Return-Path: X-Original-To: stir@ietfa.amsl.com Delivered-To: stir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DEAC12E9CE for ; Thu, 21 Apr 2016 19:42:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.895 X-Spam-Level: X-Spam-Status: No, score=-2.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.996] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p6Cr9Kwi0mKU for ; Thu, 21 Apr 2016 19:42:03 -0700 (PDT) Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 643C012E9CC for ; Thu, 21 Apr 2016 19:42:03 -0700 (PDT) Received: from unnumerable.local ([173.57.167.89]) (authenticated bits=0) by nostrum.com (8.15.2/8.14.9) with ESMTPSA id u3M2g1Tp098525 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=OK) for ; Thu, 21 Apr 2016 21:42:02 -0500 (CDT) (envelope-from rjsparks@nostrum.com) X-Authentication-Warning: raven.nostrum.com: Host [173.57.167.89] claimed to be unnumerable.local To: stir@ietf.org References: <9D68E244-1E03-4FF1-8343-F661FF3D629D@vigilsec.com> <84B51A25-EBF9-48EA-8BFF-4D76647715CB@vigilsec.com> <6C7F922E-3472-423D-B430-AA87B36C239F@chriswendt.net> <8868AD90-74D6-4356-B540-816CB068BEDC@shockey.us> From: Robert Sparks Message-ID: <57198F7A.90405@nostrum.com> Date: Thu, 21 Apr 2016 21:42:02 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: <8868AD90-74D6-4356-B540-816CB068BEDC@shockey.us> Content-Type: multipart/alternative; boundary="------------070009090806070600040307" Archived-At: Subject: Re: [stir] A few comments on the PASSporT Document X-BeenThere: stir@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Secure Telephone Identity Revisited List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2016 02:42:05 -0000 This is a multi-part message in MIME format. --------------070009090806070600040307 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit Of course. As I noted in the meeting at IETF95, I will produce some in the next month or so. I'm expecting implementations to produce even more. That said, the text is there now, and the list conversation has been pretty clear about what's still in motion. I hope nobody is waiting on examples before commenting or beginning implementation. RjS On 4/21/16 8:21 PM, Richard Shockey wrote: > > And please more examples. The vendor community is begining to ask > serious questions about time tables and roadmaps. The commitment to > deploy is very real. > > Where does this actually show up in the headers. What does or should > it look like? > > How this might show up on UA’s is another issue but totally out of > scope for this WG now and in the future. > > — > Richard Shockey > Shockey Consulting LLC > Chairman of the Board SIP Forum > www.shockey.us > www.sipforum.org > richardshockey.us > Skype-Linkedin-Facebook rshockey101 > PSTN +1 703-593-2683 > > > From: stir > on > behalf of Chris Wendt > > Date: Thursday, April 21, 2016 at 8:56 PM > To: Russ Housley > > Cc: IETF STIR Mail List >, Jon > Peterson > > Subject: Re: [stir] A few comments on the PASSporT Document > > >> On Apr 21, 2016, at 4:26 PM, Russ Housley > > wrote: >> >> Jon: >> >>> Thanks for these notes Russ. >>> >>>> I needed to chase a bunch of references to figure out what really >>>> goes in >>>> the iat claim. This leads me to two comments. >>>> >>>> (1) Let¹s help the reader and tell them that the iat claim contains a >>>> JSON numeric value representing the number of seconds from 1970-01-01 >>>> 00:00:00 UTC. >>> >>> Sounds good to me. That claim is defined in baseline JWS/JWT, but agreed >>> it would be helpful to informationally reiterate its syntax in the >>> PASSporT spec. >> >> Thanks. > > Agree. > >> >>>> (2) The iat claim carries the time that the token was issued. >>>> Section 7 >>>> tells that the token should be handled in a "reasonable for clock drift >>>> and transmission time.² This makes sense, but neither Section 3.2.1.1 >>>> nor Section 7 tells what ought to happen if it is determined to be >>>> stale. >>> >>> This is where the hand-off between RFC4474bis and PASSporT can be murky. >>> The behavior for SIP as a using protocol of PASSporT with regards to the >>> freshness of Date/iat is given in RFC4474bis. Other using protocols >>> might >>> want to use other means to ascertain freshness; SIP behavior really >>> comes >>> down to comparing iat with the Date header, and we don't want that >>> using-protocol-specific language to be in PASSporT. >>> >>> I can also imagine PASSporT tokens being evaluated historically, rather >>> than in real time, and the determination of "freshness" for those >>> purposes >>> might be different, or even just irrelevant. >>> >>> What we can say about iat in PASSporT though is that using protocols are >>> required to specify how they determine freshness (like, what they >>> compare >>> it to). Would that make sense as a way to approach this? >> >> Yes, that makes sense to me. > > Agree. > >> >>>> The syntax of the mky claim seems to go against a JOSE design >>>> principle. >>>> JOSE used very compact representations for everything. However, >>>> the mky >>>> claim uses a whole lot of colons. This leads to a third comment. >>>> >>>> (3) To align with the JOSE principle, should the mky claim syntax use a >>>> hex string or a base64 string to carry the hash values. >>> >>> Jonathan Lennox provided some compelling reasons for us to move mky to a >>> JSON array format, similar to what WebRTC has done (so it's clear which >>> keys can match to which m= lines in SDP, say). That at least was my >>> take-away from the discussions around this in Buenos Aires. Would >>> that be >>> satisfactory for you? >> >> I think so. > > So, Jon, the idea is to use this format? > > { > "fingerprint": [ { > "algorithm": "sha-256", > "digest": "4A:AD:B9:B1:3F:...:E5:7C:AB" > }, { > "algorithm": "sha-1", > "digest": "74:E9:76:C8:19:...:F4:45:6B" > } ] > } > > (from 5.6.4) in draft-ietf-rtcweb-security-arch-11 > > I’m not sure that addresses the size part, do we need the colon’s as > Russ suggests? > Maybe use smaller key’s? > > { > "fp": [ { > "alg": "sha-256", > "dgst": "4AADB9B13F...E57CAB" > }, { > "alg": "sha-1", > "dgst": "74E976C819...F4456B" > } ] > } > > > Could do even further encoding of fingerprint to reduce size as > suggested in https://webrtchacks.com/the-minimum-viable-sdp/ > > Thoughts? > > > > > _______________________________________________ stir mailing list > stir@ietf.org > https://www.ietf.org/mailman/listinfo/stir > > > _______________________________________________ > stir mailing list > stir@ietf.org > https://www.ietf.org/mailman/listinfo/stir --------------070009090806070600040307 Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: 8bit Of course.

