IETF Logo Mail Archive

Re: [stir] Review of: draft-ietf-stir-rfc4474bis-10

Dave Crocker <dhc@dcrocker.net> Tue, 09 August 2016 20:23 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32C8C12D7CF for <stir@ietfa.amsl.com>; Tue, 9 Aug 2016 13:23:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.209
X-Spam-Level:
X-Spam-Status: No, score=-1.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RDNS_NONE=0.793, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dcrocker.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jBUvMouQMXmK for <stir@ietfa.amsl.com>; Tue, 9 Aug 2016 13:23:30 -0700 (PDT)
Received: from simon.songbird.com (unknown [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9CCA12D090 for <stir@ietf.org>; Tue, 9 Aug 2016 13:23:30 -0700 (PDT)
Received: from [192.168.1.168] (76-218-8-128.lightspeed.sntcca.sbcglobal.net [76.218.8.128]) (authenticated bits=0) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id u79KNXTL024265 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NOT); Tue, 9 Aug 2016 13:23:33 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dcrocker.net; s=default; t=1470774213; bh=5ggR+nwnUslwuG+eglM8sGdG/tHKgy4go9S54O53J2o=; h=Subject:To:References:From:Reply-To:Date:In-Reply-To:From; b=nFXsAjb0VgIX4fCugxSq3cDWbpRBzwn9X4dX5vNEmGViNsn83B8xRUExg7ffx7/PW Z3/MpkD8xsmmUIub0tRBKqEMuHbwGQ8SncAfyFVknC4YisE0alUqMOc5yixJ4sUCgc miswYatoQefazhJoRCtQFarqQyyTkjHsANOE4Kgc=
To: Richard Shockey <richard@shockey.us>, "stir@ietf.org" <stir@ietf.org>
References: <c3a85ffc-8340-ac54-4d8e-21a16fefd032@dcrocker.net> <4B1956260CD29F4A9622F00322FE053101285D016E32@BOBO1A.bobotek.net> <D3CF2934.1A6EE6%jon.peterson@neustar.biz> <1dbc154e-1ffc-689a-6f4f-45321e1149f6@dcrocker.net> <CE4A6DFE-54A3-482C-A4D9-8CBDD6BC6E25@shockey.us>
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
Message-ID: <dd252f18-312e-6818-8558-35ce31bf1f3a@dcrocker.net>
Date: Tue, 09 Aug 2016 13:23:04 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <CE4A6DFE-54A3-482C-A4D9-8CBDD6BC6E25@shockey.us>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/XvkOhUdBAFkYb7jB28iYQR_Lkxg>
Subject: Re: [stir] Review of: draft-ietf-stir-rfc4474bis-10
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2016 20:23:31 -0000

On 8/9/2016 1:02 PM, Richard Shockey wrote:
> Third, Dave’s objections here are fundamental. He is rejecting the
> entire JWT construct in 4474bis that has been put forward.  It is
> almost inconceivable to me that at this late stage he is essentially
> asking us to issue a ‘full stop” and start over in favor of DKIM
> based construct or whatever.


Rich,

Yes, late-stage concerns are always discomfiting.  But I'll again note 
that that I did not raise a concern about JWT/JSON in my Passport 
review.  And I raised concern about it in my 4474bis review only after 
trying to work through the actual use, within the context of these 
specifications.

What I found was considerable additional reading and technical 
complexity, with no immediate benefit for the task at hand.  So while 
the model is appealing, it actually seems to be a net negative, in this 
case.

I believe I also found serious errors, resulting from the complexity, 
but this is an example of one of those items in the review that need 
public response and discussion.  So I await clarifications that make 
clear that I misread the document...

d/

-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net

v2.23.0 | Report a Bug | By Email