IETF Logo Mail Archive

Re: [stir] Definition of STIR

Robert Sparks <rjsparks@nostrum.com> Wed, 11 May 2022 23:07 UTC

Return-Path: <rjsparks@nostrum.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C5F1C1594A8 for <stir@ietfa.amsl.com>; Wed, 11 May 2022 16:07:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.835
X-Spam-Level:
X-Spam-Status: No, score=-3.835 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, NICE_REPLY_A=-1.857, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nostrum.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QP4YATzLNOri for <stir@ietfa.amsl.com>; Wed, 11 May 2022 16:07:00 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B597C159498 for <stir@ietf.org>; Wed, 11 May 2022 16:07:00 -0700 (PDT)
Received: from [192.168.1.114] ([47.186.48.51]) (authenticated bits=0) by nostrum.com (8.17.1/8.16.1) with ESMTPSA id 24BN6wFa095555 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for <stir@ietf.org>; Wed, 11 May 2022 18:06:58 -0500 (CDT) (envelope-from rjsparks@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1652310418; bh=oLxIvyjV8WfzB89Ab0Yoob3PU5JHP4+8+Otvh/nwwv8=; h=Date:Subject:To:References:From:In-Reply-To; b=Rjuu1IybkEQkSqWTS5oAFINthn5CeZOKpS+QZQndrOO6MHhz96ntxuTehNga3OxG8 eYM1e7NRgvYocbhlk3fDGoG46dSr1XwgbONYRsgCTlGQD9uX0RzI/TD2dbcaPBxTA9 bBvFbzm9z7J2Wt7N9Xeuujle9DxFFWzZ/6X9v424=
X-Authentication-Warning: raven.nostrum.com: Host [47.186.48.51] claimed to be [192.168.1.114]
Content-Type: multipart/alternative; boundary="------------OwpSM6j7Z4dKNiqmRODLf0xX"
Message-ID: <0acb9af0-15f2-35bd-a5ed-30a00c1afdba@nostrum.com>
Date: Wed, 11 May 2022 18:06:53 -0500
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.9.0
Content-Language: en-US
To: stir@ietf.org
References: <700E1CC1-37ED-4A26-9822-35874C925646@shockey.us> <HE1PR07MB4441A7BCA89EB795CFBA537993C89@HE1PR07MB4441.eurprd07.prod.outlook.com> <BYAPR02MB41685704706EFA588BAD1647D2C89@BYAPR02MB4168.namprd02.prod.outlook.com> <HE1PR07MB4441BB167B0AD82243F005B493C89@HE1PR07MB4441.eurprd07.prod.outlook.com>
From: Robert Sparks <rjsparks@nostrum.com>
In-Reply-To: <HE1PR07MB4441BB167B0AD82243F005B493C89@HE1PR07MB4441.eurprd07.prod.outlook.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/cB2pzNFp7mM-En3qxr6YMNsQNIc>
Subject: Re: [stir] Definition of STIR
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 May 2022 23:07:04 -0000

Hi Christer -

While I sort of see your concern, I think you may be overthinking the 
need to have a single document that says what "STIR" is?

The language that you pointed to when you started this thread could be 
restated as "The set of mechanisms beginning with RFC8224 and its 
extensions" or "The set of mechanism defined by the STIR working 
group.", or for _that particular sentence_ we can just point at a 
particular RFC.

But really, for readability even into the future, STIR is a well enough 
known acronym now that the sentence will not confuse or mislead, and 
readers will be able to follow it to the necessary documents (via the 
Normative References) to understand what the document is saying.

Charters do "last forever" fwiw. And replay your question using "RTCWEB" :)