As I noted in the meeting at IETF95, I will produce some in the next month or so. I'm expecting implementations to produce even more.

That said, the text is there now, and the list conversation has been pretty clear about what's still in motion. I hope nobody is waiting on examples before commenting or beginning implementation.

RjS

On 4/21/16 8:21 PM, Richard Shockey wrote:

And please more examples.  The vendor community is begining  to ask serious questions about time tables and roadmaps.  The commitment to deploy is very real. 

Where does this actually show up in the headers. What does or should it look like? 

How this might show up on UA’s is another issue but totally out of scope for this WG now and in the future. 

— 
Richard Shockey
Shockey Consulting LLC
Chairman of the Board SIP Forum
richard<at>shockey.us
Skype-Linkedin-Facebook rshockey101
PSTN +1 703-593-2683


From: stir <stir-bounces@ietf.org> on behalf of Chris Wendt <chris-ietf@chriswendt.net>
Date: Thursday, April 21, 2016 at 8:56 PM
To: Russ Housley <housley@vigilsec.com>
Cc: IETF STIR Mail List <stir@ietf.org>, Jon Peterson <jon.peterson@neustar.biz>
Subject: Re: [stir] A few comments on the PASSporT Document


On Apr 21, 2016, at 4:26 PM, Russ Housley <housley@vigilsec.com> wrote:

Jon:

Thanks for these notes Russ.

I needed to chase a bunch of references to figure out what really goes in
the iat claim.  This leads me to two comments.

(1)  Let¹s help the reader and tell them that the iat claim contains a
JSON numeric value representing the number of seconds from 1970-01-01
00:00:00 UTC.

Sounds good to me. That claim is defined in baseline JWS/JWT, but agreed
it would be helpful to informationally reiterate its syntax in the
PASSporT spec.

Thanks.

Agree.


(2) The iat claim carries the time that the token was issued.  Section 7
tells that the token should be handled in a "reasonable for clock drift
and transmission time.²  This makes sense, but neither Section 3.2.1.1
nor Section 7 tells what ought to happen if it is determined to be stale.

This is where the hand-off between RFC4474bis and PASSporT can be murky.
The behavior for SIP as a using protocol of PASSporT with regards to the
freshness of Date/iat is given in RFC4474bis. Other using protocols might
want to use other means to ascertain freshness; SIP behavior really comes
down to comparing iat with the Date header, and we don't want that
using-protocol-specific language to be in PASSporT.

I can also imagine PASSporT tokens being evaluated historically, rather
than in real time, and the determination of "freshness" for those purposes
might be different, or even just irrelevant.

What we can say about iat in PASSporT though is that using protocols are
required to specify how they determine freshness (like, what they compare
it to). Would that make sense as a way to approach this?

Yes, that makes sense to me.

Agree.


The syntax of the mky claim seems to go against a JOSE design principle.
JOSE used very compact representations for everything.  However, the mky
claim uses a whole lot of colons.  This leads to a third comment.

(3) To align with the JOSE principle, should the mky claim syntax use a
hex string or a base64 string to carry the hash values.

Jonathan Lennox provided some compelling reasons for us to move mky to a
JSON array format, similar to what WebRTC has done (so it's clear which
keys can match to which m= lines in SDP, say). That at least was my
take-away from the discussions around this in Buenos Aires. Would that be
satisfactory for you?

I think so.

So, Jon, the idea is to use this format?

{
       "fingerprint": [ {
         "algorithm": "sha-256",
         "digest": "4A:AD:B9:B1:3F:...:E5:7C:AB"
       }, {
         "algorithm": "sha-1",
         "digest": "74:E9:76:C8:19:...:F4:45:6B"
       } ]
     }

(from 5.6.4) in draft-ietf-rtcweb-security-arch-11

I’m not sure that addresses the size part, do we need the colon’s as Russ suggests?
Maybe use smaller key’s?

{
       "fp": [ {
         "alg": "sha-256",
         "dgst": "4AADB9B13F...E57CAB"
       }, {
         "alg": "sha-1",
         "dgst": "74E976C819...F4456B"
       } ]
     }


Could do even further encoding of fingerprint to reduce size as suggested in https://webrtchacks.com/the-minimum-viable-sdp/

Thoughts?




_______________________________________________ stir mailing list stir@ietf.org https://www.ietf.org/mailman/listinfo/stir 

_______________________________________________
stir mailing list
stir@ietf.org
https://www.ietf.org/mailman/listinfo/stir

--------------070009090806070600040307--