IETF Logo Mail Archive

Re: [stir] [Technical Errata Reported] RFC8224 (6519)

Roman Shpount <roman@telurix.com> Wed, 07 April 2021 21:06 UTC

Return-Path: <roman@telurix.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18D6B3A29DA for <stir@ietfa.amsl.com>; Wed, 7 Apr 2021 14:06:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 49BJdODypJKQ for <stir@ietfa.amsl.com>; Wed, 7 Apr 2021 14:06:28 -0700 (PDT)
Received: from mail-ot1-x334.google.com (mail-ot1-x334.google.com [IPv6:2607:f8b0:4864:20::334]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7AFB33A29D9 for <stir@ietf.org>; Wed, 7 Apr 2021 14:06:28 -0700 (PDT)
Received: by mail-ot1-x334.google.com with SMTP id 68-20020a9d0f4a0000b02901b663e6258dso141729ott.13 for <stir@ietf.org>; Wed, 07 Apr 2021 14:06:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=faY4U2bR5JmmmEzQ8fySSjuGHXllStsRMpbLZIBuWew=; b=gvAMZAJX6aBGCDJbPrRJrKf9F4IO7tO3WnE6A1P8QTUSM4i7aodfaZM7NUES+g4qFf 2ZcFg9GBG0rDlx/DE8IsbDgLm5rh9bq2HjkSLdWYdlFE6mx0OlA5FHm1Bi/7j3EWsLp3 an7Nngshk/bMZJZUQYK1dvYjBO3BS/aHcVnGp0z5uhTjG73ARQXYiV11AsGX/xXajliT LJwW2Z1vuME76knOtrPKDFrMElObbVs+eTgO8RqTL8ZUJmnAvXnHd1mgnVWjWe8df0WE 5Zw7VcmYZOcHEkiiuaBsXqxr6BRpSg5HDDzjsAyAol/3RapV4WSF0x7ECV6yD4eaa+lH rGvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=faY4U2bR5JmmmEzQ8fySSjuGHXllStsRMpbLZIBuWew=; b=In+bZCy5gIQrymIp+BLrZmSkCImGNTKuDvNooegy6PuxQT9i7TSbgAXHkDwrKS8a5y MLOfsc3euvndlLPVNTVCDpqNc06+ck1UQN/r/s1kZPP6AXY0teem4LgrSRthtGNQr5da Df2mV8e0VXewYdAfPvTVOWTVF224DUBSDXV9k+vdePkfq83/JA52fwcRwPH8hwLlRdjl lFU+2/xnv7EUFTFkdJtHVoUJPqZSrBAYjHb6Ktu2in/sTGmNAJeuLv/tJ3o0U9DQHn33 Z2bhbKOr8PfE/R10lu6PQ6oY6YL9j8eWjesbA0ctz7monv5+u+G0/wId955RvTF56kpk pItQ==
X-Gm-Message-State: AOAM532rUwcQllrvYWqYLEVv3NCCqhOwzn0+oGt1LkWr++7bb9bZFA6A 4ZH3vuCIBFQTlBtOaPfmwn/vq8BoJ9uekQ==
X-Google-Smtp-Source: ABdhPJzpq0D39qP/U6ozSvLr1trETvFQwyGXGVW9obZZ7RiVysD3z6kcBrza71hQXPbX0RwnJ0yjEw==
X-Received: by 2002:a05:6830:24a1:: with SMTP id v1mr4431335ots.119.1617829586750; Wed, 07 Apr 2021 14:06:26 -0700 (PDT)
