Re: [stir] Third WGLC: draft-ietf-stir-passport-rcd-12

Chris Wendt <chris-ietf@chriswendt.net> Fri, 10 September 2021 00:27 UTC

Return-Path: <chris-ietf@chriswendt.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA4BA3A0940 for <stir@ietfa.amsl.com>; Thu, 9 Sep 2021 17:27:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=chriswendt-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2EV2RE79GU1j for <stir@ietfa.amsl.com>; Thu, 9 Sep 2021 17:27:29 -0700 (PDT)
Received: from mail-qt1-x831.google.com (mail-qt1-x831.google.com [IPv6:2607:f8b0:4864:20::831]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EA573A094C for <stir@ietf.org>; Thu, 9 Sep 2021 17:27:27 -0700 (PDT)
Received: by mail-qt1-x831.google.com with SMTP id s15so3230806qta.10 for <stir@ietf.org>; Thu, 09 Sep 2021 17:27:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chriswendt-net.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=vl42aRdpa6Es0IIr3mzCHVGD+SzKdn0RKnhmPqI6898=; b=TfYjInf/js+zrWUjoc/cx/9Kw6lsxDLRBy9asyJNlEkkThkvCw1J7vixUkAk6FDLm1 nHXOMViIj9rGvONFIw294dV2q9sEBaPAbG8wTvKFPct0azk8rXx7s5LMttnMy+IzgsAW U/00cn3G2ipXizvXQqPK8hNiUbEWKR7n+UeXICikPUQhjX8IE56K15vOEWtl6OsvEAKM 31zRcX3U7R7wlYdI/gkwQqzwEyrs7Mu0JEykoBi3pgGSeI1BLwbRWHR86AkDLi8ihzBX Jl7QIoi/RgyvXlOXJJBy7AtPLY+mdwZidMKJNEFyWzx6NNYUmc8upa/JBWGwEMqpkNEU qo6A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=vl42aRdpa6Es0IIr3mzCHVGD+SzKdn0RKnhmPqI6898=; b=5AlKidpzpIORMxafU74OGnzWNREI4pPBbX61iGa7AA0a9BZ4ECzxn2igDtfcorzAKy JF2XL/RYk4jG3xgN4IciwGTo8qwD3P999CehU/UJ1j/Mfern8adsshngCqI5hPTsCzm6 a22AAPOq17EZoxpJX50N+eyX74NHrIa9UvocTjFASQIIaY7QQYPzvpb96yVXfDTi939Y ERI7JImYmWiksA+6ef4+LcfGrgndkGLiL0WZn2gl95UbBitxrhUv9UiODZ53DoE9V0tV CY36ASKLFy00A7qapeVnSU97kZS4cNOVaD9QvqOZEJGAtNYmy2RU/mvXlVqwfd1vrQ5G W6cg==
X-Gm-Message-State: AOAM533M8dlPrIFOEoGVDI2BoFN9+ZmDm+TjXZCjSnEtXREZq4nTChvd xMasgwnAfZSOz9oxIWRkgg7bIw==
X-Google-Smtp-Source: ABdhPJygmsyppEYcehwucR+BfYWFYhRPmmMTh3UMX57wdx/nduqmVtjgYOIcMADU7nykGVPcIeZYdg==
X-Received: by 2002:ac8:4149:: with SMTP id e9mr5604709qtm.249.1631233645097; Thu, 09 Sep 2021 17:27:25 -0700 (PDT)
Received: from smtpclient.apple ([2607:fb90:623b:8a2c:c020:1086:a223:ac37]) by smtp.gmail.com with ESMTPSA id z21sm2151134qts.27.2021.09.09.17.27.23 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 09 Sep 2021 17:27:24 -0700 (PDT)
From: Chris Wendt <chris-ietf@chriswendt.net>
Message-Id: <4869F8BC-BF1D-4DB3-B2E0-3047CB41301F@chriswendt.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_EBAF0B30-3926-4DA9-8C29-4D32E8F6CC42"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
Date: Thu, 9 Sep 2021 20:27:22 -0400
In-Reply-To: <7B072388-9236-4845-996D-1ECE52EC1557@nostrum.com>
Cc: Jon Peterson <jon.peterson@team.neustar>, IETF STIR Mail List <stir@ietf.org>
To: Ben Campbell <ben@nostrum.com>
References: <ACBAF452-EC41-4EAF-8ED1-AFF705671D19@vigilsec.com> <7B072388-9236-4845-996D-1ECE52EC1557@nostrum.com>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/_7vrsE5--_bWWQLWdnXoBWvV6To>
Subject: Re: [stir] Third WGLC: draft-ietf-stir-passport-rcd-12
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Sep 2021 00:27:35 -0000

HI Ben,

Thanks for the review!  Comments inline:

> On Aug 13, 2021, at 6:01 PM, Ben Campbell <ben@nostrum.com> wrote:
> 
> (No Hats)
> 
> I have a few comments. The biggest one is I think we need more explanation of verifier behavior for JWTClaimConstraints and RCDi. The rest are pretty minor and hopefully easy to address.
> 
> Thanks!
> 
> Ben.
> 
> Substantive:
> 
> General:
> 
> I still have some questions about expected verifier behavior after multiple passes. I think that the verification service discussion should be expanded to address the following:
> Is a verifier _required_ to verify that all claims are valid according to any JWTClaimConstraints? What does it mean if a given claim violates the constraints? Is the whole ppt considered invalid and discarded? Can relying parties still use parts of the passport that were either not constrained or did not violate the constraints?
> Same questions for RCDi digest verification.
> If RCDi digest verification is optional, does that change if there is a claim constraint on it? 
The simple answer is that we think the entire PASSporT validation should fail if any part of it fails validation either because of signature, JWTConstraint, or rcdi integrity failure.  I will add text to make this clear.

