[stir] Benjamin Kaduk's No Objection on draft-ietf-stir-rph-emergency-services-06: (with COMMENT)
Benjamin Kaduk via Datatracker <noreply@ietf.org> Tue, 23 February 2021 22:19 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: stir@ietf.org
Delivered-To: stir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id CD38A3A0E54; Tue, 23 Feb 2021 14:19:34 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Benjamin Kaduk via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-stir-rph-emergency-services@ietf.org, stir-chairs@ietf.org, stir@ietf.org, housley@vigilsec.com, housley@vigilsec.com
X-Test-IDTracker: no
X-IETF-IDTracker: 7.26.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Benjamin Kaduk <kaduk@mit.edu>
Message-ID: <161411877418.24418.14783669140552916107@ietfa.amsl.com>
Date: Tue, 23 Feb 2021 14:19:34 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/Z4MVAaphv9bBni2W--9ODw5mUCI>
Subject: [stir] Benjamin Kaduk's No Objection on draft-ietf-stir-rph-emergency-services-06: (with COMMENT)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Feb 2021 22:19:41 -0000
Benjamin Kaduk has entered the following ballot position for draft-ietf-stir-rph-emergency-services-06: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-stir-rph-emergency-services/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Section 3 Similar to the values allowed by [RFC8443] for the "auth" JSON object key inside the "rph" claim, the string "esnet.x" with the appropriate (nit) I suggest s/allowed/defined/, since RFC 8443 assumes the auth array will be extensible. Section 4 The following is an example of an "sph" claim for SIP 'Priority' header field with the value "psap-callback": { "orig":{"tn":"12155551213"}, "dest":{"tn":["12155551212"]}, "iat":1443208345, "rph":{"auth":["esnet.0"]}, "sph":"psap-callback" (nit) the listed "iat" value corresponds to a date in 2015. Should something more current be used? Section 5 The order of the claim keys MUST follow the rules of [RFC8225] Section 9; the claim keys MUST appear in lexicographic order. We probably want to clarify that this requirement is in force for the deterministic JSON serialization used for signature generation (and validation). Especially so since the immediately preceding example has the claims in a different order... Section 9 Thanks to Kyle Rose for the secdir review! Kyle called out the considerations from RFCs 8225 and 8443 as also being relevant (and I agree); please reference those as well as RFC 8224.
- [stir] Benjamin Kaduk's No Objection on draft-iet… Benjamin Kaduk via Datatracker
- Re: [stir] Benjamin Kaduk's No Objection on draft… Murray S. Kucherawy