IETF Logo Mail Archive

Re: [stir] Review of: draft-ietf-stir-rfc4474bis-10

"Peterson, Jon" <jon.peterson@neustar.biz> Thu, 18 August 2016 17:54 UTC

Return-Path: <prvs=1038733a47=jon.peterson@neustar.biz>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0302F12D733 for <stir@ietfa.amsl.com>; Thu, 18 Aug 2016 10:54:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.701
X-Spam-Level:
X-Spam-Status: No, score=-102.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=neustar.biz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z2FWlsbkUtBP for <stir@ietfa.amsl.com>; Thu, 18 Aug 2016 10:53:36 -0700 (PDT)
Received: from mx0b-0018ba01.pphosted.com (mx0a-0018ba01.pphosted.com [67.231.149.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88CE712DB28 for <stir@ietf.org>; Thu, 18 Aug 2016 10:51:27 -0700 (PDT)
Received: from pps.filterd (m0078666.ppops.net [127.0.0.1]) by mx0a-0018ba01.pphosted.com (8.16.0.17/8.16.0.17) with SMTP id u7IHhIgu021717; Thu, 18 Aug 2016 13:51:25 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=neustar.biz; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=neustar.biz; bh=pTtqUkOtNP9kXPtWnbpjm8Nfk7FtGcgxBrRUyViozoM=; b=hYtax1rs4mlclpogkUh1MFqM0FppP2jNVal5AsmvPGGR0QLfKDzzeIs6VebcuFyiJ0XZ eQIY9uqAT/t32YA3q4dDTVxuw6m/3FyN9Nwg+bXpW9Rq6ID5zES8Pty+lzEdfJwkAEeg OjpGMCM++Am8/27BT8Ueh0Uw6Sogw5xGZb37kbWC2ok7iLLPx8vDQyGE563lYKr0+OV9 T5ThcKV1p6xeo8+ekGqM8To9GhUkx+pehPB8qf359jpslWpqNv7RGL+DQ+3g/sKqEHLc TOocQ2mcuvzhq8Q3JatE5f2Cb29y+OK2PLDmKjEroVH5xViFmd9DE4EnR/TFxTaX/NcD Rw==
Received: from stntexhc11.cis.neustar.com ([156.154.17.216]) by mx0a-0018ba01.pphosted.com with ESMTP id 24vs8tm2kc-1 (version=TLSv1 cipher=AES128-SHA bits=128 verify=NOT); Thu, 18 Aug 2016 13:51:25 -0400
Received: from STNTEXMB10.cis.neustar.com ([169.254.5.94]) by stntexhc11.cis.neustar.com ([::1]) with mapi id 14.03.0279.002; Thu, 18 Aug 2016 13:51:24 -0400
From: "Peterson, Jon" <jon.peterson@neustar.biz>
To: "dcrocker@bbiw.net" <dcrocker@bbiw.net>, "Gorman, Pierce A [CTO]" <Pierce.Gorman@sprint.com>
Thread-Topic: [stir] Review of: draft-ietf-stir-rfc4474bis-10
Thread-Index: AQHR8fCmKQLsUYw9dka3+jdXHWkJhKBGVbYAgAd9kQCAAC4aAIAAyRaAgAB6PQD//5dgAA==
Date: Thu, 18 Aug 2016 17:51:24 +0000
Message-ID: <D3DB41D3.1A7CF8%jon.peterson@neustar.biz>
References: <c3a85ffc-8340-ac54-4d8e-21a16fefd032@dcrocker.net> <D3D41210.1A72E4%jon.peterson@neustar.biz> <CAHBDyN7W8zkgGjeUqzGaxLfRD-nFDgD9R3kxioQ47Kbp4_B8EA@mail.gmail.com> <6bd1e4bc946a4a02a1f4fdac385984b9@PLSWE13M08.ad.sprint.com> <D3DB2EE9.1A7B59%jon.peterson@neustar.biz> <fbf38cef-bfb0-60df-175d-c57362917c4c@dcrocker.net>
In-Reply-To: <fbf38cef-bfb0-60df-175d-c57362917c4c@dcrocker.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.3.160329
x-originating-ip: [10.96.12.89]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <2B6F41CCB2B1234DAAB396FE381F7E13@neustar.biz>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-08-18_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1604210000 definitions=main-1608180230
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/YLbgqt1jbuNxxbiaRniiwldkjZ8>
Cc: "stir@ietf.org" <stir@ietf.org>
Subject: Re: [stir] Review of: draft-ietf-stir-rfc4474bis-10
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2016 17:54:11 -0000

The most common uses we envision look like 2 or 3: either cases where some
specialized authority signs for an identity, one who is not necessarily an
authority for the telephone number in question but will be trusted by
relying parties for some other reason; or cases where you are adding some
new field to the scope of protection, like say the display-name or some
non-SIP field. But yes, 1 could also be the case for some of the
interworking with WebRTC IdPs we've considered. For the purposes of this
spec, though, we just want some very high-level motivation.

Jon Peterson
Neustar, Inc.

On 8/18/16, 10:05 AM, "stir on behalf of Dave Crocker"
<stir-bounces@ietf.org on behalf of dhc@dcrocker.net> wrote:

>On 8/18/2016 9:48 AM, Peterson, Jon wrote:
>> Oh, we've allowed for multiple Identity headers for some time - the
>> problem is we don't really give any reason why we allow them or any
>> sense of what it might mean to have more than one. We need to say at
>> least something about that, though largely this is a matter of forward
>> compatibility with some future use cases that we know are under
>> consideration that we don't want to rule out.
>
>
>1. In the abstract, there could be different identifiers that are
>authenticated.  That's probably not supposed to be allowed for a SIP
>environment, but since there apparently can be different identifiers
>used as input to validation, perhaps it is allowed.
>
>2. There can be different authorities used to create the authentication.
>This permits trust assessment of a combination of entities making
>validity assertions.
>
>3. There can be different technical details to the signature.  Different
>canonicalizations, different crypto algorithms, different keys.  All of
>these might affect survival through transit and/or ability of the
>recipient to process.
>
>d/
>-- 
>
>   Dave Crocker
>   Brandenburg InternetWorking
>   bbiw.net
>
>_______________________________________________
>stir mailing list
>stir@ietf.org
>https://www.ietf.org/mailman/listinfo/stir

v2.23.0 | Report a Bug | By Email