IETF Logo Mail Archive

Re: [stir] "iat" value to use during PASSPorT construction

"Asveren, Tolga" <tasveren@rbbn.com> Fri, 18 May 2018 07:28 UTC

Return-Path: <tasveren@rbbn.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D111A127369 for <stir@ietfa.amsl.com>; Fri, 18 May 2018 00:28:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.09
X-Spam-Level:
X-Spam-Status: No, score=-4.09 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=sonusnetworks.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nJH3oq61pid0 for <stir@ietfa.amsl.com>; Fri, 18 May 2018 00:28:19 -0700 (PDT)
Received: from us-smtp-delivery-181.mimecast.com (us-smtp-delivery-181.mimecast.com [63.128.21.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52614127275 for <stir@ietf.org>; Fri, 18 May 2018 00:28:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=SonusNetworks.onmicrosoft.com; s=selector1-rbbn-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VVxE1J6MxXC22TVLXDn7tQQsa2XPiULB62Vdp60IiHM=; b=oA3QxoANGxSkzFDuLdb9PysBjaWm6hcoWzsb/CzZSsYJGOsDcnVhIFwBetPkEUOrUlRieXwXrAtZ3ewIKAe+QVKu0TYqCTRMYZlrLVCoE1VmeH7ZOMyDTLtcZu2uGMtR4GSVGeSeBlM/LdDOVa1rFJqaMNZsAN2eVGzS9RTSFww=
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03lp0021.outbound.protection.outlook.com [207.46.163.21]) (Using TLS) by us-smtp-1.mimecast.com with ESMTP id us-mta-72-SgqXoGEZNxGngA3nbnG0xg-1; Fri, 18 May 2018 03:28:16 -0400
Received: from CY4PR03MB3160.namprd03.prod.outlook.com (10.171.245.165) by CY4PR03MB2550.namprd03.prod.outlook.com (10.173.41.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.776.11; Fri, 18 May 2018 07:28:14 +0000
Received: from CY4PR03MB3160.namprd03.prod.outlook.com ([fe80::35a6:a73e:b07:b27c]) by CY4PR03MB3160.namprd03.prod.outlook.com ([fe80::35a6:a73e:b07:b27c%13]) with mapi id 15.20.0755.019; Fri, 18 May 2018 07:28:14 +0000
From: "Asveren, Tolga" <tasveren@rbbn.com>
To: Chris Wendt <chris-ietf@chriswendt.net>
CC: "stir@ietf.org" <stir@ietf.org>
Thread-Topic: [stir] "iat" value to use during PASSPorT construction
Thread-Index: AdPrT9q/oUbx39SISTyhzIa9uuwWlAAQE5EAADhxihAAaGriwAAJMxwAAAyX1eA=
Date: Fri, 18 May 2018 07:28:14 +0000
Message-ID: <CY4PR03MB3160A4E6A164995E2903286EA5900@CY4PR03MB3160.namprd03.prod.outlook.com>
References: <CY4PR03MB3160EE4F4502CCF974B070CFA59C0@CY4PR03MB3160.namprd03.prod.outlook.com> <05192EB8-97F5-4AF5-B415-1A9ECB6514B9@chriswendt.net> <CY4PR03MB316056821A803CC7FF80505AA5930@CY4PR03MB3160.namprd03.prod.outlook.com> <CY4PR03MB3160BF48B904086AEDD5C933A5910@CY4PR03MB3160.namprd03.prod.outlook.com> <68AF4FFB-083B-4361-BB9C-EACC739EE947@chriswendt.net>
