verifiers from different vendors to be able to interoperate, it seems like at least some mechanism needs to be standardized and possibly MTI.
>  
> SD> Yes, you are correct that the end-to-end architecture is specified outside of IETF. This is currently done in ATIS where the verifier can verify the authorizer’s  certificate even if they are from different providers.

Is it the intent that this extension only be used with the ATIS framework? If so, some scoping language early in the document would be helpful.

>  
>  
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>  
> General: It's probably worth updating the references to 4474bis and passport to their respective RFCs.
>  
> SD> Will update.
>  
> §3, 4th paragraph: The imbedding of ABNF in the middle of a paragraph is difficult to read. It would be helpful to separate that from the surrounding text in the conventional fashion.
>  
> SD> How about the following?
>  
> "The "rph" claim will provide an assertion of authorization, "auth", for information in the SIP ’Resource-Priority’ header field based on [RFC4412] and the syntax is:
>  
> Resource-Priority = "Resource-Priority": r-value
> r-value= "namespace  "."  r-priority
>  
> Specifically, the "rph" claim includes assertion of the priority-level of the user to be used for a given communication session. The value of the "rph" claim is an Object with one or more keys. Each key is associated with a JSON Array. These arrays contain Strings that correspond to the ‘r-values’ values indicated in the SIP ’Resource-Priority’ header field."

Works for me.

>  
> §3, 5th paragraph and throughout: The repeated use of "r-value ="namespace "."
> priority value" is hard to read. Please consider giving that parameter construct a name, and using the name throughout.
>  
> SD> How about the following?
>  
> “The following is an example "rph" claim for a SIP ’Resource-Priority’ header field with an r-value of "ets.0" and with another r-value  of "wps.0".

Works for me.

>  
> Note: Will change the rest accordingly.
>  
> §3, 7th paragraph: "The authority MUST use its credentials (i.e., CERT)"
> Does "CERT" mean "Certificate"? I assume it's not "Computer Emergency Response Team".
>  
> SD> Yes CERT implies Certificate. We will change it to 'Certificate'
>  
> §4.1 : A SIP authentication service typically will derive the value of "rph"
>    from the ’Resource-Priority’ header field based on policy associated
>    with service specific use of the "namespace "." priority value" for
>    r-values based on [RFC4412].:
> "Typically" usually implies "Most but not all of the time". Is that the intent?
>  
>  
> SD> No that is not the intent. Will delete ‘typically”. The sentence will read :
>  
> SD> “A SIP authentication service will derive the value of "rph" from the ’Resource-Priority’ header field based on policy associated with service specific use of the "namespace "." r-priority  " for r-values based on [RFC4412]. “
>  
> §4.2, last paragraph: Am I correct to guess that this is talking about valid claims?
>  
> SD> This statement is valid for both valid and invalid claims. The policy will determine how claim will be treated.

I don’t understand what that means for invalid claims. Are you saying that local policy could mean you use an invalid claim anyway? If so, why bother verifying it?

>  
> 
> 
>> On Mon, Apr 16, 2018 at 10:27 PM, Ben Campbell <ben@nostrum.com>; wrote:
>> Ben Campbell has entered the following ballot position for
>> draft-ietf-stir-rph-03: Discuss
>> 
>> When responding, please keep the subject line intact and reply to all
>> email addresses included in the To and CC lines. (Feel free to cut this
>> introductory paragraph, however.)
>> 
>> 
>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
>> for more information about IESG DISCUSS and COMMENT positions.
>> 
>> 
>> The document, along with other ballot positions, can be found here:
>> https://datatracker.ietf.org/doc/draft-ietf-stir-rph/
>> 
>> 
>> 
>> ----------------------------------------------------------------------
>> DISCUSS:
>> ----------------------------------------------------------------------
>> 
>> Thanks for this work. I plan to ballot "yes", but I have a couple of points I
>> think need to be discussed first.
>> 
>> §4.2: " If the signature validation fails, the verification service should infer
>>    that the calling party is not authorized for ’Resource-Priority’ as
>>    indicated in the claim.  In such cases, the priority treatment for
>>    the associated communication service is handled as per the local
>>    policy."
>> 
>> I suspect there will be deployments where the node making these local policy
>> decisions is downstream from the verifier. How do they know RPH verification
>> failed? Should the verifier strip resource priority header fields for which
>> validation failed?
>> 
>> §7.2:
>>    o  The verification of the signature MUST include means of verifying
>>       that the signer is authoritative for the signed content of the
>>       resource priority namespace in the PASSporT."
>> 
>> I gather the intent is to leave that means to local policy, or to be specified
>> elsewhere. I think that's a problem from an interoperability standpoint.. The
>> verifier needs a way to know whether the authorizer is authoritative for the
>> RPH. If we want authorizers and verifiers from different vendors to be able to
>> interoperate, it seems like at least some mechanism needs to be standardized
>> and possibly MTI.
>> 
>> 
>> ----------------------------------------------------------------------
>> COMMENT:
>> ----------------------------------------------------------------------
>> 
>> General: It's probably worth updating the references to 4474bis and passport to
>> their respective RFCs.
>> 
>> §3, 4th paragraph: The imbedding of ABNF in the middle of a paragraph is
>> difficult to read. It would be helpful to separate that from the surrounding
>> text in the conventional fashion.
>> 
>> §3, 5th paragraph and throughout: The repeated use of "r-value ="namespace "."
>> priority value" is hard to read. Please consider giving that parameter
>> construct a name, and using the name throughout.
>> 
>> §3, 7th paragraph: "The authority MUST use its credentials (i.e., CERT)"
>> Does "CERT" mean "Certificate"? I assume it's not "Computer Emergency Response
>> Team".
>> 
>> §4.1 : A SIP authentication service typically will derive the value of "rph"
>>    from the ’Resource-Priority’ header field based on policy associated
>>    with service specific use of the "namespace "." priority value" for
>>    r-values based on [RFC4412].:
>> "Typically" usually implies "Most but not all of the time". Is that the intent?
>> 
>> §4.2, last paragraph: Am I correct to guess that this is talking about valid
>> claims?
>> 
>> 
>> _______________________________________________
>> stir mailing list
>> stir@ietf.org
>> https://www.ietf.org/mailman/listinfo/stir
>