IETF Logo Mail Archive

[stir] draft-ietf-stir-passport-rcd-14 rcdi for "/jcd"

Jack Rickard <jack.rickard@microsoft.com> Fri, 14 January 2022 18:49 UTC

Return-Path: <jack.rickard@microsoft.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAFE23A0920 for <stir@ietfa.amsl.com>; Fri, 14 Jan 2022 10:49:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.676
X-Spam-Level:
X-Spam-Status: No, score=-2.676 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QYENK84wkvfd for <stir@ietfa.amsl.com>; Fri, 14 Jan 2022 10:49:42 -0800 (PST)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-am5eur03on0718.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe08::718]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 306AA3A091E for <stir@ietf.org>; Fri, 14 Jan 2022 10:49:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Y5+OwJkThvO7ENhIilVbSCtGOCOjidIFSU1RYtPaN2T/t/KUpSHO6qs/2z4KEUVCQbWG2s5i/9denqdwGqauFyodDAFMgBNhu3r6xYlYSbCQ1bhlofmbgnlnbzeOvF8kr6GP4DUXdgsFdpo3tz9QKUXp+lXXnrbmoOUjpZcaXdlg5lPEkpdeCqWRMTPlyJEMHBKoy3tsyL7HGFM4yNQD4L3z6p5+Nc9Mt84tD01kyZye/K3mDpMqt+iy0qQB7QyjT5FCRPZJN8r+Esswy/89UpJt1a90dCoa4Kyq2mbmfDj35W7Z39FFaW58sdMpRB653u1PKNEyeMOgOE0aZx827A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jZtUEfec8dmi74U+ZDCrzSGGh/d+P0d+t/RwBmSat2A=; b=l7HsvMbUhN67pA6apiaGqBQ1Dt6iZwDk4kpE7YCw3fwR/Fl7rGvWfJgQX6DLG2UL/VengVqDR//JOnkUW5h6c2uONRCn9BrQDtsNhroimk41V7/LXnKcLUCnr1Y3KIP/r+A4b7PzGxF7eFY9tPDa/+9+jZfFP+hP+pM3EZM3TPDkovUjxoln2YMTHYEelmVL9O45pt5S+9iY4vdKgfzj5/gvZ/jA5vhNPaQIn78+YMgJ7pUIsibWq7nJhBhn2L+8pB9ggqR+EPvR1kGCWolRldson4j3vIJygRK7QdOKBwp5patcdaK8QalnSBMbHXZngcBrs4KkFe69uto+1IkuhQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jZtUEfec8dmi74U+ZDCrzSGGh/d+P0d+t/RwBmSat2A=; b=R70O6WIjNCksSy3fFeDKamRaVvE4FqSZ1omHrD+P3jTEFOVAGjP+JPiz5r1IcINIYDj6/08BNuNAuvRKz5dP24+S6VtW94PcnfCFkGUS4SRSwSYdAtyKMGhjYHvDG7VZG7Yhm8UH+v1WFLVwk3Hw+27Y6wxyFN0KkzjQWXEQxkw=
Received: from AM5PR83MB0355.EURPRD83.prod.outlook.com (2603:10a6:206:25::24) by DB7PR83MB0234.EURPRD83.prod.outlook.com (2603:10a6:10:a::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4909.1; Fri, 14 Jan 2022 18:49:36 +0000
Received: from AM5PR83MB0355.EURPRD83.prod.outlook.com ([fe80::9543:909f:b33:dc64]) by AM5PR83MB0355.EURPRD83.prod.outlook.com ([fe80::9543:909f:b33:dc64%5]) with mapi id 15.20.4930.000; Fri, 14 Jan 2022 18:49:36 +0000
From: Jack Rickard <jack.rickard@microsoft.com>
To: IETF STIR Mail List <stir@ietf.org>
Thread-Topic: draft-ietf-stir-passport-rcd-14 rcdi for "/jcd"
Thread-Index: AdgJdRkvT88xN7BESHK7qxvzgPSvOw==
Date: Fri, 14 Jan 2022 18:49:10 +0000
Deferred-Delivery: Fri, 14 Jan 2022 18:48:55 +0000
Message-ID: <AM5PR83MB03559C293FEE5A0C429D299D88549@AM5PR83MB0355.EURPRD83.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=778b3174-a437-4b89-99aa-4d20116467f9; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2022-01-14T18:27:00Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5010efca-a027-4319-d7da-08d9d78e9ca3
