[stir] Few thoughts on rfc4474bis
Anton Tveretin <tveretinas@yandex.ru> Wed, 02 March 2016 08:30 UTC
Return-Path: <tveretinas@yandex.ru>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB80E1A8AF4 for <stir@ietfa.amsl.com>; Wed, 2 Mar 2016 00:30:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.7
X-Spam-Level:
X-Spam-Status: No, score=0.7 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HlFEfEeUusaJ for <stir@ietfa.amsl.com>; Wed, 2 Mar 2016 00:30:19 -0800 (PST)
Received: from forward14p.cmail.yandex.net (forward14p.cmail.yandex.net [IPv6:2a02:6b8:0:1465::be]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D55681A8AF2 for <stir@ietf.org>; Wed, 2 Mar 2016 00:30:18 -0800 (PST)
Received: from web26j.yandex.ru (web26j.yandex.ru [IPv6:2a02:6b8:0:1619::326]) by forward14p.cmail.yandex.net (Yandex) with ESMTP id 0512C2186C for <stir@ietf.org>; Wed, 2 Mar 2016 11:30:10 +0300 (MSK)
Received: from web26j.yandex.ru (localhost [127.0.0.1]) by web26j.yandex.ru (Yandex) with ESMTP id 5C322558166D; Wed, 2 Mar 2016 11:30:10 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1456907410; bh=y7RtOwKuINZVdCpL277n5MMQetrq7EyEMvw5s6iD4n8=; h=From:To:Subject:Date; b=v6tqhiBYHbYSRlRsFXabxkq3sN+QrZvlojS8bVJMunKDduK13WVaGgxir1JPVWUro EGP0PIMW9xkwDpFYJ3ZQYgSYVc3LvD4XF+u9j4vvDwSgAJ2+qMUeoobH9ZorNEht+l bFFEIlhpOcMULIivdQCHDIBq6Zo7qSp/rcOPfosA=
Received: by web26j.yandex.ru with HTTP; Wed, 02 Mar 2016 11:30:09 +0300
From: Anton Tveretin <tveretinas@yandex.ru>
To: "stir@ietf.org" <stir@ietf.org>
MIME-Version: 1.0
Message-Id: <8330911456907409@web26j.yandex.ru>
X-Mailer: Yamail [ http://yandex.ru ] 5.0
Date: Wed, 02 Mar 2016 13:30:09 +0500
Content-Transfer-Encoding: 7bit
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/stir/bZ4Lywxr4OWOwAwobb-7M1VwasM>
Subject: [stir] Few thoughts on rfc4474bis
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2016 08:30:22 -0000
Hello All, Currently, we consider no distinction between "public" and "private" networks. Public network operator is regulated and licensed. UNI (i.e. the interface between a public network and its user, which may be a private network) has asymmetric trust, it is expected that the user trusts the network, but the network doesn't trust its user. (Think not of malicious clients but misconfigured equipment which might put the entire network at risk.) As far as I understand, the public network MUST NOT reject a call just because its source is unidentified. This is inconsistent with current I-D (verifier MUST reject some calls). I suggest some rewording...as According to local policy and regulations, the verifier either: rejects the call (in public networks, this is allowed only when explicitly requested by user), or marks the call by removing Identity header and adding a Warning header (default for public networks), or does nothing. Regards, Anton.
- [stir] Few thoughts on rfc4474bis Anton Tveretin
- Re: [stir] Few thoughts on rfc4474bis Peterson, Jon