In-Reply-To: <68AF4FFB-083B-4361-BB9C-EACC739EE947@chriswendt.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [73.29.251.142]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR03MB2550; 7:yz8tpR0Wz/Xf7BAGLdzsSSwdtOM0F4kLCh3vOigioRERctL570Pn/mYkvNenJqS8duGcO7f68PoW+vIP5u4D7nQxYlibfuDuXl2KNsPKcPc1y6cHPckMlmjN0P1NODU3d6hnGgzMr9MvLW90Ga0B7n7vQ41L83WIJAXYD8awzjPO4na3qxonKDSyErorL1QWcV+VF8rQoFYPDKDOvmetXz7Srmkq0FDanMujtWFwv76hTFQynHpergYiYCKrSPUF; 20:8eYUFpwZEBw3iyFFMAYYdQdlbz1aStSC6rlyLCffJx606ipdTQ7p0KW9PgQbUflXtV8fUIdNcNEQqvHLe+R6yFXbrsR9xSsABFlrSGEqZLwKfquz1oxmTqmC6tbUzz7eLUDlGxP/B8dqsjdhVIBn//CWeHm+lIaE5m8I2hKhDd0=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:CY4PR03MB2550;
x-ms-traffictypediagnostic: CY4PR03MB2550:
x-microsoft-antispam-prvs: <CY4PR03MB2550C94B13DE40D209A1D709A5900@CY4PR03MB2550.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(192374486261705)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231254)(944501410)(52105095)(3002001)(10201501046)(93006095)(93001095)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123562045)(20161123558120)(20161123560045)(6072148)(201708071742011)(7699016); SRVR:CY4PR03MB2550; BCL:0; PCL:0; RULEID:; SRVR:CY4PR03MB2550;
x-forefront-prvs: 0676F530A9
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(39860400002)(366004)(376002)(39380400002)(396003)(189003)(199004)(25786009)(6436002)(6506007)(99286004)(81166006)(106356001)(81156014)(2900100001)(76176011)(3280700002)(97736004)(6916009)(53546011)(186003)(7696005)(7736002)(8936002)(8676002)(4326008)(105586002)(19609705001)(93886005)(66066001)(54896002)(6306002)(236005)(6246003)(316002)(229853002)(68736007)(86362001)(478600001)(5250100002)(2906002)(55016002)(53936002)(9686003)(446003)(486006)(26005)(3846002)(33656002)(11346002)(5660300001)(74316002)(6116002)(14454004)(102836004)(966005)(790700001)(606006)(476003)(59450400001)(3660700001); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR03MB2550; H:CY4PR03MB3160.namprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
x-microsoft-antispam-message-info: AxaJKVGmsAHt4vA94+AB7xUwY7piMbKzDmPxamx7Co3PK9dGZERJV9JI4osIoGuiDt8vVQze3HopsinTxWrN5DCBMl9f0o75VQR/92OS4Sp4tzVRkferVIFpamwgc3S9FJtKkUjSp1ZSk16n2HavNthPs1Q8ob/f0U4WDZpoGo1BKwyI7oKfQGb7T5fgXHba
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 665143f1-a07f-4d5b-1315-08d5bc90eb03
X-OriginatorOrg: rbbn.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 665143f1-a07f-4d5b-1315-08d5bc90eb03
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 May 2018 07:28:14.6327 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 29a671dc-ed7e-4a54-b1e5-8da1eb495dc3
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR03MB2550
X-MC-Unique: SgqXoGEZNxGngA3nbnG0xg-1
Content-Type: multipart/alternative; boundary="_000_CY4PR03MB3160A4E6A164995E2903286EA5900CY4PR03MB3160namp_"
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/UjpcilrqKaoDdYpQRhekglq5oa0>
Subject: Re: [stir] "iat" value to use during PASSPorT construction
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 May 2018 07:28:24 -0000

