Re: [stir] Third WGLC: draft-ietf-stir-passport-rcd-12

Russ Housley <housley@vigilsec.com> Mon, 02 August 2021 15:56 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D8DD3A083D for <stir@ietfa.amsl.com>; Mon, 2 Aug 2021 08:56:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W9b7WmmGJopn for <stir@ietfa.amsl.com>; Mon, 2 Aug 2021 08:55:54 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 881333A082F for <stir@ietf.org>; Mon, 2 Aug 2021 08:55:54 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id B9DB7300BF7 for <stir@ietf.org>; Mon, 2 Aug 2021 11:55:53 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 3qGiTqW6zMir for <stir@ietf.org>; Mon, 2 Aug 2021 11:55:51 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id BF879300AEB for <stir@ietf.org>; Mon, 2 Aug 2021 11:55:50 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Mon, 2 Aug 2021 11:55:46 -0400
References: <ACBAF452-EC41-4EAF-8ED1-AFF705671D19@vigilsec.com>
To: IETF STIR Mail List <stir@ietf.org>
In-Reply-To: <ACBAF452-EC41-4EAF-8ED1-AFF705671D19@vigilsec.com>
Message-Id: <1CA8DA85-260D-4356-9E65-B74DE6ED51BA@vigilsec.com>
X-Mailer: Apple Mail (2.3445.104.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/Yn3K-reVbbCeCdwh8z3d3bhZvtg>
Subject: Re: [stir] Third WGLC: draft-ietf-stir-passport-rcd-12
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Aug 2021 15:56:00 -0000

I have a few comments.  All of them are pretty minor.

In the Abstract, it says: '... subsequently rendered to the intended called party.'  I think it is rendered to the called party, whether that party is intended or otherwise.

In Section 6.2, first paragraph, it says: '... contents of the certified "rcd" claim.'  I do not know what 'certified' means here.  To me, it usually means that it is included in a certificate, but that is not the meaning here.  Please clarify.

In Section 7, first paragraph, it refers to a 'STIR certificate eco-system'.  I think this can be simplified by just saying that the 'authorized party' is not necessarily the subject of a STIR certificate,

In Section 12.1, first paragraph, the term 'Subject Name' is used several times.  The certificate has a subject field that contains a name, but it does nt have a Subject Name field.  Please reword.

In Section 18, second paragraph, the IESG approval of [I-D.housley-stir-enhance-rfc8226] required the addition of a SHOULD NOT statement:

   Certificate issuers SHOULD NOT include an entry in mustExclude for
   the "rcdi" claim for a certificate that will be used with the
   PASSporT Extension for Rich Call Data defined in
   [I-D.ietf-stir-passport-rcd].  Excluding this claim would prevent the
   integrity protection mechanism from working properly.

It seems that a SHOULD NOT statement should appear here as well.

In Section 18.1, please reference draft-ietf-stir-enhance-rfc8226 (not draft-housley-stir-enhance-rfc8226).

Russ


> On Jul 29, 2021, at 3:19 PM, Russ Housley <housley@vigilsec.com> wrote:
> 
> As we discussed on the IETF 111 session today, significant changes were made to address concerns that were raised during the second WGLC.
> 
> This note begins a third WGLC for draft-ietf-stir-passport-rcd-12 (PASSporT Extension for Rich Call Data).  See https://datatracker.ietf.org/doc/draft-ietf-stir-passport-rcd/.
> 
> Please send reviews to the STIR mail list by the end of day 19 August 2021.
> 
> Russ and Robert
> _______________________________________________
> stir mailing list
> stir@ietf.org
> https://www.ietf.org/mailman/listinfo/stir