IETF Logo Mail Archive

Re: [stir] current draft charter

Dave Crocker <dhc2@dcrocker.net> Sun, 16 June 2013 17:53 UTC

Return-Path: <dhc2@dcrocker.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83BD821F9C25 for <stir@ietfa.amsl.com>; Sun, 16 Jun 2013 10:53:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.572
X-Spam-Level:
X-Spam-Status: No, score=-6.572 tagged_above=-999 required=5 tests=[AWL=0.027, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YK-r05QhRsDw for <stir@ietfa.amsl.com>; Sun, 16 Jun 2013 10:53:20 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by ietfa.amsl.com (Postfix) with ESMTP id E794E21F9B12 for <stir@ietf.org>; Sun, 16 Jun 2013 10:53:20 -0700 (PDT)
Received: from [192.168.1.66] (76-218-9-215.lightspeed.sntcca.sbcglobal.net [76.218.9.215]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id r5GHrH4Q017999 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 16 Jun 2013 10:53:20 -0700
Message-ID: <51BDFB81.5030502@dcrocker.net>
Date: Sun, 16 Jun 2013 10:53:05 -0700
From: Dave Crocker <dhc2@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6
MIME-Version: 1.0
To: Hadriel Kaplan <hadriel.kaplan@oracle.com>
References: <CDDFBB7C.1F827%jon.peterson@neustar.biz> <51BDEA03.90808@dcrocker.net> <259384BE-383F-4D1A-81F1-6F7853B7FE61@oracle.com>
In-Reply-To: <259384BE-383F-4D1A-81F1-6F7853B7FE61@oracle.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Sun, 16 Jun 2013 10:53:20 -0700 (PDT)
Cc: "stir@ietf.org" <stir@ietf.org>
Subject: Re: [stir] current draft charter
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stir>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Jun 2013 17:53:25 -0000

On 6/16/2013 10:39 AM, Hadriel Kaplan wrote:
> On Jun 16, 2013, at 12:38 PM, Dave Crocker <dhc2@dcrocker.net>
> wrote:
>> Better still is that it's the entity making the assertion that
>> tells the verifier where to look for verification information...
>> What's seems to be missing from the text in RFC 4474 is how the
>> verifier can tell whether the credential is a valid authorization
>> for use of the From field value.
...
> I think the general idea was a DKIM-like model, so if the From field
> value is 'bob@foo.com', then you check the cert it points you to is
> for foo.com and signed by a CA you trust.  That works for email-style

We're in a space that requires quite a bit of care and precision, so 
forgive my pedantry when I note that DKIM does not have anything to do 
with the address in the rfc5322.From field, contrary to popular beliefs.[*]

DKIM has its own identifier field (the d= parameter of the 
DKIM-Signature header field).  It's entirely independent of all other 
identification information in the message.  But note that DKIM semantics 
are completely different than what is proposed for STIR.  The signer in 
DKIM merely asserts "some responsibility" for the message; this 
pointedly does /not/ include validating any of the message content, such 
as the From: address.

The more recent DMARC, on the other hand, does assert "alignment" 
between the d= value and the From: field domain.  However DMARC is 
intended for narrow use.  In particular, it does not work for messages 
that get re-posted, such as mailing lists.  I think that such cases 
match concerns for SIP/PSTN gateways.



> So one proposal so far is that there would be certs which identify
> the E.164 numbers they're authoritative for (in a CN/SAN field for
> example), and that cert would be signed by some CA (or chain leading
> to one) that you trust.  If it's a chain rather than directly signed
> by a CA, then it's not clear how one goes about retrieving the certs
> for the chain's links, and doing so could cause unacceptable delay.
> It also means we need revocation checks for the chain.  And I'd argue
> the management aspects for this thing would be just as difficult as
> anything else proposed so far.

Ack.  FWIW, I've always viewed the administrative requirements for DKIM 
far, far more challenging than the signing/verifying mechanisms.  After 
some years of extensive deployment experience with DKIM, my opinion has 
not changed...


d/


[*] The DKIM signing hash does include the From field, but that's 
different from using the value semantically.

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

v2.23.0 | Report a Bug | By Email