Re: [stir] WG Last Call comments on stir-oob-04
Mary Barnes <mary.ietf.barnes@gmail.com> Thu, 18 April 2019 21:03 UTC
Return-Path: <mary.ietf.barnes@gmail.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB50612047C for <stir@ietfa.amsl.com>; Thu, 18 Apr 2019 14:03:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YsMSapIGJfJ2 for <stir@ietfa.amsl.com>; Thu, 18 Apr 2019 14:02:58 -0700 (PDT)
Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7F621203FA for <stir@ietf.org>; Thu, 18 Apr 2019 14:02:57 -0700 (PDT)
Received: by mail-lf1-x12a.google.com with SMTP id u17so2639101lfi.3 for <stir@ietf.org>; Thu, 18 Apr 2019 14:02:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=h80mHwv35/h9iW6tRWt/Ow0N4QKMjlg6/I0FzYlVsuA=; b=nQG3LnGP2058pgkNWTTv8K/G/w1ftBVbeNl0BSTopcD1Rz7hnIGC8+KOXTCa4zB4Zo pctEdYsNruKG0cdHC0p/Wd5Mj8pqafKDFf0Hr9KwsepsngcyiKE4mRQSOnmligewoqD/ h84gzUJ0hHet7EEA59Q1hyocEDJit+6BIhCs2TAsNiWhm5CezA8vNk+8gXKOuUUzzxQ9 Z6sNtz7qOq8JBkmokRtRKWRX7EHu3mnDM0KrqSVFbr/57g5Ahq2QEYkyWhPyCEXvn6O6 3Rj+18+VtLb2uZZaa+HCrwTpkScs0iZe36wyQXCqoSfCL6/rc8hkHDOLsSAPknWmfAb5 LpCA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=h80mHwv35/h9iW6tRWt/Ow0N4QKMjlg6/I0FzYlVsuA=; b=qg21yKs14IthPUfm+rp5GzXjyYulRUlvvr2QAMNUUgS8gfX1tBJuewWidgCdG2wfp/ PuS0zXzjQ5P5VwYjqZiURQ+G/83NBtcjZCuRytUn/XrJEstACNh4G+aJEBxde3OlXgzU DkQzxkshnBqqfAVVz5Vk1+NDYkPfH9Lh9saZGfJ5kUFR353/51YEd4h+6eZJGMOUh9Ou CdMHDes0fbHbutpDNC00MuLj7bmt23jwzCm1eXFAyBnE4DfIbHamMYS4kqRTlz7t4A3C HSQLuvglakxWqBXU7HJWwEE2GDa4Zh3R0RgfXpNNNHbRd0OllrAotyNVpS5xGBtNgTw5 RmFg==
X-Gm-Message-State: APjAAAUdJHPoUrbmiBmsFF5qgjZu0WU8buKxqoQrkwXhw7vo7zOQJza2 s6D3ba/H6cRMNNMEnUfBtbiwf3/lMP7mJnHk0CM=
X-Google-Smtp-Source: APXvYqywUtbbeTqWSgztSfBKIYzRTzdOe8D5Gy10rIQW+10XbsrG6laEXfz8ED237ONbkxbUhzUtktMTkry6PokDJno=
X-Received: by 2002:a19:5507:: with SMTP id n7mr135394lfe.140.1555621375996; Thu, 18 Apr 2019 14:02:55 -0700 (PDT)
MIME-Version: 1.0
References: <9BB03273-2BFA-4907-9234-EC8CE33E0186@team.neustar> <C85EE94D-B228-4F23-9F2D-89D4D312F7EF@vigilsec.com>
In-Reply-To: <C85EE94D-B228-4F23-9F2D-89D4D312F7EF@vigilsec.com>
From: Mary Barnes <mary.ietf.barnes@gmail.com>
Date: Thu, 18 Apr 2019 16:02:44 -0500
Message-ID: <CAHBDyN7YKVSSkbUOSUDzKK-Q+h1fdbzEabbWC+qhNhhXXUA2dw@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: Jon Peterson <jon.peterson@neustar.biz>, Eric Rescorla <ekr@rtfm.com>, IETF STIR Mail List <stir@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008575ba0586d45320"
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/XcjpXzksNP_KULagj5tG5h6EBzw>
Subject: Re: [stir] WG Last Call comments on stir-oob-04
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2019 21:03:08 -0000
Just one comment below [MB] Regards, Mary. On Wed, Apr 17, 2019 at 11:33 AM Russ Housley <housley@vigilsec.com> wrote: > Document: draft-ietf-stir-oob-04.txt > Reviewer: Russ Housley > Review Date: 2019-04-17 > > Major: > > Title page: As discussed on the mail list, please change the > intended status to "Informational". > > Section 11: To date, STIR certificates are only used to digital > signature. This document suggests that the public key in the > certificate can also be used to provide confidentiality. This > works if the public key is RSA, and the certificate has the > appropriate key usage bits set. However, this does not work if > the public key is DSA, ECDSA, Ed25519, or several others. I > am not asking for a major change to the document, but this > should be pointed out in the document. And, Section 11 should > point out that finding the credential for the callee cannot > leverage the "x5u" claim in the PASSporT when the public key > can only be used for digital signature. > > > Minor: > > Section 2: Please update the first paragraph to reference RFC 8174 > in addition to RFC 2119, as follows: > > The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", > "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and > "OPTIONAL" in this document are to be interpreted as described in > BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all > capitals, as shown here. > > Of course, also add a reference to RFC 8174. > > The figure in Section 7.2 can be easily adjusted to fit the normal > margins. Also, the example telephone numbers should use the 555 > conventions. I suggest: > > Alice Call Placement Service Bob > -------------------------------------------------------------------- > > Store PASSporT for 2.222.555.2222 --> > > Call from 1.111.555.1111 ------------------------------------------> > > > <-------------- Request PASSporT(s) > for 2.222.555.2222 > > Obtain Encrypted PASSporT --------> > (2.222.555.2222, 1.111.555.1111) > > [Ring phone with callerid > = 1.111.555.1111] > > Also, adjust the text to reference these example telephone numbers. > > Likewise, please adjust the example telephone numbers in Section 9. > > It should be equally easy to remove three spaces from the figure in > Section 7.4 to fit the normal margins. > > Section 7.3: Please add a reference for TLS. I assume you will use > [RFC8446]. > > Section 7.5: s/Sign(K_cps, K_temp))/Sign(K_cps, K_temp)/ > > Section 11: Please add a reference for OCSP. I assume you will use > [RFC2560]. > > Section 14: I think it would be helpful to include pointers to > Sections 7.3 and 7.4 in the Security Considerations. > [MB] I agree. [/MB] > > > Nits: > > Suggested spelling: s/CPSs/CPSes/ (Note: This spelling is used for > Certificate Practice Statements.) > > Section 3: Please spell out the first use of "POTS". As an alternative, > the sentence could be reworded to use PSTN, which has already been used > many times by this point in the document. > > Sections 5.1 and 5.4: s/in the SIP world/in a SIP environment/ > > Section 5.4: s/back to the IP world/back to a SIP environment/ > > Section 5.4: s/returns to the IP world/returns to a SIP environment/ > > Section 5.5: s/a valid calls/a valid call/ > > Section 6.2: s/one that is valid/one or more that are valid/ > > Section 7.5: Please add an informative reference on blinded signatures. > > _______________________________________________ > stir mailing list > stir@ietf.org > https://www.ietf.org/mailman/listinfo/stir >
- [stir] stir-oob-04 Peterson, Jon
- [stir] WG Last Call comments on stir-oob-04 Russ Housley
- Re: [stir] WG Last Call comments on stir-oob-04 Mary Barnes
- Re: [stir] WG Last Call comments on stir-oob-04 Chris Wendt
- Re: [stir] WG Last Call comments on stir-oob-04 Peterson, Jon
- Re: [stir] WG Last Call comments on stir-oob-04 Peterson, Jon