Received: from mail-ot1-f53.google.com (mail-ot1-f53.google.com. [209.85.210.53]) by smtp.gmail.com with ESMTPSA id r2sm5475350otk.55.2021.04.07.14.06.26 for <stir@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 07 Apr 2021 14:06:26 -0700 (PDT)
Received: by mail-ot1-f53.google.com with SMTP id k14-20020a9d7dce0000b02901b866632f29so207866otn.1 for <stir@ietf.org>; Wed, 07 Apr 2021 14:06:26 -0700 (PDT)
X-Received: by 2002:a9d:628d:: with SMTP id x13mr4351312otk.19.1617829585775; Wed, 07 Apr 2021 14:06:25 -0700 (PDT)
MIME-Version: 1.0
References: <20210406052047.50377F4079F@rfc-editor.org> <AM0PR07MB38602368B3ED807C9969F8DD93759@AM0PR07MB3860.eurprd07.prod.outlook.com> <CAD5OKxtinuycq+QHamaPx9OJYY6ZTe8-Ki-7HdrHzR4sR_RTiw@mail.gmail.com> <c75e736f-58c4-0783-b37b-6be20231ecad@petit-huguenin.org>
In-Reply-To: <c75e736f-58c4-0783-b37b-6be20231ecad@petit-huguenin.org>
From: Roman Shpount <roman@telurix.com>
Date: Wed, 07 Apr 2021 17:06:14 -0400
X-Gmail-Original-Message-ID: <CAD5OKxvdwE9E-GSaUYLUJRU-Z3A2tCGstcJq=mVh=BGEJR70gg@mail.gmail.com>
Message-ID: <CAD5OKxvdwE9E-GSaUYLUJRU-Z3A2tCGstcJq=mVh=BGEJR70gg@mail.gmail.com>
To: Marc Petit-Huguenin <marc@petit-huguenin.org>
Cc: Christer Holmberg <christer.holmberg@ericsson.com>, "fluffy@cisco.com" <fluffy@cisco.com>, "ekr@rtfm.com" <ekr@rtfm.com>, "jon.peterson@neustar.biz" <jon.peterson@neustar.biz>, "housley@vigilsec.com" <housley@vigilsec.com>, "stir@ietf.org" <stir@ietf.org>, "superuser@gmail.com" <superuser@gmail.com>, "chris-ietf@chriswendt.net" <chris-ietf@chriswendt.net>, "rjsparks@nostrum.com" <rjsparks@nostrum.com>, Francesca Palombini <francesca.palombini@ericsson.com>, RFC Errata System <rfc-editor@rfc-editor.org>
Content-Type: multipart/alternative; boundary="000000000000c471b305bf684d3d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/Vcyu8l8hI1P3VXu1NXQnM2oF5Yg>
X-Mailman-Approved-At: Thu, 08 Apr 2021 08:24:20 -0700
Subject: Re: [stir] [Technical Errata Reported] RFC8224 (6519)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Apr 2021 21:06:34 -0000

