IETF Logo Mail Archive

[stir] draft-ietf-stir-identity-header-errors-handling-00 privacy issues

Jack Rickard <jack.rickard@microsoft.com> Fri, 14 January 2022 18:26 UTC

Return-Path: <jack.rickard@microsoft.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D15C3A2EDA for <stir@ietfa.amsl.com>; Fri, 14 Jan 2022 10:26:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.676
X-Spam-Level:
X-Spam-Status: No, score=-2.676 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bQW9gf8fANqJ for <stir@ietfa.amsl.com>; Fri, 14 Jan 2022 10:26:13 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150113.outbound.protection.outlook.com [40.107.15.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 728223A2ED7 for <stir@ietf.org>; Fri, 14 Jan 2022 10:26:13 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aFEaML6WahwanWNjgoxA4ZxWDrMmGvLl0ktDzCS1qIygyQLjePKwBBy3sIWN4MehWF7Z1dTcKietLxn+Ph7meN+L3N5L/wM4g0s3M4s8PeX5WpSIC1sGQAidlfUgkf/zXk9ln4+PRYH/s8B2tbMXD/Z7XYAGDuqgzorz+IPcCRUgDBuQxIjMyXTkHK+RCrujIL7a2MgyiotwcZN7aTTt5eVG9JWwyIwtiOieBXlWBEfVvbT8NLELC/WeOuMlaLHZeYwEW2tIQPmyiNFiYhMtT+dNIuaojYkY1b72KZQ0ud2hTWb8Fh5lr3pzYSymsjfAOGfKhmAQnMeTEwQxApH71Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nX0r9gIrZFWHBTiL3BPzaak4JbRuRFEoOV0e15YtzDk=; b=atyKCfH28cQy/uHpVEqv2gAzc7++QExDpC0jXKOdq6GeUG1yjW9KCP7gbzg/APWdjX4QHn+zA3yNzhMrpUT4Q9vA2UoU2MgjvL0ojlNElsxYvLJhvoz30C71ZahIqUcXwj77cUrGisnLwy6zgAeEGZ1k1xSqXgKN782rZgKVnjHRhWmQJGxySIhjJvLD/IfMiAa33ULqwCx8DBbQ5Y8qStZb0nV0PcEA/maLuVeWUk5OiS9T6olLDJpDh20CfGffk7AwOLHPjXGAB81WQqRHMc4WtKTFXu9TWgzHd04EIUgb1oyXWLRuyJEuJ380wWEfTIFI1LrC1I3zlVkwDD/FAA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nX0r9gIrZFWHBTiL3BPzaak4JbRuRFEoOV0e15YtzDk=; b=QVKtdX0hAy6W4rl4NvrzWmdOqq5Xna035Mto6ShX3ztBf5k6Hw2+DcAfybayFUYy9+vdJDuCCoHizU3fQyQvqdQcqq24JTdCJs3vxcf/Lx8c8aZy+vE6WRHTSBMv8avhpZmE6sRDzwJs67qE3GXkRaLnQGtwiESyx+s0dY/v9sQ=
Received: from AM5PR83MB0355.EURPRD83.prod.outlook.com (2603:10a6:206:25::24) by PR3PR83MB0473.EURPRD83.prod.outlook.com (2603:10a6:102:7e::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4909.1; Fri, 14 Jan 2022 18:26:06 +0000
Received: from AM5PR83MB0355.EURPRD83.prod.outlook.com ([fe80::9543:909f:b33:dc64]) by AM5PR83MB0355.EURPRD83.prod.outlook.com ([fe80::9543:909f:b33:dc64%5]) with mapi id 15.20.4930.000; Fri, 14 Jan 2022 18:26:06 +0000
From: Jack Rickard <jack.rickard@microsoft.com>
To: IETF STIR Mail List <stir@ietf.org>
Thread-Topic: draft-ietf-stir-identity-header-errors-handling-00 privacy issues
Thread-Index: AdgJcfNOcriO3qs2Qpq9VU8xX+ATfA==
Date: Fri, 14 Jan 2022 18:25:53 +0000
Deferred-Delivery: Fri, 14 Jan 2022 18:25:04 +0000
Message-ID: <AM5PR83MB0355352611C6D7643A6B760588549@AM5PR83MB0355.EURPRD83.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=866a6b80-27fc-4858-8229-bbf5310a85e7; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2022-01-14T18:09:21Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 585a2fda-22f8-4875-7f06-08d9d78b5435
x-ms-traffictypediagnostic: PR3PR83MB0473:EE_
x-ms-exchange-atpmessageproperties: SA|SL
