Re: [stir] Call For Adoption of draft-peterson-stir-servprovider-oob
Piotr Gregor <piotr@signalwire.com> Mon, 22 March 2021 18:15 UTC
Return-Path: <piotr@signalwire.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 880733A1025 for <stir@ietfa.amsl.com>; Mon, 22 Mar 2021 11:15:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.302
X-Spam-Level:
X-Spam-Status: No, score=0.302 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URI_NOVOWEL=0.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=signalwire.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IJfR0mZbspFC for <stir@ietfa.amsl.com>; Mon, 22 Mar 2021 11:15:13 -0700 (PDT)
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61E4E3A1022 for <stir@ietf.org>; Mon, 22 Mar 2021 11:15:13 -0700 (PDT)
Received: by mail-ed1-x529.google.com with SMTP id b16so20533503eds.7 for <stir@ietf.org>; Mon, 22 Mar 2021 11:15:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=signalwire.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=6fLUh6+0GCOoV9tMoa0JlMre4pkITOjmsTq6fmT+oqA=; b=Gh3dUGEbLZ1iUe9EL8X146ZRIKXSdnTxyd+Xvr3AvSO57Q95By41Xo7+KKAgPC3kW+ MTEv0DbX7SXbcBQIgrGIjqtf2hhtpJJFsyo9CqJpvuqgYKR1P1beoCGNvPOhF40n6rjj 57UGrN6144qCIn4I30qo3MhryHCs28L6dia6k=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=6fLUh6+0GCOoV9tMoa0JlMre4pkITOjmsTq6fmT+oqA=; b=SbnHa+GESRdpEekKDmoScu1L4IZn3vXd6TR4qyqaH/tMgF2QFCOdE+WWTWOQtdj6+p +2onIZCoXPhFFfwV9YfzrAU78iqqEj+txhLRtNr+bfoYPERiEEjWv7KgG4Lh93vBRUxQ Q7EmM3xj8v/r8ZRU+gbc3E7lj15QXTqWJx4sJ140us1dhsReh77ZxWhocpzXGen5Jsq0 EAYC3J6IvO3zXpvBmBCgqhui+5omDETj6lIGrID92G0gJ6krWV3GbpLuZSKo8+8n6Yzv k6/x1NYQynIJB5E6YIEqQYFy/st4HX26a5X7J5SSZcM2e2HoCfs7WD+D67ja5+73BYYH SLxg==
X-Gm-Message-State: AOAM532lgSfnfr2ygZC82LxnGX76G7EFBBguNdpFjfYFi/sVv3x/XA+T erTSfa+E4bHictE637gbM79IZrUo7rO3u18iTOBhN7c47M96CY5FQIv5J80khfY/se/7R5Wlo0h JqVZ/oz8OGQ+KDg==
X-Google-Smtp-Source: ABdhPJxzmUY+u4Oxs9RoFFlWxMGLqh5YJQOWnGK2TTznWMu/M9KEuFVrP+ABduIUcyerCrErthbzLZpLsh2wMqqXmjw=
X-Received: by 2002:a05:6402:1691:: with SMTP id a17mr908752edv.336.1616436911242; Mon, 22 Mar 2021 11:15:11 -0700 (PDT)
MIME-Version: 1.0
References: <157429966624.922.6336772483106473689.idtracker@ietfa.amsl.com> <41B1930A-2631-47D3-8693-62363B9C5639@vigilsec.com> <C118221E-19F7-4CA6-A2E6-17249380843D@vigilsec.com> <B0B39AC9-F885-4B4D-8729-423C629F6EDC@vigilsec.com> <CA+LnPOeacavNJxQwGh+AX3YF_RW-ruLUL6DiSxpAx1LQrkjf=w@mail.gmail.com> <CA+LnPOf0OFmEgk3bvyyLFFLyie9BnZGqYSkchucUDr4X2wQSwA@mail.gmail.com> <1BFB6605-8327-418A-B764-01EC75976328@team.neustar>
In-Reply-To: <1BFB6605-8327-418A-B764-01EC75976328@team.neustar>
From: Piotr Gregor <piotr@signalwire.com>
Date: Mon, 22 Mar 2021 18:14:35 +0000
Message-ID: <CA+LnPOe9QBNs7uf0+_qmuzSEB3QtkHheBZb1JaomiushjfAudA@mail.gmail.com>
To: "Peterson, Jon" <jon.peterson@team.neustar>
Cc: Russ Housley <housley@vigilsec.com>, IETF STIR Mail List <stir@ietf.org>, "ekr@rtfm.com" <ekr@rtfm.com>
Content-Type: multipart/alternative; boundary="000000000000e5915805be240b74"
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/YmFHwhPGhR6VP64i3eMmJlHcyFE>
Subject: Re: [stir] Call For Adoption of draft-peterson-stir-servprovider-oob
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Mar 2021 18:15:19 -0000