All the registered Personal Assertion Tokens are tokens:
https://www.iana.org/assignments/passport/passport.xhtml.

There is nothing in RFC8225 that limits the ppt header parameter's value,
so to be compatible, ident-type = "ppt" EQUAL (token / quoted-string) is
correct. This, however, does not reflect the decision to always put quotes
around the ppt value from IETF 101.

If this were up to me, I would say that the original ABNF is correct and
all the other documents and implementation which put quotes around the ppt
value are wrong. After all, these quotes serve no purpose except using
extra two bytes. Furthermore, there is no reason the use anything except
tokens to identify PASSporT Extensions.

I would also like to point out that the definition of info parameter is
also problematic since it is not a valid generic-param:
ident-info = "info" EQUAL ident-info-uri
ident-info-uri = LAQUOT absoluteURI RAQUOT

A quoted-string should have been used for the info, not the LAQUOT
absoluteURI RAQUOT.

I assume it is too late to fix either of these things.
_____________
Roman Shpount


On Wed, Apr 7, 2021 at 3:25 PM Marc Petit-Huguenin <marc@petit-huguenin.org>
wrote:

> Hi Roman,
>
> On 4/7/21 9:18 AM, Roman Shpount wrote:
> > Hi Christer,
> >
> > This is exactly the issue. ATIS documents and other RFCs like rfc8946 use
> > ppt with a quoted token.
>
> Shouldn't the ABNF now be, to be compatible with non-SHAKEN
> implementations, this:
>
> ident-type = "ppt" EQUAL (token / quoted-string)
>
> >
> > Also, according to IETF 101 STIR notes (which you took), the ppt
> > token value should always be quoted. I am not sure why it needed to be
> > quoted (I think this is wrong), but that was the decision.
> > _____________
> > Roman Shpount
> >
> >
> > On Wed, Apr 7, 2021 at 11:23 AM Christer Holmberg <
> > christer.holmberg@ericsson.com> wrote:
> >
> >> Hi,
> >>
> >> I have not been involved in the discussions, so my apologies for asking
> >> something that have been discussed already, but what is the reason for
> the
> >> change? If you anyway are only going to allow "token" characters, why
> the
> >> quotes? Is the only reason to align with how the parameter is used in
> other
> >> specs?
> >>
> >> Regards,
> >>
> >> Christer
> >>
> >>
> >> -----Original Message-----
> >> From: stir <stir-bounces@ietf.org> On Behalf Of RFC Errata System
> >> Sent: tiistai 6. huhtikuuta 2021 8.21
> >> To: jon.peterson@neustar.biz; fluffy@cisco.com; ekr@rtfm.com;
> >> chris-ietf@chriswendt.net; superuser@gmail.com; Francesca Palombini <
> >> francesca.palombini@ericsson.com>; rjsparks@nostrum.com;
> >> housley@vigilsec.com
> >> Cc: stir@ietf.org; roman@telurix.com; rfc-editor@rfc-editor.org
> >> Subject: [stir] [Technical Errata Reported] RFC8224 (6519)
> >>
> >> The following errata report has been submitted for RFC8224,
> "Authenticated
> >> Identity Management in the Session Initiation Protocol (SIP)".
> >>
> >> --------------------------------------
> >> You may review the report below and at:
> >>
> >>
> https://protect2.fireeye.com/v1/url?k=ac0542ba-f39e7bbf-ac050221-86959e472243-713aff0f88c18be4&q=1&e=6be2f688-f156-4c8b-953f-2bec6cf24d76&u=https%3A%2F%2Fwww.rfc-editor.org%2Ferrata%2Feid6519
> >>
> >> --------------------------------------
> >> Type: Technical
> >> Reported by: Roman Shpount <roman@telurix.com>
> >>
> >> Section: 4
> >>
> >> Original Text
> >> -------------
> >> ident-type = "ppt" EQUAL token
> >>
> >> Corrected Text
> >> --------------
> >> ident-type = "ppt" EQUAL DQUOTE token DQUOTE
> >>
> >> Notes
> >> -----
> >> Based on IETF 101 STIR notes ptr= values should always be quoted. Also,
> >> ATIS-1000074 is using double quotes around ppt value.
> >>
> >> Instructions:
> >> -------------
> >> This erratum is currently posted as "Reported". If necessary, please use
> >> "Reply All" to discuss whether it should be verified or rejected. When a
> >> decision is reached, the verifying party can log in to change the status
> >> and edit the report, if necessary.
> >>
> >> --------------------------------------
> >> RFC8224 (draft-ietf-stir-rfc4474bis-16)
> >> --------------------------------------
> >> Title               : Authenticated Identity Management in the Session
> >> Initiation Protocol (SIP)
> >> Publication Date    : February 2018
> >> Author(s)           : J. Peterson, C. Jennings, E. Rescorla, C. Wendt
> >> Category            : PROPOSED STANDARD
> >> Source              : Secure Telephone Identity Revisited
> >> Area                : Applications and Real-Time
> >> Stream              : IETF
> >> Verifying Party     : IESG
> >>
> >> _______________________________________________
> >> stir mailing list
> >> stir@ietf.org
> >> https://www.ietf.org/mailman/listinfo/stir
> >>
> >
> >
> > _______________________________________________
> > stir mailing list
> > stir@ietf.org
> > https://www.ietf.org/mailman/listinfo/stir
> >
>
>
> --
> Marc Petit-Huguenin
> Email: marc@petit-huguenin.org
> Blog: https://marc.petit-huguenin.org
> Profile: https://www.linkedin.com/in/petithug
>

v2.23.0 | Report a Bug | By Email