x-microsoft-antispam-prvs: <PR3PR83MB0473E09B001A5CF41CF9872A88549@PR3PR83MB0473.EURPRD83.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: iiMPXvLkocmtU56TBLJMFn2kNXFPLf7hTlGeDwbpFxVvqEHCfejg0Od+nt2myfs/FmBPFpL5c5Uc3WJ5uKkmgVjC0X3zW0F1LkIwMm/u6OIYrwB6c3d9BBK9MZZp5cg1+E1u6rWPnJ962pU/a8cdQYLxwnR6w06bL0twgipaJ++K3BenbnxrmMVpMEkni2xQvIxF2sPGqq7tpdO+zEMxD6XK9ap2QF5yMQ+6L/Q3QMQs7DXsjBqQaeQWC+bQoIhkt9YSAcPL/+IRGrc8cCePh27Widw8BZhX2UNwHKlwYFEizceLEg2W9PrNA460qnCHyxswXEseNbpnWd5buN2vS3HdVxluZvsm5aLUtbu+AyF69NicM6dqqK8DKiKpp3ijDIyLqiORhoYDGDif+jFQtPTc4EQSC5P7YX01fPzK1K49iJl9q2Fd6q5Q/p4RPcCnDXxfZghNpV2BlYHnCU7kcvkSSRbrXeCQpYajuJxvlI8aBMUlqXgRJ9/koDGbr6ARb8LcCOQ1mEAnPewrQyUkMYEY4zxhTaVYf7luHqr0cXuw528EoN1bpouvI59rH1jWqUBMJAGzYNd9Y1mxsr60VdFTDhQRvzXWQFYyXSk2jN+g6b8WGTha5LX3SKOfIIiZHKaL+DYkkU8qxqLw0Ovi6QFNDrhW4HdPa2SgcPM1fEL48mJfkWeWUWyilwukUPnKyISDVqIHN2EdRIEYUM56GV38vwC+3P1TQnPll5DKa45HsRDoEiqSuZ+OmHU9IKyFp8XA21LXYA2N2R8BdfYzP1JrfmrxoHIRQHmznmGVMzm842n/3lb/SgLphDf3IDBB0W25ybfj05mr2YVVBc9oJoR4wOoHkcT7xksNw3qbsx+FqoGwZHZy2F8VezYbCQeG
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM5PR83MB0355.EURPRD83.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(6506007)(6666004)(7696005)(9686003)(6916009)(316002)(508600001)(5660300002)(99936003)(10290500003)(166002)(122000001)(44832011)(82960400001)(66946007)(52536014)(55016003)(38070700005)(64756008)(66446008)(66556008)(86362001)(66476007)(26005)(76116006)(8676002)(186003)(71200400001)(82950400001)(38100700002)(2906002)(8936002)(83380400001)(8990500004)(33656002)(20210929001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: zkWbUkO0+yFliUb685QXC7w6W/9XAO6egBC9XMpYXoGJo7CaPP90sRNAWhcLvRr+c1paTe1Tnhd1b6l3pYn2p55xth6w58Y94s8QFVw0jS28dS/bsRG+QWxg5TLNn4aEIEu3rjcP7n5FRp63I2C5NZm4hb+59AZDrEPfxLdHqmfto4fANyA6mtnhgH7EkDUEIwA6nb2/0jc48WHTjpHx2WeGV+6kPGiNgrQ+s68BMySgfFXaNEwAHgdy/tXTsbS64T3APVrpsxBShm1zCnSNmIIXOT0yMreLMBgSRvmOskztXyXBvS2hd7Or6oFR6ro8g/tG8kqjpwY61NN9FXxer/dkLm2StxT5tvcJqMQLWEQTuzud3I6nrgiPEc4Sm6wTzHds0oisFpMQFhczrQZmg+aNJqfmFVqJuwbgpWQQ76LZKSlgMNrKQ16plACBkW/Qu8PXk1XsTryPn+D/CcOvBDF0/1JZMR4GLDsrcfDsV69AMHTYM4l/RbWCL/b8JnCRT7bawqRd8GJj6IKhKa509q++vx71NKSmoc4vQ59EUKai/gVMTPtkABf5Eky1XQ+ek9kmHxRXcKI1mIFlcUWjPDRmSQCaT7PBNkysnB0XtMg/DZKN3uG50pItYHMuVQUxkYS/AYuv4BkbMjVYu6WSEs40Ubcg5t2l11D6IYCMTeMhhmLMyINPNtQeBv7IQ6VlSi8QYfWduGLe380/e+ENm+vT/Iw84/CeSmDkULSZTujBZkF1T43+ZZ9G3PUHm63iqdyfXmOKQsYz9I76ptI5RJvGYbwY4VMFSKW5Qr4UIEQ4SNOXSRnmilzCFulm0uqBiQV5lX5gpYnGYLJGN7wJJypQ1QMuxHDZ1z7WA5l9dlma+oIqaoWVQWHCx5RuWez9s0LaZ3MlZhqUoprgyEL9Z8cQ2azz8Wne9YQI9aN9ybvPsFIPAPADqQMn+MCO1i80632wvAXoh8kYEa1zKLDN+tfNhedqvA3guf0LV76+yn4CK6lkKbrJ9S15stAM0xyjCGwZih3owQ+jqMPWQIdGFXWn4j3PKxJPXBsNBqGrBw7C1aLOyBpyp4lgwmAURDc2hT56hnpkx+dBikO0gaYQggK4lBm31+bU8g7b0yHIp9liWk+98BzYEI1qVUaadu1HvEZtQxtvuw5aKur6J3Vd6Z68JQQbbDAf2jkOrD4SDrHx/FCkqDdoqc/f3lnJtQFr6vcF5p6hvQnYSwPGL+ySTBPGEmt1bSR3YpaWk7Hdn7GwOYetH+DOSanHO0nNcZjwD5IjRF2TQCqVxdmjX7EQAE3XA3DgktYEnfeXxCESr6RL7yDIsnfVRS5wwfiJeW+mR+d5LTGKX6hLevroJ+6ELq77AydzT2sqIISsv6wXms5yqsS1Ukt4xZ0vIJIHEC5ZgbNJLnXLAavK8zaKyngI963g2ja8Q4dseHs5tdoONwHG5sxE9JeYbpL9opckxznCToB68dJ8IosjU7cJqmVPkgu9X6SZV7li0iH8zSA52LbpQ2lyx5+pduMpprvUAR76QkXwdWXa4b1/qbBqueWbEuOhjJhknpwm07zegzfsxX/rCPiU4+vNB4OUWFDzXwNexTXb9RAkbWmmY+RsIO5EDA==
Content-Type: multipart/related; boundary="_004_AM5PR83MB0355352611C6D7643A6B760588549AM5PR83MB0355EURP_"; type="multipart/alternative"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM5PR83MB0355.EURPRD83.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 585a2fda-22f8-4875-7f06-08d9d78b5435
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jan 2022 18:26:06.1403 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: QaKJYIAJmduGhe2/4rvwlEpqCksF4nxn6QGUbwOxO3qNXUsq5A0Uhls/8kLIKSBeKjKI4w8h5kL0EdwuDnmH+gYubyng4KNo8hBu0msrrOE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR83MB0473
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/YaeHP1F-MNq8qvyZpMTPROaZ6BE>
Subject: [stir] draft-ietf-stir-identity-header-errors-handling-00 privacy issues
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jan 2022 18:26:16 -0000