x-ms-traffictypediagnostic: DB7PR83MB0234:EE_
x-ms-exchange-atpmessageproperties: SA|SL
x-microsoft-antispam-prvs: <DB7PR83MB0234025A63541CBF4C1D39F788549@DB7PR83MB0234.EURPRD83.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: fT9/PxW+r8k6PhAv9VQeCJ8wdFAZvcNhgwTzvipNMswbtWg5TuWBfCjzE9E6MlPURJeqKnezqsRReUJdHLg8uh8K+Mb8v4aYdl9hk7QXvYcSfbZCArZM1kJXO+VwQyyjJGKmdHjYslpqHQd/CBsDEbr3Prd5QLSe8rTJ6i1Y+d5HSh+rU73vfBTcXV84ihC6C05Zcf2nUiB0XAJlxoUnUDcExFJ+/CuLisMd4IW8eNTSMSzEUuW/xpy1tIB0TwYVDA0kglxOnZA7G0Jq10Ov1QLmhFkSg6zaaoUz/wV5jhdf1gB8tkzKtXEYcg5WIw4zTAH8ofzLaAtA+JPliJJDGiYipysSQtWjDJE5sE+Srp/lNoDVgRl+8MtKdXPsFhfxjrmzacUKh1Dj4ZoHtvdbgAmAaQ+6ZGkvwJL8QjHPvco1KMMDSSeT8rMB8eOH/Kv7dzjamgffuOW/kO02NJcG0SmFi0nMmI44lVD/2YLpH078hjsA54lG0ez8qJp8Rx4shCCAPIj33LG3FWIE1zPIZIjd9vDkFpOz0BY0k6t8L6ODQuBW7AhsvPteQpWFD6MOCPNneygc6oN2ZJl3MH0cuc21SVA1kK1k+E/O0DHbi4GRZ2hZYK/6SAXuPieT9ZnKd9mBZZbLo1NJAK2ArjguYbF5boPB3eEtswKj3Dun5ULXM26u3G9vRVePf9XxnZ8iLksCWsmfad52F1ePb/8k3Nh0lMJM9fBpUOtG/DSJkRBe7GbdIfZzDzI42EzIYFy5
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM5PR83MB0355.EURPRD83.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(6506007)(7696005)(8990500004)(76116006)(83380400001)(186003)(26005)(10290500003)(508600001)(316002)(6916009)(33656002)(38070700005)(6666004)(64756008)(8676002)(8936002)(66946007)(71200400001)(66476007)(66446008)(2906002)(66556008)(38100700002)(86362001)(122000001)(5660300002)(9686003)(52536014)(82950400001)(82960400001)(99936003)(55016003)(44832011)(20210929001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 5/zNIl2L/T7VK719SgvpK+lkYRm8D1eRSkARt9cO6GFUfZ1Voqiqum1xIuYDFNu2bTreL/uLhMZJ1nvsQLrXOCbgi0Hx2oiGMMCqni580+DgJaSmpfYg9CVYVWCRTvDWdCnk9gnthTbY5znuhDxmRkHbrJlIiWrlDMN7RLq0E4asyMbWIFUmzPERgzauV7aVq1DE8wN+Aql0x6aotbg30+MSCM4KrK47Zdz8193Bd8Nb01uS8PVFXnadfYpBjTw9/JV7rPnMrpFrLj2LpUwk0/aOLHWJkb9HMV8/AVtUHjWnANU/9GgG6ur+DPVsoDQelE5Mr0qKezOL7dwZhSwXi9Dq1+fjny3sXDRVnHwGqhj0ZDRx458LVAiYvtizyoo8c/2pnyQtqiDQxGT/rJ9v5Yo6dz3plHVhKQ9qPfFlzZV8jDlQCHsmfGgZKsgG7QjacIrVAoxOEsnjuKLsOjxLFquzJZLC5vb9ILnjTRQL21Bg6MfbknECq+fEDGSIBghtuVOhmolBPKJHMELC0TMZLvzDeHDbbzn33YLnRCxjPyBwQp2LdV6GbmRbpm+i2nSBJ6X8Cq9OrFRxgsvxO+OIdjrbhBxVByDwTd/Yj7ND12EDSi2biABhvtlL2WIe4iJwb6K54Cy1cN7bKFXncsgLORdzD7Byb/xOqh4QCSY3QhhIZdFbuKLfT8llfSqI0AnIkGieIBMf6LQcyHHNqR9ZMkVLXslZhq2xvzhvMNX0KhodM+ifGjjxSudnuBaO6lCr2LbyHvMyvqHtUvHHXxeToQ88uihWO6ecY4b0AimvWzc2IDHlL/eZ1LS55ZWgJmKfSfNPiVupzjamCzD1eWcbXf0rdVCOGM+tTiiAi+A8F4/WAAH9/tEOyZPOdrMlBloZWgmBVYYCSNmj15D9tSpxeaSB+zXwVNDkxGzZcR+UHKtgRLxxrjhd4KewjoDfIr9r6qWJHMJVTuNLr6QzyFw1MxalAr9uGBziwfsf2X9n9BWKdUZ/pH7HPOz3qDOV8+T6YJQRLjuF9kaEOvgwiUaVY8A5UCk2fsRoyXguSwC3WU+d3I/tM/OA/IJ7Ond9oH9tV2cc98+6pUO4ZGtFIBt5BTuRkq0Vyn9jSqR1mX3qdpmdO7sFdjkmlocuqRujzjy/Sh9d/0z9GpFQaPsnEoYKj+4kTgi8KXGn4ZiBl/9fN+qHV8Yy6JJ7AxO0/Gkvg6ibxgx9F73G01pmm5yuyHbtIzWi/m//Hj3Ri9kAgtG9jjG16QfNiqvGJXqMzoDbHv9HX+bQ0jF6j5F3E2RV0lSJjfTNNk80EFINM6DIav6UJwWWmo8MCc1l/80bol2JTY57i4qIHQUoRGNtoM/HleA0YoNyTs2i3Axeo7M5A4I5Sx4bprAtMdDrgVM0Jp8VSFlzFp+sc+hzsnUegKeo+OBXM7XMiefQJe9W+cDr165kDz3dyRJzLoThr5ONzHp63OL8Nvh/kKHVZzcUfpHbNf1kp4WMs3zfYGCONDgHnb7Za35xqpGYKlP9InU68I1upuDgFASoV7/2iLTR3x7BCrkTiTaKTyAU4Kuc2J9BCzhDTvbawurRJwjEJzb86DzWijXEF1TGRCxqCFeVCU6iaKwK0A==
Content-Type: multipart/related; boundary="_004_AM5PR83MB03559C293FEE5A0C429D299D88549AM5PR83MB0355EURP_"; type="multipart/alternative"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM5PR83MB0355.EURPRD83.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5010efca-a027-4319-d7da-08d9d78e9ca3
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jan 2022 18:49:36.1085 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: /RE24BDGsBxSW15DaLMeLIKRLeKEaQZ9eSzlskDDwS/TLl3G8e0EokdTqx3rhMd7t8BlmYPjzpyAZJaGs9JUcfAS2qdkFxYvOGOpPU89LWQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR83MB0234
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/XoYu3svSdWox7wrus7GraRwh8yc>
Subject: [stir] draft-ietf-stir-passport-rcd-14 rcdi for "/jcd"
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jan 2022 18:49:44 -0000

Hi all,

I've been mulling over RCD over Christmas, and you'll be glad to know that I'm mostly happy with where it is (or will be once the rcdi changes are made). However, there is one part that is still bothering me that I'd like to ask about. Specifically, this paragraph of the spec:
   For the use of JSON pointer in "jcd" and because array indexes are
   dependent on the order of the elements in the jCard, the digest for
   the "/jcd" corresponding to the entire jCard array string MUST be
   included to avoid any possibility of substitution or insertion
   attacks that may be possible to avoid integrity detection.  Each URI
   referenced in the jCard array string MUST have a corresponding JSON
   pointer string key and digest value.

I don't think this does any harm however I also don't think it does any good; anyone who could modify the "jcd" could just as easily modify the "rcdi" entry. In fact, I don't think there's any point providing digests for anything that isn't a URI to remote content (e.g. nam and apn). Now, performing a few extra hashes per call probably won't have an impact on anything, but I'm not a fan of requiring people to do something they don't need to, and only supporting checking the hash of data from a URL could simplify some implementations.

Thanks,
Jack Rickard
he/him
Software Engineer
jack.rickard@microsoft.com<mailto:jack.rickard@microsoft.com>

[Microsoft Logo]

v2.23.0 | Report a Bug | By Email