Re: [stir] Ben Campbell's Discuss on draft-ietf-stir-rph-03: (with DISCUSS and COMMENT)

"Das, Subir" <sdas@appcomsci.com> Thu, 19 April 2018 18:15 UTC

Return-Path: <sdas@appcomsci.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3E2612DA15; Thu, 19 Apr 2018 11:15:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e_-1So5Sj0Np; Thu, 19 Apr 2018 11:15:32 -0700 (PDT)
Received: from thumper.appcomsci.com (thumper.appcomsci.com [205.132.0.196]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 098CC12D887; Thu, 19 Apr 2018 11:15:31 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by thumper.appcomsci.com (Postfix) with ESMTP id 11C9A695131; Thu, 19 Apr 2018 14:13:36 -0400 (EDT)
X-Virus-Scanned: by SpamTitan at appcomsci.com
Received: from thumper.appcomsci.com (localhost [127.0.0.1]) by thumper.appcomsci.com (Postfix) with ESMTP id 61E8669512A; Thu, 19 Apr 2018 14:13:35 -0400 (EDT)
Received: from bambi.appcomsci.com (bambi.appcomsci.com [192.4.5.54]) by thumper.appcomsci.com (Postfix) with ESMTPS id 2DE0C695123; Thu, 19 Apr 2018 14:13:35 -0400 (EDT)
Received: from brg-exmb1.ats.atsinnovate.com (exch.appcomsci.com [192.4.5.112]) by bambi.appcomsci.com (8.14.4/8.13.4) with ESMTP id w3JIFTWt023152; Thu, 19 Apr 2018 14:15:29 -0400
Received: from RRC-ATS-EXMB2.ats.atsinnovate.com ([2002:c004:56a::c004:56a]) by brg-ats-exhb1.ats.atsinnovate.com ([fe80::fc05:b53:7f2b:84f9%18]) with mapi id 14.03.0389.001; Thu, 19 Apr 2018 14:15:28 -0400
From: "Das, Subir" <sdas@appcomsci.com>
To: Ben Campbell <ben@nostrum.com>, Subir Das <subirdas21@gmail.com>
CC: IETF STIR Mail List <stir@ietf.org>, "rhousley@vigilsec.com" <rhousley@vigilsec.com>, The IESG <iesg@ietf.org>, "draft-ietf-stir-rph@ietf.org" <draft-ietf-stir-rph@ietf.org>, STIR Chairs <stir-chairs@ietf.org>
Thread-Topic: [stir] Ben Campbell's Discuss on draft-ietf-stir-rph-03: (with DISCUSS and COMMENT)
Thread-Index: AQHT1fOe4dK2bLGpWkiIvueJa6GSFKQG04kAgAFKTICAAEedgA==
Date: Thu, 19 Apr 2018 18:15:28 +0000
Message-ID: <AAC987F0CC2C7845A9FBD8A36D52E12DCBD46FE4@rrc-ats-exmb2.ats.atsinnovate.com>
References: <152393202955.26114.3853075658304497317.idtracker@ietfa.amsl.com> <CAFb8J8o=TKvvEkzuBP1QZuQ5wKpKmooScKdRXSOQxp7WbND0vA@mail.gmail.com> <5716BD0B-CF7B-46BF-87A4-0C33E4EDE553@nostrum.com>
In-Reply-To: <5716BD0B-CF7B-46BF-87A4-0C33E4EDE553@nostrum.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.4.8.216]
Content-Type: multipart/alternative; boundary="_000_AAC987F0CC2C7845A9FBD8A36D52E12DCBD46FE4rrcatsexmb2atsa_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/YbakGsha0xG9fpcUfEnLudU2FDw>
Subject: Re: [stir] Ben Campbell's Discuss on draft-ietf-stir-rph-03: (with DISCUSS and COMMENT)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Apr 2018 18:15:37 -0000

Hi Ben,
Please see the answers below.

regards,
_Subir

From: Ben Campbell <ben@nostrum.com>;
Sent: Thursday, April 19, 2018 5:47 AM
To: Subir Das <subirdas21@gmail.com>;
Cc: IETF STIR Mail List <stir@ietf.org>;; rhousley@vigilsec.com; The IESG <iesg@ietf.org>;; draft-ietf-stir-rph@ietf.org; STIR Chairs <stir-chairs@ietf.org>;
Subject: Re: [stir] Ben Campbell's Discuss on draft-ietf-stir-rph-03: (with DISCUSS and COMMENT)



On Apr 18, 2018, at 4:04 PM, Subir Das <subirdas21@gmail.com<mailto:subirdas21@gmail.com>> wrote:

Hello Ben,

Thanks for your review and comments. Please see the answers inline.