Hi all,

As promised (if a bit late), these are the issues I see with the current draft as it relates to privacy.

This error handling mechanism provides a new way for callers to see how a call was diverted (and other potentially sensitive information in passports), this is a privacy issue as highlighted in the diversion RFC, rfc5806 (ietf.org)<https://datatracker.ietf.org/doc/html/rfc5806#section-7>, and the history-info RFC, rfc7044 (ietf.org)<https://datatracker.ietf.org/doc/html/rfc7044#section-10.1> (and who knows what private information may be put in passports in the future).

The current draft attempts to mitigate this issue with section 7:
  Removal of the Reason header field by Authentication Service

   When an Authentication Service [RFC8224] receives the Reason header
   field with a PASSporT it generated as part of an Identity header
   field and the authentication of a call, it should first follow local
   policy to recognize and acknowledge the error (e.g. perform
   operational actions like logging or alarming), but then MUST remove
   the identified Reason header field to avoid the PASSporT information
   from going upstream to a UAC or UAS that may not be authorized to see
   claim information contained in the PASSporT for privacy or other
   reasons.

However, this doesn't work: an intermediary that does not (yet) support this draft would not know to remove their passport from the reason headers, and so the information would be leaked upstream.

The two simplest solutions that I can immediately see are:

  1.  Enforce the use of compact form (potentially only send the signature), this removes all the useful information for anyone who had not seen the passports already.
  2.  Add a flag to the passport/identity indicating that you would like it sent back to you if there was an error with it. That would ensure that only AS's that understood this extension could leak data.


Thanks,
Jack Rickard
he/him
Software Engineer
jack.rickard@microsoft.com<mailto:jack.rickard@microsoft.com>

[Microsoft Logo]

v2.23.0 | Report a Bug | By Email