> For an example use case related to these questions. Imagine a SHAKEN environment, where the caller UA signs an RCD passport with a delegate-certificate. The cert has JWTClaimConstraints for the “rcd” and “rcdi” claims. The UA also includes an rcdi claim, because the “rcd” claim points to an external icon.
> 
> The UA forwards the INVITE to an originating service provider (OSP). The OSP doesn’t care what’s in the “rcd” claims. All it wants to do is see that the call is signed with the private key associated with the caller’s certificate and verify that the cert has a TNAuthList extension that encompasses the number in the From header field. If that is true, the OSP adds it’s own SHAKEN passport with full attestation and forwards the INVITE to a Terminating Service Provider (TSP) with both passports.   As far as the OSP is concerned, it’s the TSP’s problem to verify the RCD bits.
> 
> Would the OSP be required to verify the JWTClaimConstraints and RCDi digest in this case? Consider that verifying the RCDI digest probably requires downloading an icon from a potentially arbitrary source, which the OSP might not be willing to do.

I agree that in case of SHAKEN, OSP at a minimum only cares about telephone number for STI-VS and uses the delegate certificate TNAuthList telephone number and ‘orig’/From/Paid to determine attestation level.  That said, i think the mechanics of what OSP or TSP do with a delegate cert is a SHAKEN concept and doesn’t need to be addressed in the ‘rcd’ draft, so i’d prefer to leave that to IPNNI documents.

> 
> §2: So we’re sticking with that RFC 6919 reference? :-)   (But seriously, we should probably us RFC 8174 boilerplate.)

Updated 

> 
> §5.1.1: “This key MUST be included once and MUST be included as part of the "rcd"  claim value JSON object.“
> 
> That second MUST seems non-constraining. I’m not sure where else one might put it.

Removed second MUST

> 
> §6: “implementations MUST support the following hash algorithms, "SHA256", "SHA384", or "SHA512”.”
> Should “or” be “and”?

changed to and

> 
> §6.1, last paragraph (list item 3):
> 
> The previous paragraph requires JSOn serialization for by-value JSON strings. List item 3 does not appear to require serialization of referenced JSON objects. Is that intentional?

Added this: "If the URI referenced content is JSON formatted, follow the procedures defined in list item 2 above."
> 
> Should the “should” in “If the content is binary format it should be Base64 encoded“ be normative?

I actually made it a MUST but also other text was modified/clarified based on comments from Jack R.

> 
> §8.1: Does you envision a use case where one might want to constrain a claim value if it is present, but it’s okay for it to not be present at all?

Yes, i believe that is handled by not having a “mustInclude” for the claim, but having “permittedValues” for the constrained claim value.

> 
> §10.2: “… so if "rcdi" is required compact form should not be used.”
> 
> Should that be a normative SHOULD? Or maybe MUST?

Yes MUST NOT, fixed

> 
> §14.2: “ Optionally, if there exists a Call-Info header field…”
> 
> Is this really “optional”? Is the verifier expected to know whether the AS included information from the Call-Info field in the signature?

Yes, correct, removed word Optionally and replaced with "Additionally"

> 
> §18, last paragraph:
> 
> This recommends that the creator of an rcdi claim “detect evil” on any referenced content, to avoid sending things might be harmful to the verifier. Shouldn’t the verifier also check that? It seems dangerous for the verifier to trust that the sender got this right.
> 
> Along those lines, I wonder if there is something we can reference for server-side request forgery attack mitigation? (I don’t know of anything offhand.)

I put a note at the end to reference that verification services should use precautions to avoid attacks based on accessing URI linked content.

> 
> Editorial:
> 
> §4, first paragraph: “… there should be the desire to pre-certify or "vet" the specific use of rich call data. “
> 
> Is “should” the right word here? Do we mean to suggest that this pre-certification is really something one should do vs something one _might_ do?  (I recognize its not normative, but even a non-normative should carries a moral judgement.)

Changed to might, i think you are right we can’t exactly be normative, even though most applications hopefully would desire vetting of RCD content.

> 
> §5.1.3: “The jCard object value referenced in the URI value for "jcl" MUST only have referenced content for URI values that do not further reference URIs. “
> 
> That’s a little hard to parse—maybe it would be better constructed as a “MUST NOT”?

:) yeah that was a tough sentence, changed to "The jCard object referenced by the URI value for "jcl" MUST NOT contain any further referenced content (i.e. URIs as values in the referenced jCard object)”

> 
> §6.1: “avoid any possibility of substitution or insertion attacks that may be possible to avoid integrity detection, even though unlikely. “
> 
> I suggest avoiding predictions of likelihood here, since we already specify a countermeasure.

Removed 

> 
> 
>> On Jul 29, 2021, at 2:19 PM, Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com>> wrote:
>> 
>> As we discussed on the IETF 111 session today, significant changes were made to address concerns that were raised during the second WGLC.
>> 
>> This note begins a third WGLC for draft-ietf-stir-passport-rcd-12 (PASSporT Extension for Rich Call Data).  See https://datatracker.ietf.org/doc/draft-ietf-stir-passport-rcd/ <https://datatracker.ietf.org/doc/draft-ietf-stir-passport-rcd/>.
>> 
>> Please send reviews to the STIR mail list by the end of day 19 August 2021.
>> 
>> Russ and Robert
>> _______________________________________________
>> stir mailing list
>> stir@ietf.org <mailto:stir@ietf.org>
>> https://www.ietf.org/mailman/listinfo/stir
>