Hi, In chapter 4 (Advertising CPS) the draft ( https://www.ietf.org/archive/id/draft-ietf-stir-servprovider-oob-01.txt) says: An alternative to CPS advertisements that may be usable in some environments is adding a field to STIR [RFC8226] certificates identifying the CPS URI issued to individual service providers. As these certificates are themselves signed by a CA, and contain their own TNAuthList, the URI would be bound securely to the proper telephone network identifiers. As STIR assumes a community of relying parties who trust these credentials, this method perhaps best mirrors the trust model required to allow a CPS to authorize PASSporT submission and retrieval. It would be quite natural to embed CPS info in provider certificate, but there is a problem with this: it will work only if the originator of a call (PASSporT creator) already knows what is the certificate of destination (or knows where to find it). This will not be an option if you do not have yet the certificate of the destination (unless there is other spec wich standardises the certificate location?). Maybe it would be a good idea to add a comment on that or elaborate this section a bit. regards, Piotr On Sun, Sep 27, 2020 at 11:31 PM Peterson, Jon <jon.peterson@team.neustar> wrote: > > > Thanks for the heads-up, and yes, this has been repaired in the AUTH 48 > process for stir-oob. > > > > Jon Peterson > > Neustar, Inc. > > > > *From: *Piotr Gregor <piotr@signalwire.com> > *Date: *Monday, August 24, 2020 at 5:09 PM > *To: *Russ Housley <housley@vigilsec.com> > *Cc: *IETF STIR Mail List <stir@ietf.org>, "Peterson, Jon" > <jon.peterson@team.neustar>, Eric Rescorla <ekr@rtfm.com> > *Subject: *Re: [stir] Call For Adoption of > draft-peterson-stir-servprovider-oob > > > > I believe there is an error in draft-ietf-stir-oob-07, here in section 9 > it is said that call originates for destination 2.222.555.2222 > > but then 2.222.222.2222 appears in places I highlighted: > > > 9 > <https://urldefense.com/v3/__https:/tools.ietf.org/html/draft-ietf-stir-oob-07*section-9__;Iw!!N14HnBHF!qGWhl_lldmfxuAhX9SKZInSk2i34niQESzkNmAFSMCHw3jkCsoxihluS9UpnvdTjMWlRsw$>. > Example HTTPS Interface to the CPS > > > > (...) > > Assume that an authentication service has created the following > > PASSporT for a call to the telephone number 2.222.555.2222 > > (...) > > Through some discovery mechanism (see Section 10 <https://urldefense.com/v3/__https:/tools.ietf.org/html/draft-ietf-stir-oob-07*section-10__;Iw!!N14HnBHF!qGWhl_lldmfxuAhX9SKZInSk2i34niQESzkNmAFSMCHw3jkCsoxihluS9UpnvdQ2wNRsUA$>), the authentication > > service discovers the network location of a web service that acts as > > the CPS for 2.222.555.2222. > > (...) > > Having concluded the numbered steps in Section 8.1 <https://urldefense.com/v3/__https:/tools.ietf.org/html/draft-ietf-stir-oob-07*section-8.1__;Iw!!N14HnBHF!qGWhl_lldmfxuAhX9SKZInSk2i34niQESzkNmAFSMCHw3jkCsoxihluS9UpnvdSkY1ufcw$>, including > > acquiring any token (per Section 6.1 <https://urldefense.com/v3/__https:/tools.ietf.org/html/draft-ietf-stir-oob-07*section-6.1__;Iw!!N14HnBHF!qGWhl_lldmfxuAhX9SKZInSk2i34niQESzkNmAFSMCHw3jkCsoxihluS9UpnvdTPr31zLw$>) needed to store the PASSporT at > > the CPS, the authentication service then stores the encrypted > > PASSporT: > > > > > > > > Rescorla & Peterson Expires September 10, 2020 [Page 20] > > ------------------------------ > > <https://urldefense.com/v3/__https:/tools.ietf.org/html/draft-ietf-stir-oob-07*page-21__;Iw!!N14HnBHF!qGWhl_lldmfxuAhX9SKZInSk2i34niQESzkNmAFSMCHw3jkCsoxihluS9UpnvdR0UBsvaQ$> > > Internet-Draft