i- I don’t think we should discredit/undervalue “philosophical aspects”. This is actually what needs to be right. It is what we call “architecture”, isn’t it? It is the foundation for the procedures.
ii- Is there a rathole here? Yes, I think there is and that is because of the “confusion” in RFC8224/8225. So, it is a “self-inflicted damage”, not something which was unavoidable.
iii- It is pretty clear that “iat” pertains to JWS creation per RFC7519. It really is not a good idea to violate this.
iv- Are there practical cases where there would be a significant difference between session initiation time and JWS creation time, yes certainly and I already provided some examples. I am sure there are many more and who knows what the future will bring. Nonetheless, the real issue is that “iat” is not to assert session origination time even if there were no such cases and its use as such wouldn’t be a good idea IMHO.
v- What needs to be done?

  *   RFC8224/8225 should be updated so that use of “iat” as issuance time of JWS is clear and there are no violations.
  *   If there is a need to assert session origination time, then that should be a new JWS parameter defined for some claim type, for example “shaken”. Actually I would prefer that it is not tied to “shaken” and is a new claim type. The reason being that it may be needed even if one doesn’t want to use “shaken”.

I am planning to file errata for RFC8224/8225 and probably prepare a draft for a new claim type for session origination time -at least to gauge the interest-.

Thanks,
Tolga


From: Chris Wendt <chris-ietf@chriswendt.net>
Sent: Thursday, May 17, 2018 7:40 PM
To: Asveren, Tolga <tasveren@rbbn.com>
Cc: stir@ietf.org
Subject: Re: [stir] "iat" value to use during PASSPorT construction

________________________________
NOTICE: This email was received from an EXTERNAL sender
________________________________

There is a bunch of philosophical ratholes we could go down here, but the “issuance” of a JWT i don’t believe is strictly meant to correspond to the “exact” time that the JWT is constructed.  My understanding is that it is meant to represent the time the token is valid in the context of the application and the claims you are making for that application.
In the context of STIR, the initiation of the INVITE and the corresponding signing of that INVITE should occur in a very small time delta, whether it happens on the same device or between the SIP UE and a network element receiving that INVITE shortly later.  I believe this scenario is completely appropriate within the scope of the definition of “issuance” time.


On May 17, 2018, at 3:46 PM, Asveren, Tolga <tasveren@rbbn.com<mailto:tasveren@rbbn.com>> wrote:

To add a bit more color:

The following is the most authoritative specification regarding “iat” generation in general IMHO:

RFC7519 JSON Web Token (JWT)

4.1.6.  "iat" (Issued At) Claim



   The "iat" (issued at) claim identifies the time at which the JWT was

   issued.  This claim can be used to determine the age of the JWT.  Its

   value MUST be a number containing a NumericDate value.  Use of this

   claim is OPTIONAL.

This text clearly states that “iat” is for the generation time of JWS.


So, I think both RFC8224/8225 need to be updated to prevent any ambiguity and be completely consistent with RFC7519.


Thanks,
Tolga

From: Asveren, Tolga
Sent: Tuesday, May 15, 2018 1:33 PM
To: Chris Wendt <chris-ietf@chriswendt.net<mailto:chris-ietf@chriswendt.net>>
Cc: stir@ietf.org<mailto:stir@ietf.org>
Subject: RE: [stir] "iat" value to use during PASSPorT construction

Ideally specifications should have a firm stand on the scope of “iat” IMHO. Ambiguity is something to avoid even if the immediately envisioned use cases could function with both interpretations (and honestly I even doubt that let alone the impact on future extensions/new claim types).

As I already indicated, what makes sense to me is that it for the “JSW”, not for the session therefore “current time” instead of Date needs to be used.

And as a side question: Is there really a practical concern regarding full-form being longer than the compact form? Are the extra few hundreds of octets really something causing heartburn considering that media associated with a session usually would require several magnitudes more?

Thanks,
Tolga

From: Chris Wendt <chris-ietf@chriswendt.net<mailto:chris-ietf@chriswendt.net>>
Sent: Monday, May 14, 2018 10:31 AM
To: Asveren, Tolga <tasveren@rbbn.com<mailto:tasveren@rbbn.com>>
Cc: stir@ietf.org<mailto:stir@ietf.org>
Subject: Re: [stir] "iat" value to use during PASSPorT construction

________________________________
NOTICE: This email was received from an EXTERNAL sender
________________________________

Hi Tolga,

I think the 60sec recommendation is a default, however, i think once we get more operational experience to see what the delta offsets of time typically are, we will have a better sense of what value to use and whether to move to a smaller time window or not.  This should in general be considered local policy what you believe is an acceptable time window. You may also want to implement secondary TDOS/replay attack types of protection to help here as well and not solely depend on “iat” freshness within that short time window.