Regards,

_Subir



-----Original Message-----
From: Ben Campbell <ben@nostrum.com<mailto:ben@nostrum.com>>
Sent: Monday, April 16, 2018 10:27 PM
To: The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>
Cc: draft-ietf-stir-rph@ietf.org<mailto:draft-ietf-stir-rph@ietf.org>; Russ Housley <rhousley@vigilsec.com<mailto:rhousley@vigilsec.com>>; stir-chairs@ietf.org<mailto:stir-chairs@ietf.org>; rhousley@vigilsec.com<mailto:rhousley@vigilsec.com>; stir@ietf.org<mailto:stir@ietf.org>
Subject: Ben Campbell's Discuss on draft-ietf-stir-rph-03: (with DISCUSS and COMMENT)



Ben Campbell has entered the following ballot position for

draft-ietf-stir-rph-03: Discuss



When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)





Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html

for more information about IESG DISCUSS and COMMENT positions.





The document, along with other ballot positions, can be found here:

https://datatracker.ietf.org/doc/draft-ietf-stir-rph/







----------------------------------------------------------------------

DISCUSS:

----------------------------------------------------------------------



Thanks for this work. I plan to ballot "yes", but I have a couple of points I think need to be discussed first.



SD> Appreciate it.



§4.2: " If the signature validation fails, the verification service should infer

   that the calling party is not authorized for ’Resource-Priority’ as

   indicated in the claim.  In such cases, the priority treatment for

   the associated communication service is handled as per the local

   policy."



I suspect there will be deployments where the node making these local policy decisions is downstream from the verifier. How do they know RPH verification failed? Should the verifier strip resource priority header fields for which validation failed?



SD> We will clarify the last sentence of the paragraph as follows:



“In such cases, the priority treatment for the associated communication service is handled as per the local policy of the verifier (e..g., the RPH may be  stripped and call can be treated as an ordinary call)."

Can you envision a case where it would make sense to leave RPH verifiers where verification has failed? That seems like a dangerous practice worthy of at least a SHOULD NOT.

SD> You are correct that it  should not but it is hard to imagine what the operators’ policy would be.  From a protocol perspective, we can recommend  SHOULD NOT if that is  what you are suggesting.



§7.2:

   o  The verification of the signature MUST include means of verifying

      that the signer is authoritative for the signed content of the

      resource priority namespace in the PASSporT."



I gather the intent is to leave that means to local policy, or to be specified elsewhere. I think that's a problem from an interoperability standpoint. The verifier needs a way to know whether the authorizer is authoritative for the RPH. If we want authorizers and verifiers from different vendors to be able to interoperate, it seems like at least some mechanism needs to be standardized and possibly MTI.


SD> Yes, you are correct that the end-to-end architecture is specified outside of IETF. This is currently done in ATIS where the verifier can verify the authorizer’s  certificate even if they are from different providers.

Is it the intent that this extension only be used with the ATIS framework? If so, some scoping language early in the document would be helpful.


              SD> At this moment, it will be used with the ATIS framework. However, we do not know if some other framework will find it useful. We will  try to add a reference to ATIS framework. Will this work?







----------------------------------------------------------------------

COMMENT:

----------------------------------------------------------------------



General: It's probably worth updating the references to 4474bis and passport to their respective RFCs.



SD> Will update.



§3, 4th paragraph: The imbedding of ABNF in the middle of a paragraph is difficult to read. It would be helpful to separate that from the surrounding text in the conventional fashion.



SD> How about the following?



"The "rph" claim will provide an assertion of authorization, "auth", for information in the SIP ’Resource-Priority’ header field based on [RFC4412] and the syntax is:



Resource-Priority = "Resource-Priority": r-value

r-value= "namespace  "."  r-priority



Specifically, the "rph" claim includes assertion of the priority-level of the user to be used for a given communication session. The value of the "rph" claim is an Object with one or more keys. Each key is associated with a JSON Array. These arrays contain Strings that correspond to the ‘r-values’ values indicated in the SIP ’Resource-Priority’ header field."

