IETF Logo Mail Archive

Re: [stir] Interop related topics for STIR

Russ Housley <housley@vigilsec.com> Tue, 13 July 2021 18:57 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EB433A0CB3 for <stir@ietfa.amsl.com>; Tue, 13 Jul 2021 11:57:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wXehifO4ivlO for <stir@ietfa.amsl.com>; Tue, 13 Jul 2021 11:57:23 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB7313A0CB2 for <stir@ietf.org>; Tue, 13 Jul 2021 11:57:23 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 049F9300232 for <stir@ietf.org>; Tue, 13 Jul 2021 14:57:23 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id WNw62RtrEIhk for <stir@ietf.org>; Tue, 13 Jul 2021 14:57:17 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id 072D1300B9F; Tue, 13 Jul 2021 14:57:16 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <62682C90-8635-42B4-8D04-A89243ED54FF@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_FFB7AA52-4257-434B-BDBB-D56D6FC064C7"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Tue, 13 Jul 2021 14:57:16 -0400
In-Reply-To: <CAD5OKxsQ+WO6zPcF49_DZV+DdxuNZJbSVWJtaRCTUqHAf2t80g@mail.gmail.com>
Cc: IETF STIR Mail List <stir@ietf.org>
To: Roman Shpount <roman@telurix.com>
References: <2C876D56-5E92-462F-890D-383076B91233@vigilsec.com> <CAD5OKxtE=W=wg8FDOC=yOqB6cHEAf5hoLWArvs6ysoeaWsxZMQ@mail.gmail.com> <8C2E746A-2B02-44CD-99F0-CA55C4051818@vigilsec.com> <CAD5OKxsQ+WO6zPcF49_DZV+DdxuNZJbSVWJtaRCTUqHAf2t80g@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/c2CAMo-CCk58Mbz8RG8IrYYa5W8>
Subject: Re: [stir] Interop related topics for STIR
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jul 2021 18:57:28 -0000

Roman:

Assuming that others agree with the way forward, it seems that 1-3 are the start of 8224bis, and it seems that 4 might be a new Operational Considerations in 8224bis.

Again, assuming agreement on the way forward, 8226bis should reflect real implementation.  That said, 8226 also envisions finer granularity than we have seen so far.

I think a STIR Torture Test document would be very valuable.

Russ


> On Jul 13, 2021, at 2:41 PM, Roman Shpount <roman@telurix.com> wrote:
> 
> I am moving this into a new thread.
> 
> So far the following RFC8224 issues were identified:
> 
> 1. Errata regarding quotes in ppt value (Errata ID: 6519). Need to verify that both ppt values with and without quotes are supported when Identity header is received
> 
> 2. Date header is required. It should probably be optional since the information there is redundant when the Full-Form PASSportT is used. Several known implementations omit it.
> 
> 3. Should it be possible to omit ident-info and ident-info-params when the Full-Form PASSportT is used? All implementations I have seen include it, but there are occasional mismatches.
> 
> 4. When SIP message is over 1300 bytes, the request MUST be sent using a congestion-controlled transport protocol such as TCP (https://datatracker.ietf.org/doc/html/rfc3261#section-18.1.1 <https://datatracker.ietf.org/doc/html/rfc3261#section-18.1.1>). Considering that the Identity header is typically around 1000 bytes, this requires all networks to start using reliable protocols which is not currently the case. There is a way to work around this for the private links where MTU is under vendor control, but for links over the public internet, this needs to be clearly stated and tested.
> 
> 5. I do not think RFC8226 reflects the actual practices for STIR certificates.
> 
> We should also consider an informational document with STIR Torture test messages as well as BCP.
> _____________
> Roman Shpount
> 
> 
> On Tue, Jul 13, 2021 at 1:57 PM Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com>> wrote:
> I think that a SIPIT would be a very good thing, but that is not and IRTF activity.  That said, I would be very happy to use this list to know about a SIPIT once it is organized.
> 
> Are there other interoperability or ops-orient topics about STIR that needed to be discussed?  If so, please start a thread.
>

v2.23.0 | Report a Bug | By Email