Re: [stir] [Technical Errata Reported] RFC8224 (6519)
Marc Petit-Huguenin <marc@petit-huguenin.org> Wed, 07 April 2021 22:03 UTC
Return-Path: <marc@petit-huguenin.org>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F4D53A2B77 for <stir@ietfa.amsl.com>; Wed, 7 Apr 2021 15:03:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bhxLoB9W9l9z for <stir@ietfa.amsl.com>; Wed, 7 Apr 2021 15:03:10 -0700 (PDT)
Received: from implementers.org (implementers.org [92.243.22.217]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 507893A2B76 for <stir@ietf.org>; Wed, 7 Apr 2021 15:03:09 -0700 (PDT)
Received: from [IPv6:2601:648:8400:8e7d:d250:99ff:fedf:93cd] (unknown [IPv6:2601:648:8400:8e7d:d250:99ff:fedf:93cd]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "Marc Petit-Huguenin", Issuer "implementers.org" (verified OK)) by implementers.org (Postfix) with ESMTPS id 1F324AE255; Thu, 8 Apr 2021 00:03:05 +0200 (CEST)
To: Roman Shpount <roman@telurix.com>
Cc: Christer Holmberg <christer.holmberg@ericsson.com>, "fluffy@cisco.com" <fluffy@cisco.com>, "ekr@rtfm.com" <ekr@rtfm.com>, "jon.peterson@neustar.biz" <jon.peterson@neustar.biz>, "housley@vigilsec.com" <housley@vigilsec.com>, "stir@ietf.org" <stir@ietf.org>, "superuser@gmail.com" <superuser@gmail.com>, "chris-ietf@chriswendt.net" <chris-ietf@chriswendt.net>, "rjsparks@nostrum.com" <rjsparks@nostrum.com>, Francesca Palombini <francesca.palombini@ericsson.com>, RFC Errata System <rfc-editor@rfc-editor.org>
References: <20210406052047.50377F4079F@rfc-editor.org> <AM0PR07MB38602368B3ED807C9969F8DD93759@AM0PR07MB3860.eurprd07.prod.outlook.com> <CAD5OKxtinuycq+QHamaPx9OJYY6ZTe8-Ki-7HdrHzR4sR_RTiw@mail.gmail.com> <c75e736f-58c4-0783-b37b-6be20231ecad@petit-huguenin.org> <CAD5OKxvdwE9E-GSaUYLUJRU-Z3A2tCGstcJq=mVh=BGEJR70gg@mail.gmail.com> <b0c290dd-04ae-b593-c284-2bbdb7b18430@petit-huguenin.org> <CAD5OKxs0tXhmCMO5LPbNETf1wfyw6MuZfaSSzh=hGmyzdagWKA@mail.gmail.com>
From: Marc Petit-Huguenin <marc@petit-huguenin.org>
Message-ID: <0e0bb2a8-1945-ae3b-cd6b-81fc299856ba@petit-huguenin.org>
Date: Wed, 07 Apr 2021 15:03:03 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.9.0
MIME-Version: 1.0
In-Reply-To: <CAD5OKxs0tXhmCMO5LPbNETf1wfyw6MuZfaSSzh=hGmyzdagWKA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/btA8A0AeVaGI1JfZNgQ8DzFhLYg>
X-Mailman-Approved-At: Thu, 08 Apr 2021 08:24:20 -0700
Subject: Re: [stir] [Technical Errata Reported] RFC8224 (6519)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Apr 2021 22:03:16 -0000
On the subject of origid, we could have used the local part of a Session-ID instead (RFC 7989), which would have been far more useful, IMO. On 4/7/21 2:51 PM, Roman Shpount wrote: > If we were to fix things, I would suggest making the Date header optional > and putting "iat" in the Identity header instead. This, together with > putting attest and origid claims in Identity extension params, would allow > using compact digest and cutting a few hundred bytes out of the INVITE. As > things stand right now, all INVITE messages with shaken extension are over > the UDP MTU, causing major breakage in telephone networks as they are being > deployed. > _____________ > Roman Shpount > > > On Wed, Apr 7, 2021 at 5:18 PM Marc Petit-Huguenin <marc@petit-huguenin.org> > wrote: > >> On 4/7/21 2:06 PM, Roman Shpount wrote: >>> All the registered Personal Assertion Tokens are tokens: >>> https://www.iana.org/assignments/passport/passport.xhtml. >>> >>> There is nothing in RFC8225 that limits the ppt header parameter's value, >>> so to be compatible, ident-type = "ppt" EQUAL (token / quoted-string) is >>> correct. This, however, does not reflect the decision to always put >> quotes >>> around the ppt value from IETF 101. >>> >>> If this were up to me, I would say that the original ABNF is correct and >>> all the other documents and implementation which put quotes around the >> ppt >>> value are wrong. After all, these quotes serve no purpose except using >>> extra two bytes. Furthermore, there is no reason the use anything except >>> tokens to identify PASSporT Extensions. >> >> I agree. >> >>> >>> I would also like to point out that the definition of info parameter is >>> also problematic since it is not a valid generic-param: >>> ident-info = "info" EQUAL ident-info-uri >>> ident-info-uri = LAQUOT absoluteURI RAQUOT >>> >>> A quoted-string should have been used for the info, not the LAQUOT >>> absoluteURI RAQUOT. >> >> Good point. >> >> There is also the issue that an Identity header should have supported the >> use of repetition using COMMA, now the we can have multiple Identity >> headers in a message. Here we have to make it an exception, must like for >> the various authorization headers. >> >>> >>> I assume it is too late to fix either of these things. >>> _____________ >>> Roman Shpount >>> >>> >>> On Wed, Apr 7, 2021 at 3:25 PM Marc Petit-Huguenin < >> marc@petit-huguenin.org> >>> wrote: >>> >>>> Hi Roman, >>>> >>>> On 4/7/21 9:18 AM, Roman Shpount wrote: >>>>> Hi Christer, >>>>> >>>>> This is exactly the issue. ATIS documents and other RFCs like rfc8946 >> use >>>>> ppt with a quoted token. >>>> >>>> Shouldn't the ABNF now be, to be compatible with non-SHAKEN >>>> implementations, this: >>>> >>>> ident-type = "ppt" EQUAL (token / quoted-string) >>>> >>>>> >>>>> Also, according to IETF 101 STIR notes (which you took), the ppt >>>>> token value should always be quoted. I am not sure why it needed to be >>>>> quoted (I think this is wrong), but that was the decision. >>>>> _____________ >>>>> Roman Shpount >>>>> >>>>> >>>>> On Wed, Apr 7, 2021 at 11:23 AM Christer Holmberg < >>>>> christer.holmberg@ericsson.com> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> I have not been involved in the discussions, so my apologies for >> asking >>>>>> something that have been discussed already, but what is the reason for >>>> the >>>>>> change? If you anyway are only going to allow "token" characters, why >>>> the >>>>>> quotes? Is the only reason to align with how the parameter is used in >>>> other >>>>>> specs? >>>>>> >>>>>> Regards, >>>>>> >>>>>> Christer >>>>>> >>>>>> >>>>>> -----Original Message----- >>>>>> From: stir <stir-bounces@ietf.org> On Behalf Of RFC Errata System >>>>>> Sent: tiistai 6. huhtikuuta 2021 8.21 >>>>>> To: jon.peterson@neustar.biz; fluffy@cisco.com; ekr@rtfm.com; >>>>>> chris-ietf@chriswendt.net; superuser@gmail.com; Francesca Palombini < >>>>>> francesca.palombini@ericsson.com>; rjsparks@nostrum.com; >>>>>> housley@vigilsec.com >>>>>> Cc: stir@ietf.org; roman@telurix.com; rfc-editor@rfc-editor.org >>>>>> Subject: [stir] [Technical Errata Reported] RFC8224 (6519) >>>>>> >>>>>> The following errata report has been submitted for RFC8224, >>>> "Authenticated >>>>>> Identity Management in the Session Initiation Protocol (SIP)". >>>>>> >>>>>> -------------------------------------- >>>>>> You may review the report below and at: >>>>>> >>>>>> >>>> >> https://protect2.fireeye.com/v1/url?k=ac0542ba-f39e7bbf-ac050221-86959e472243-713aff0f88c18be4&q=1&e=6be2f688-f156-4c8b-953f-2bec6cf24d76&u=https%3A%2F%2Fwww.rfc-editor.org%2Ferrata%2Feid6519 >>>>>> >>>>>> -------------------------------------- >>>>>> Type: Technical >>>>>> Reported by: Roman Shpount <roman@telurix.com> >>>>>> >>>>>> Section: 4 >>>>>> >>>>>> Original Text >>>>>> ------------- >>>>>> ident-type = "ppt" EQUAL token >>>>>> >>>>>> Corrected Text >>>>>> -------------- >>>>>> ident-type = "ppt" EQUAL DQUOTE token DQUOTE >>>>>> >>>>>> Notes >>>>>> ----- >>>>>> Based on IETF 101 STIR notes ptr= values should always be quoted. >> Also, >>>>>> ATIS-1000074 is using double quotes around ppt value. >>>>>> >>>>>> Instructions: >>>>>> ------------- >>>>>> This erratum is currently posted as "Reported". If necessary, please >> use >>>>>> "Reply All" to discuss whether it should be verified or rejected. >> When a >>>>>> decision is reached, the verifying party can log in to change the >> status >>>>>> and edit the report, if necessary. >>>>>> >>>>>> -------------------------------------- >>>>>> RFC8224 (draft-ietf-stir-rfc4474bis-16) >>>>>> -------------------------------------- >>>>>> Title : Authenticated Identity Management in the Session >>>>>> Initiation Protocol (SIP) >>>>>> Publication Date : February 2018 >>>>>> Author(s) : J. Peterson, C. Jennings, E. Rescorla, C. Wendt >>>>>> Category : PROPOSED STANDARD >>>>>> Source : Secure Telephone Identity Revisited >>>>>> Area : Applications and Real-Time >>>>>> Stream : IETF >>>>>> Verifying Party : IESG >>>>>> >> >> -- >> Marc Petit-Huguenin >> Email: marc@petit-huguenin.org >> Blog: https://marc.petit-huguenin.org >> Profile: https://www.linkedin.com/in/petithug >> > -- Marc Petit-Huguenin Email: marc@petit-huguenin.org Blog: https://marc.petit-huguenin.org Profile: https://www.linkedin.com/in/petithug
- [stir] [Technical Errata Reported] RFC8224 (6519) RFC Errata System
- Re: [stir] [Technical Errata Reported] RFC8224 (6… Cullen Jennings
- Re: [stir] [Technical Errata Reported] RFC8224 (6… Cullen Jennings
- Re: [stir] [Technical Errata Reported] RFC8224 (6… Roman Shpount
- Re: [stir] [Technical Errata Reported] RFC8224 (6… Christer Holmberg
- Re: [stir] [Technical Errata Reported] RFC8224 (6… Roman Shpount
- Re: [stir] [Technical Errata Reported] RFC8224 (6… Marc Petit-Huguenin
- Re: [stir] [Technical Errata Reported] RFC8224 (6… Christer Holmberg
- Re: [stir] [Technical Errata Reported] RFC8224 (6… Roman Shpount
- Re: [stir] [Technical Errata Reported] RFC8224 (6… Marc Petit-Huguenin
- Re: [stir] [Technical Errata Reported] RFC8224 (6… Roman Shpount
- Re: [stir] [Technical Errata Reported] RFC8224 (6… Marc Petit-Huguenin
- Re: [stir] [Technical Errata Reported] RFC8224 (6… Roman Shpount