Works for me.





§3, 5th paragraph and throughout: The repeated use of "r-value ="namespace "."

priority value" is hard to read. Please consider giving that parameter construct a name, and using the name throughout.



SD> How about the following?



“The following is an example "rph" claim for a SIP ’Resource-Priority’ header field with an r-value of "ets.0" and with another r-value  of "wps.0".

Works for me.





Note: Will change the rest accordingly.



§3, 7th paragraph: "The authority MUST use its credentials (i.e., CERT)"

Does "CERT" mean "Certificate"? I assume it's not "Computer Emergency Response Team".



SD> Yes CERT implies Certificate. We will change it to 'Certificate'



§4.1 : A SIP authentication service typically will derive the value of "rph"

   from the ’Resource-Priority’ header field based on policy associated

   with service specific use of the "namespace "." priority value" for

   r-values based on [RFC4412].:

"Typically" usually implies "Most but not all of the time". Is that the intent?





SD> No that is not the intent. Will delete ‘typically”. The sentence will read :



SD> “A SIP authentication service will derive the value of "rph" from the ’Resource-Priority’ header field based on policy associated with service specific use of the "namespace "." r-priority  " for r-values based on [RFC4412]. “



§4.2, last paragraph: Am I correct to guess that this is talking about valid claims?



SD> This statement is valid for both valid and invalid claims. The policy will determine how claim will be treated.

I don’t understand what that means for invalid claims. Are you saying that local policy could mean you use an invalid claim anyway? If so, why bother verifying it?


SD> By ‘invalid’ claim I meant failed claim.   This specification does not define the call processing behavior of SIP UA. The intent here is to simply  provide an input to such a call processing entity about the validity of  RPH.
This is the reason why we leave this aspect to the local policy.





On Mon, Apr 16, 2018 at 10:27 PM, Ben Campbell <ben@nostrum.com<mailto:ben@nostrum.com>> wrote:
Ben Campbell has entered the following ballot position for
draft-ietf-stir-rph-03: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-stir-rph/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

Thanks for this work. I plan to ballot "yes", but I have a couple of points I
think need to be discussed first.

§4.2: " If the signature validation fails, the verification service should infer
   that the calling party is not authorized for ’Resource-Priority’ as
   indicated in the claim.  In such cases, the priority treatment for
   the associated communication service is handled as per the local
   policy."

I suspect there will be deployments where the node making these local policy
decisions is downstream from the verifier. How do they know RPH verification
failed? Should the verifier strip resource priority header fields for which
validation failed?

§7.2:
   o  The verification of the signature MUST include means of verifying
      that the signer is authoritative for the signed content of the
      resource priority namespace in the PASSporT."

I gather the intent is to leave that means to local policy, or to be specified
elsewhere. I think that's a problem from an interoperability standpoint.. The
verifier needs a way to know whether the authorizer is authoritative for the
RPH. If we want authorizers and verifiers from different vendors to be able to
interoperate, it seems like at least some mechanism needs to be standardized
and possibly MTI.


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

General: It's probably worth updating the references to 4474bis and passport to
their respective RFCs.

§3, 4th paragraph: The imbedding of ABNF in the middle of a paragraph is
difficult to read. It would be helpful to separate that from the surrounding
text in the conventional fashion.

§3, 5th paragraph and throughout: The repeated use of "r-value ="namespace "."
priority value" is hard to read. Please consider giving that parameter
construct a name, and using the name throughout.

§3, 7th paragraph: "The authority MUST use its credentials (i.e., CERT)"
Does "CERT" mean "Certificate"? I assume it's not "Computer Emergency Response
Team".

§4.1 : A SIP authentication service typically will derive the value of "rph"
   from the ’Resource-Priority’ header field based on policy associated
   with service specific use of the "namespace "." priority value" for
   r-values based on [RFC4412].:
"Typically" usually implies "Most but not all of the time". Is that the intent?

§4.2, last paragraph: Am I correct to guess that this is talking about valid
claims?


_______________________________________________
stir mailing list
stir@ietf.org<mailto:stir@ietf.org>
https://www.ietf.org/mailman/listinfo/stir