IETF Logo Mail Archive

Re: [stir] Getting PASSPORT Published

"Peterson, Jon" <jon.peterson@team.neustar> Fri, 22 February 2019 19:22 UTC

Return-Path: <prvs=19560576be=jon.peterson@team.neustar>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9B10130F66 for <stir@ietfa.amsl.com>; Fri, 22 Feb 2019 11:22:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=team.neustar
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qySBOPJubp9L for <stir@ietfa.amsl.com>; Fri, 22 Feb 2019 11:22:31 -0800 (PST)
Received: from mx0b-0018ba01.pphosted.com (mx0a-0018ba01.pphosted.com [67.231.149.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D519B130EBA for <stir@ietf.org>; Fri, 22 Feb 2019 11:22:31 -0800 (PST)
Received: from pps.filterd (m0078666.ppops.net [127.0.0.1]) by mx0a-0018ba01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x1MJDMeN010189; Fri, 22 Feb 2019 14:22:31 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=team.neustar; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=selector1; bh=ytGrsOSunAMQLk+MllNoFPMtXth8WgBREi2VnudL0xQ=; b=l8taLnr/MNCKO0aC86lsu5epgyscKZK0nwG8Ud/nq+vIv0iPmiSeidcBsyC7YK48hI1I AM2hS2ptyr6dESc9kAVAviR7kke0+15+UW4S1gwSqkwE4hkK97y5t0puDTRGtO05qPK0 ZTO8apndRf2w8IDo/CPCBB8KzSnQxRTxD7V35ikyqOam2urNUru5kSLhnSI7W03wS22h 7iwg52XDo5KCo24Vx9t+PGzlDZxXCWmr+sz7Fxkw5Ume7dVvo1/beULz7qvPoLTp5TQ/ ShQ/gfq7/obKUAGuZyICEz49N9LzB7IlmYc/kqO5p3+gm+NF4DMsi9l3OAX/Ur2nGm4X Ww==
Received: from stntexhc10.cis.neustar.com ([156.154.17.216]) by mx0a-0018ba01.pphosted.com with ESMTP id 2qt5ebs9r5-2 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 22 Feb 2019 14:22:31 -0500
Received: from STNTEXMB101.cis.neustar.com ([fe80::acd4:1667:da41:9938]) by stntexhc10.cis.neustar.com ([10.31.58.69]) with mapi id 14.03.0279.002; Fri, 22 Feb 2019 14:22:29 -0500
From: "Peterson, Jon" <jon.peterson@team.neustar>
To: Adam Roach <adam@nostrum.com>, "draft-ietf-stir-passport-shaken.all@tools.ietf.org" <draft-ietf-stir-passport-shaken.all@tools.ietf.org>
CC: "stir@ietf.org" <stir@ietf.org>
Thread-Topic: [stir] Getting PASSPORT Published
Thread-Index: AQHUyjQtQCesheGAvkuEAofqY3yLR6XsATGA
Date: Fri, 22 Feb 2019 19:22:28 +0000
Message-ID: <3F73548D-63E9-4935-A27C-0BD7A9E89CA8@team.neustar>
References: <17d7e50b-5012-74ec-d1a5-9c8b80d60f4e@nostrum.com>
In-Reply-To: <17d7e50b-5012-74ec-d1a5-9c8b80d60f4e@nostrum.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.6.190114
x-originating-ip: [10.96.12.221]
Content-Type: text/plain; charset="utf-8"
Content-ID: <15917E41A22EB243B63471D5EC7A2200@neustar.biz>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-02-22_12:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1902220132
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/UxSyGx5c7Sg4fJ8N2kp2--KQujM>
Subject: Re: [stir] Getting PASSPORT Published
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Feb 2019 19:22:35 -0000

I think the proposed privacy text is fine. 

In terms of whether this should be Info or PS, I think we're expecting that there will be a substantial amount of SHAKEN deployment out there before the end of this year. We wanted this documented here in the IETF because we wanted to make sure those PASSporT elements would be commonly understood by elements that receive them. 

Should privacy concerns prevent this from being something that gets the blessing of IETF consensus? On balance, I don't think they should. Practically speaking, these orig IDs are not the main PII worry here - the originating number, the thing STIR exists to attest, is far more revealing than an orig ID, which is in practice used something a bit more like a trunk group identifier. Carriers have the proper incentives to make sure that those orig IDs are not externally linkable. But if the worry here is that targeted or mass collection of orig ID can tell us something more interesting about the people placing communications than the calling party number, it's hard for me to see how that would be true. And even if it were, the text (especially the new version) is already telling people to keep this UUIDs opaque.

Jon Peterson
Neustar, Inc.

On 2/21/19, 2:24 PM, "stir on behalf of Adam Roach" <stir-bounces@ietf.org on behalf of adam@nostrum.com> wrote:

    [as area director]
    
    tl;dr: I'd like to propose publishing SHAKEN as Informational instead of 
    Standards Track, and tweaking the Privacy Considerations section. 
    Details below.
    
    
    The draft-ietf-stir-passport-shaken document still has a DISCUSS 
    remaining on it from IESG evaluation:
    
    > I would like to discuss the privacy properties of origids. As I read
    > this text, it does not actually require them to be unlinkable or that
    > it not be possible to determine whether two ids represent the same
    > person behind the origid generator, and I believe it should do so.
    > Practically implementing that may require an ID that is longer than a
    > UUID.
    
    
    While it's true that this behavior is defined in the ATIS document, 
    publication of an IETF Proposed Standard carries with it the explicit 
    indication that the IETF as a whole (including the IESG during their 
    evaluation) thinks the approach being described is a Good Idea. In this 
    particular case, the fact that the underlying mechanism does not 
    inherently provide unlinkability for the underlying identifiers has been 
    identified as problematic.
    
    At the same time, I'll note that the primary reason for this document to 
    exist is to populate two IANA registries. Both of these registries are 
    "Specification Required," which doesn't require the publication of a 
    Standards Track document.
    
    An acceptable path to address this situation would be to instead publish 
    draft-ietf-stir-passport-shaken as Informational, and to tighten up the 
    privacy considerations slightly. I believe this could be achieved with a 
    small change to the final sentence of section 10; we would replace:
    
    >    If the operator of an element is concerned about the
    >    correlation of 'origid' values, the element could be configured to
    >    use a unique 'origid' value per call in such a way that the operator
    >    can associate those 'origid' values to the correct element when doing
    >    lookups in their backend systems.
    
    With:
    
    >    Absent a compelling reason not to do so, operators should configure 
    > their
    >    network elements to use a unique and externally unlinkable 'origid' 
    > value
    >    per call in such a way that the operator can associate those 'origid'
    >    values to the correct element when doing lookups in their backend 
    > systems.
    
    
    Does this sound like a reasonable path forward?
    
    /a
    
    _______________________________________________
    stir mailing list
    stir@ietf.org
    https://www.ietf.org/mailman/listinfo/stir

v2.23.0 | Report a Bug | By Email