[stir] Interop related topics for STIR

Roman Shpount <roman@telurix.com> Tue, 13 July 2021 18:41 UTC

Return-Path: <roman@telurix.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 24A8F3A0958 for <stir@ietfa.amsl.com>; Tue, 13 Jul 2021 11:41:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=telurix.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 771AhKJ8ecoo for <stir@ietfa.amsl.com>; Tue, 13 Jul 2021 11:41:24 -0700 (PDT)
Received: from mail-qv1-xf2e.google.com (mail-qv1-xf2e.google.com [IPv6:2607:f8b0:4864:20::f2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC2DA3A095C for <stir@ietf.org>; Tue, 13 Jul 2021 11:41:24 -0700 (PDT)
Received: by mail-qv1-xf2e.google.com with SMTP id h18so10889561qve.1 for <stir@ietf.org>; Tue, 13 Jul 2021 11:41:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kTyillKrBGGRRw5kfCE8a9QFDBLCtpZpUZqTksep77I=; b=GF4jkeRCc+ORN4GKhbEVvBQzjauiZegYCJr+xueb2ps5w7EmTCGaHQSD7t+0DvNSin apmHz8hYCe2xYVFuT/zYrYoeraTKn6PM8FTATINzZh7xYY2PgJyNTyQam4Ua3liR+XkU cAbZ3A7/1DNdsLhKlsAK7spEhg4fq4c3V5u7w=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kTyillKrBGGRRw5kfCE8a9QFDBLCtpZpUZqTksep77I=; b=pAhz41tViZOZoflXqoUYNDFHwm4iZ/RPU3p98Y8PQiPJPDDYc6e13PbzwXOoKTdKjy OOT7HC/a9ruSH9URsKYy4yfp2H8k5B7qBEg4P3w82X7yc009CZlXd4Ks06ykLPJ3Z+VV RJQDDhgi5bL5TkYYPk0IDDpFS0rNofRkDtmi/xmARr0WTYJ24qnCsnutC/XvkXiYEXqI HDxvkKFc+oE+WDZ8WHdlYckeY6UKitNQKFqZLsYNQogte9FVMUh2PXQ7e+0wPvKQlS6x FVCwqJFNOChLa+AJCbRUQU9//U0Yy4sNPlsCBLW6MUOAWDC1APev2V+Qe/Gk9DT//FFU g1UA==
X-Gm-Message-State: AOAM530sNyjDmeB1LTKD38mIiUm3/PWYOgZT5H6dTg+iYv+GNjS0bTFh A6sjJkbL0xruGaVj6AFTV5b4McCT7i2ULg==
X-Google-Smtp-Source: ABdhPJyxwDgfg/7BlO/w3PovhK8VCy7WxwAAXy2ctmkBt9toQAWl4AckNr1JQW9R38VGRm8sT5Km6A==
X-Received: by 2002:a05:6214:13c8:: with SMTP id cg8mr6341442qvb.23.1626201682452; Tue, 13 Jul 2021 11:41:22 -0700 (PDT)
Received: from mail-yb1-f181.google.com (mail-yb1-f181.google.com. []) by smtp.gmail.com with ESMTPSA id d24sm8324281qkk.61.2021. for <stir@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 13 Jul 2021 11:41:21 -0700 (PDT)
Received: by mail-yb1-f181.google.com with SMTP id p22so36464240yba.7 for <stir@ietf.org>; Tue, 13 Jul 2021 11:41:21 -0700 (PDT)
X-Received: by 2002:a25:487:: with SMTP id 129mr7855266ybe.0.1626201681017; Tue, 13 Jul 2021 11:41:21 -0700 (PDT)
MIME-Version: 1.0
References: <2C876D56-5E92-462F-890D-383076B91233@vigilsec.com> <CAD5OKxtE=W=wg8FDOC=yOqB6cHEAf5hoLWArvs6ysoeaWsxZMQ@mail.gmail.com> <8C2E746A-2B02-44CD-99F0-CA55C4051818@vigilsec.com>
In-Reply-To: <8C2E746A-2B02-44CD-99F0-CA55C4051818@vigilsec.com>
From: Roman Shpount <roman@telurix.com>
Date: Tue, 13 Jul 2021 14:41:09 -0400
X-Gmail-Original-Message-ID: <CAD5OKxsQ+WO6zPcF49_DZV+DdxuNZJbSVWJtaRCTUqHAf2t80g@mail.gmail.com>
Message-ID: <CAD5OKxsQ+WO6zPcF49_DZV+DdxuNZJbSVWJtaRCTUqHAf2t80g@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: IETF STIR Mail List <stir@ietf.org>, Richard Shockey <richard@shockey.us>
Content-Type: multipart/alternative; boundary="00000000000087c18705c705953f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/U_07RXoB0aougilh4I5TcwEtt5w>
Subject: [stir] Interop related topics for STIR
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jul 2021 18:41:30 -0000

I am moving this into a new thread.

So far the following RFC8224 issues were identified:

1. Errata regarding quotes in ppt value (Errata ID: 6519). Need to verify
that both ppt values with and without quotes are supported when Identity
header is received

2. Date header is required. It should probably be optional since the
information there is redundant when the Full-Form PASSportT is used.
Several known implementations omit it.

3. Should it be possible to omit ident-info and ident-info-params when the
Full-Form PASSportT is used? All implementations I have seen include it,
but there are occasional mismatches.

4. When SIP message is over 1300 bytes, the request MUST be sent using a
congestion-controlled transport protocol such as TCP (
https://datatracker.ietf.org/doc/html/rfc3261#section-18.1.1). Considering
that the Identity header is typically around 1000 bytes, this requires all
networks to start using reliable protocols which is not currently the case.
There is a way to work around this for the private links where MTU is under
vendor control, but for links over the public internet, this needs to be
clearly stated and tested.

5. I do not think RFC8226 reflects the actual practices for STIR

We should also consider an informational document with STIR Torture test
messages as well as BCP.
Roman Shpount

On Tue, Jul 13, 2021 at 1:57 PM Russ Housley <housley@vigilsec.com> wrote:

> I think that a SIPIT would be a very good thing, but that is not and IRTF
> activity.  That said, I would be very happy to use this list to know about
> a SIPIT once it is organized.
> Are there other interoperability or ops-orient topics about STIR that
> needed to be discussed?  If so, please start a thread.