STIR Out-of-Band March 2020 > > > > > > POST /cps/2.222.555.2222/ppts HTTP/1.1 > > Host: cps.example.com <https://urldefense.com/v3/__http:/cps.example.com__;!!N14HnBHF!qGWhl_lldmfxuAhX9SKZInSk2i34niQESzkNmAFSMCHw3jkCsoxihluS9UpnvdTqcnHCLg$> > > (...) > > > > The web service assigns a new location for this encrypted PASSporT in > > the collection, returning a 201 OK with the location of > > /cps/2.222.222.2222/ppts/ppt1. > > ^^^^^^^^^^^^^^^^^^^^^^ > > ->>>>>>>>>>>>> should be /cps/2.222.555.2222/ppts/ppt1 > > > > > > Now the authentication service can > > place the call, which may be signaled by various protocols. Once the > > call arrives at the terminating side, a verification service contacts > > its CPS to ask for the set of incoming calls for its telephone number > > (2.222.222.2222). > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > ->>>>>>>>>>>>> should be 2.222.555.2222 > > > > > > GET /cps/2.222.555.2222/ppts > > Host: cps.example.com <https://urldefense.com/v3/__http:/cps.example.com__;!!N14HnBHF!qGWhl_lldmfxuAhX9SKZInSk2i34niQESzkNmAFSMCHw3jkCsoxihluS9UpnvdTqcnHCLg$> > > > > This returns to the verification service a list of the PASSporTs > > currently in the collection, which currently consists of only > > /cps/2.222.222.2222/ppts/ppt1. > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > ->>>>>>>>>>>>> should be /cps/2.222.555.2222/ppts/ppt1 > > > > The verification service then sends a > > new GET for /cps/2.222.555.2222/ppts/ppt1/ which yields: > > (...) > > > > cheers, > > Piotr > > > -- Piotr Gregor Software Engineer piotr@signalwire.com +44 01256 597 470 -- *|* Ask me about SignalWire Work <https://signalwire.com/products/work>, our new digital office alternative.
- [stir] The STIR WG has placed draft-dolly-stir-rp… IETF Secretariat
- [stir] Call For Adoption of draft-dolly-stir-rph-… Russ Housley
- Re: [stir] Call For Adoption of draft-dolly-stir-… DOLLY, MARTIN C
- Re: [stir] Call For Adoption of draft-dolly-stir-… Chris Wendt
- Re: [stir] Call For Adoption of draft-dolly-stir-… Peterson, Jon
- Re: [stir] Call For Adoption of draft-dolly-stir-… Hala Mowafy
- Re: [stir] Call For Adoption of draft-dolly-stir-… Subir Das
- Re: [stir] Call For Adoption of draft-dolly-stir-… Christer Holmberg
- Re: [stir] Call For Adoption of draft-dolly-stir-… R.Jesske
- Re: [stir] Call For Adoption of draft-dolly-stir-… Jörgen Axell
- Re: [stir] Call For Adoption of draft-dolly-stir-… Ben Campbell
- Re: [stir] Call For Adoption of draft-dolly-stir-… Eric Burger
- Re: [stir] Call For Adoption of draft-dolly-stir-… Richard Shockey
- Re: [stir] The STIR WG has placed draft-dolly-sti… Asveren, Tolga
- Re: [stir] Call For Adoption of draft-dolly-stir-… Russ Housley
- [stir] Call For Adoption of draft-peterson-stir-s… Russ Housley
- Re: [stir] Call For Adoption of draft-peterson-st… Mary Barnes
- Re: [stir] Call For Adoption of draft-peterson-st… Sean Turner
- Re: [stir] Call For Adoption of draft-peterson-st… Ben Campbell
- Re: [stir] Call For Adoption of draft-peterson-st… Russ Housley
- Re: [stir] Call For Adoption of draft-peterson-st… Piotr Gregor
- Re: [stir] Call For Adoption of draft-peterson-st… Piotr Gregor
- Re: [stir] Call For Adoption of draft-peterson-st… Peterson, Jon
- Re: [stir] Call For Adoption of draft-peterson-st… Piotr Gregor