[stir] Comments on rfc4916-update
Jonathan Rosenberg <jdrosen@jdrosen.net> Fri, 28 July 2023 15:31 UTC
Return-Path: <jdrosen2@gmail.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF166C15154C for <stir@ietfa.amsl.com>; Fri, 28 Jul 2023 08:31:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.156
X-Spam-Level:
X-Spam-Status: No, score=-1.156 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dr0MQABJyAM4 for <stir@ietfa.amsl.com>; Fri, 28 Jul 2023 08:31:04 -0700 (PDT)
Received: from mail-ed1-f45.google.com (mail-ed1-f45.google.com [209.85.208.45]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4296CC15106E for <stir@ietf.org>; Fri, 28 Jul 2023 08:30:56 -0700 (PDT)
Received: by mail-ed1-f45.google.com with SMTP id 4fb4d7f45d1cf-5227799c224so2881898a12.0 for <stir@ietf.org>; Fri, 28 Jul 2023 08:30:56 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690558254; x=1691163054; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=CMM9E9CnWPNhxkrqJTHAWa3sM7B7CxCfHt5HMsP3fsA=; b=LjBXF+yaAHraiMv+sQBy/7rdM/hZy7f+24mcPu0quxHTYHd9WF/wqBZxthr6/XG+hO dSQyn/H812DtXcZtcl05cOT7ebFyvKL7mujdGGOJ2XmTC9Yt9++tEvXSGVGZD/4fRGZq rrxiszCIK8QzlajOV+VShtx2fyIzg7r8h1aTS6hG1Bmjk0DYDRaLl/ssklrU9jN/Y4Zp REN+BETo6y87t5j7UIlOhpsv/LQad9HMCsMTWKLzCWJAYRv6m0ONPvjJWuv9913shdlb JyKr5mmmtvVuhM579g9m1suouOwmCSioUZ23i7sZimV67kOBhZ7hu//hWgwVJO5X91X2 3r2Q==
X-Gm-Message-State: ABy/qLaYuaFmRShLFptR2HuiK06ZPwqQOuzcodWIoS3peO3rBCrvdwFg Q8b3qHr2WqVMc6noaBceHJNz3rb0TbsiIA==
X-Google-Smtp-Source: APBJJlHJNibNu7erXXZD5/jq5iUCkaYlOmn2EIZ7rHKFUf6vq/l+PGUovczux+iPEShjRFUxm7CW7w==
X-Received: by 2002:a17:907:7814:b0:99b:f392:10b2 with SMTP id la20-20020a170907781400b0099bf39210b2mr1298146ejc.39.1690558254273; Fri, 28 Jul 2023 08:30:54 -0700 (PDT)
Received: from mail-ej1-f45.google.com (mail-ej1-f45.google.com. [209.85.218.45]) by smtp.gmail.com with ESMTPSA id j13-20020a17090686cd00b0099297c99314sm2157227ejy.113.2023.07.28.08.30.54 for <stir@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 28 Jul 2023 08:30:54 -0700 (PDT)
Received: by mail-ej1-f45.google.com with SMTP id a640c23a62f3a-9923833737eso304976966b.3 for <stir@ietf.org>; Fri, 28 Jul 2023 08:30:54 -0700 (PDT)
X-Received: by 2002:a17:906:8a6c:b0:993:eef2:5d5d with SMTP id hy12-20020a1709068a6c00b00993eef25d5dmr2500163ejc.27.1690558253942; Fri, 28 Jul 2023 08:30:53 -0700 (PDT)
MIME-Version: 1.0
From: Jonathan Rosenberg <jdrosen@jdrosen.net>
Date: Fri, 28 Jul 2023 08:30:34 -0700
X-Gmail-Original-Message-ID: <CA+23+fH4Zr5ZsgnmNnVNfGswkV8969X1nfk4e1ZdyRik0A2N8A@mail.gmail.com>
Message-ID: <CA+23+fH4Zr5ZsgnmNnVNfGswkV8969X1nfk4e1ZdyRik0A2N8A@mail.gmail.com>
To: stir@ietf.org
Content-Type: multipart/alternative; boundary="00000000000032d14706018dc46a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/WhQ4BMpnWnEqm-j2FsR1c6CafR8>
Subject: [stir] Comments on rfc4916-update
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jul 2023 15:31:07 -0000
In advance of our meeting today: There is another interesting use case for this spec that is not mentioned in the intro. Specifically, when calls are placed by automata for the purposes of verifying ownership of phone numbers, it is really important that the call has not actually been forwarded. One can imagine that the entity performing the call to verify ownership of the number, would want to receive the rsp passport and check that it matches the called number. This would actually address some of the concerns that have been raised about the insecurity of forward routability checks for verifying number ownership. On this: > An "rsp" PASSporT that signs a different "dest" than the one that appeared in the PASSporT of the dialog-forming request MUST send at least one "div" PASSporT with it. If no "div" PASSporTs were received in the dialog-forming request, then "rsp" PASSporTs MUST NOT be used in responses. I think this MUST is overly harsh. The entity sending the rsp passport has no control over whether intermediaries inserted div passports along the way. If none of them do, it means that the rsp passport can never be sent and this spec is useless. Indeed, for the use case I outline above, the originator of the call doesnt need the div passports at all, just the rsp passport. On this: > The use of the connected identity mechanism here specified is not limited to provisional dialog requests. Once a dialog has been established with connected identity, any re-INVITEs from either the originating and terminating side, as well as any BYE requests, MUST contain Identity headers with valid PASSporTs. It seems odd to me that this spec would require the originator of the call to take extra actions (namely, including passports in mid-dialog requests) just because the terminating side decided to add an rsp passport in the 200 OK response to the INVITE. Along similar lines, this seems a bit onerous as it introduces requirements on the caller that have nothing to do with connected identity per se: > It is however REQUIRED by this specification that if a UAC sends a CANCEL for its own PASSporT-protected INVITE request, that it include an Identity header with a valid PASSporT in the CANCEL. This too, seems like it is more appropraite as a SHOULD, in cases like I outline above where the div chain itself is not interesting to the caller: > Mid-dialog requests also require special handling in diversion cases. Implementations compliant with this specification MUST validate the "div" chain back to the "rsp" PASSporT on any Identity header field values received in responses. -- Jonathan Rosenberg, Ph.D. jdrosen@jdrosen.net http://www.jdrosen.net
- [stir] Comments on rfc4916-update Jonathan Rosenberg
- Re: [stir] Comments on rfc4916-update Peterson, Jon