In regards to the other part of your question, 8224 is saying to use the PASSporT “iat” to correspond to the DATE value of the SIP.  The assumption is that the PASSporT is being created at/close to the initiation of the INVITE.  I think whether you interpret that as taking the DATE and setting it exactly to the “iat” or if you are generating a PASSporT “iat” as a specifically 8225 compliant function in isolation, either will generally work if you are using full form of passport.  From what i’m personally aware of, most implementations are following the former vs the latter.

-Chris


On May 14, 2018, at 5:17 AM, Asveren, Tolga <tasveren@rbbn.com<mailto:tasveren@rbbn.com>> wrote:

RFC 8224 has the following in Section “4.1 PASSPorT Construction”:


      Third, the JSON key "iat" MUST appear.  The authentication service

      SHOULD set the value of "iat" to an encoding of the value of the

      SIP Date header field as a JSON NumericDate (as UNIX time, per

      [RFC7519], Section 2), though an authentication service MAY set

      the value of "iat" to its own current clock time.  If the

      authentication service uses its own clock time, then the use of

      the full form of PASSporT is REQUIRED.  In either case, the

      authentication service MUST NOT generate a PASSporT for a SIP

      request if the Date header is outside of its local policy for

      freshness (sixty seconds is RECOMMENDED).

RFC 8225 has the following in Section “5.1.1 “iat” (Issued At) Claim”:


   The JSON claim MUST include the "iat" (Issued At) claim ([RFC7519],

   Section 4.1.6).  As defined, the "iat" claim should be set to the

   date and time of issuance of the JWT and MUST indicate the date and

   time of the origination of the personal communications.  The time

   value should be of the NumericDate format as defined in [RFC7519],

   Section 2.  This is included for securing the token against replay

   and cut-and-paste attacks, as explained further in Section 10

   ("Security Considerations").

i- I see some conflict in RFC8225 text. It is mentioned that “iat” should be set based on issuance of JWT (which would be when PASSPorT is constructed). OTOH, it is also stated that it MUST indicate the date and time of the origination of the personal communication. The former seems to be  the right approach as what we would like to protect against cut-and-paste attacks is the PASSPorT in the context of a particular communication session. Coupling of PASSPorT with the communication session is provided through “orig”/”dest”. “iat” should be set to the time of generation of PASSPorT IMHO. RFC8244 text seems to be O.K. if one accepts this interpretation as it has the notion of “local policy for freshness”. The recommended value is on the very high end (anything more than a few seconds is too much in practice IMHO) but it is at least not mandating use of 60s.

ii- Aren’t there legitimate cases where a communication session continues for some period of time and then due to change in its nature requires addition of PASSPorT, e.g. first there is an announcement/interaction with an automated system (which may last several minutes) and then the called-party is contacted during which PASSPorT is added (because, for example, organizational boundaries are crossed and there is a need to validate calling-party identity). For such cases there could be a legitimate and major discrepancy between Date and “current time”. This is another argument in favor of considering “iat” as corresponding to PASSPorT generation rather than start of communication session IMHO. There could eb many other scenarios where similar discrepancy legitimately happens especially if one considers non-base claim types, e.g.. “div”.

So, the bottom line is I would like to get people’s opinion about whether “iat” should pertain to the start of communication session or to the creation of PASSPorT.


Thanks,
Tolga


_______________________________________________
stir mailing list
stir@ietf.org<mailto:stir@ietf.org>
https://www.ietf.org/mailman/listinfo/stir

v2.23.0 | Report a Bug | By Email