RjS


On 5/11/22 3:20 PM, Christer Holmberg wrote:
>
> Hi,
>
> >Does it need to be in an RFC?  Maybe update the WG charter instead?
>
> I don’t think we normally define terminology in the charter. Also, as 
> the WG/charter may not “last forever”, I don’t know if we can 
> reference it.
>
> >I’m not against it being in an RFC, but don’t know if there is a need.
>
> The word “STIR” is used in many RFCs, but there is no (AFAIK) 
> definition or reference anywhere.
>
> draft-ietf-stir-identity-header-errors-handling references RFC 8224 
> for the new “STIR” Reason header protocol value.
>
> Regards,
>
> Christer
>
> *From:*Christer Holmberg <christer.holmberg@ericsson.com>
> *Sent:* Wednesday, May 11, 2022 2:23 PM
> *To:* Richard Shockey <richard@shockey.us>; Gorman, Pierce 
> <Pierce.Gorman@t-mobile.com>; stir@ietf.org
> *Subject:* RE: [stir] Definition of STIR
>
> Hi,
>
> >Pierce that about covers it…
>
> But that is not documented in any RFC, is it?
>
> Regards,
>
> Christer
>
> —
>
> Richard Shockey
>
> Shockey Consulting LLC
>
> Chairman of the Board SIP Forum
>
> www.shockey.us 
> <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-23dbbdd5eefbfe00&q=1&e=48b6436c-996f-46ce-a87e-2698911a4b52&u=https%3A%2F%2Fnam02.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fprotect2.fireeye.com%252Fv1%252Furl%253Fk%253D31323334-501d5122-313273af-454445555731-5f412a70ee7721ef%2526q%253D1%2526e%253D22e9be41-c792-4e21-b3f1-1dbc2030a2b6%2526u%253Dhttp%25253A%25252F%25252Fwww.shockey.us%25252F%26data%3D05%257C01%257CPierce.Gorman%2540t-mobile.com%257C5c67550924d244c3e9d608da3383a0d7%257Cbe0f980bdd994b19bd7bbc71a09b026c%257C0%257C0%257C637878937678535160%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3DK%252BLqzza2HfMCPkriIYoi4WcHv1J%252B6war9JFZoJLK7%252F0%253D%26reserved%3D0>
>
> www.sipforum.org 
> <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-deb9948b14faac77&q=1&e=48b6436c-996f-46ce-a87e-2698911a4b52&u=https%3A%2F%2Fnam02.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fprotect2.fireeye.com%252Fv1%252Furl%253Fk%253D31323334-501d5122-313273af-454445555731-c0bac0bf8f24fed8%2526q%253D1%2526e%253D22e9be41-c792-4e21-b3f1-1dbc2030a2b6%2526u%253Dhttp%25253A%25252F%25252Fwww.sipforum.org%25252F%26data%3D05%257C01%257CPierce.Gorman%2540t-mobile.com%257C5c67550924d244c3e9d608da3383a0d7%257Cbe0f980bdd994b19bd7bbc71a09b026c%257C0%257C0%257C637878937678535160%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3DvscARYLfbUGFWJJZvb%252Fyc7z1fuFcEEQoiaYRViVvq88%253D%26reserved%3D0>
>
> www.sipnoc.org 
> <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-b90a4960c4cbda90&q=1&e=48b6436c-996f-46ce-a87e-2698911a4b52&u=https%3A%2F%2Fnam02.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fprotect2.fireeye.com%252Fv1%252Furl%253Fk%253D31323334-501d5122-313273af-454445555731-1fa83734d4b80e09%2526q%253D1%2526e%253D22e9be41-c792-4e21-b3f1-1dbc2030a2b6%2526u%253Dhttp%25253A%25252F%25252Fwww.sipnoc.org%25252F%26data%3D05%257C01%257CPierce.Gorman%2540t-mobile.com%257C5c67550924d244c3e9d608da3383a0d7%257Cbe0f980bdd994b19bd7bbc71a09b026c%257C0%257C0%257C637878937678535160%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3DQzNJfePNVXtpyfR1hbGHC5FAv7bpmBy0PsJoaCzVhYw%253D%26reserved%3D0> 
>  (2022)
>
> richard<at>shockey.us
>
> Skype-Linkedin-Facebook –Twitter  rshockey101
>
> PSTN +1 703-593-2683
>
> *From: *stir <stir-bounces@ietf.org> on behalf of "Gorman, Pierce" 
> <Pierce.Gorman@t-mobile.com>
> *Date: *Wednesday, May 11, 2022 at 2:04 PM
> *To: *Christer Holmberg 
> <christer.holmberg=40ericsson.com@dmarc.ietf.org>, "stir@ietf.org" 
> <stir@ietf.org>
> *Subject: *Re: [stir] Definition of STIR
>
> I suppose you or others could volunteer attempts at a definition.  
> Once satisfactorily achieved, what would you do with it?  Not trying 
> to be a smart alec.  I’m seriously curious.
>
> I will volunteer that I think of “STIR” as being the collection of 
> work in the IETF that is referenced in “SHAKEN” call authentication 
> specifications in use in the US and Canada (so far).
>
> “STIR” is the collection of work that tells you how to create a SIP 
> Identity header of whatever type you need for a particular call type, 
> and how to create an X.509 security certificate (chain) with 
> extensions and constraints needed to verify the contents of a SIP 
> Identity header.
>
> “SHAKEN” (a body of work in the ATIS/SIP Forum Joint Task Force on 
> IP-NNI) tells you how to create and use various SIP Identity types 
> defined in “STIR” and about the governance, policy, and certificate 
> authorization framework used to acquire SHAKEN-specific X.509 
> end-entity certificates.
>
> Beyond this, the call authentication governance authorities in the US 
> and Canada have created requirements and selected entities to be 
> Policy Administrators (PAs) and also created Certificate Policies 
> which outline the requirements to be an authorized (within their 
> respective jurisdictions) Certification Authority (CA), thus creating 
> the SHAKEN GA/PA/CA Secure Telephone Identity (STI) Public Key 
> Infrastructures (PKIs).
>
> I expect others can volunteer alternative, and potentially better, 
> definitions.
>
> Best regards,
>
> Pierce Gorman
>
> *From:*stir <stir-bounces@ietf.org> *On Behalf Of *Christer Holmberg
> *Sent:* Wednesday, May 11, 2022 11:52 AM
> *To:* stir@ietf.org
> *Subject:* [stir] Definition of STIR
>
> *[External]*
>
> Hi,
>
> What exactly is ”STIR”, other than the name of an IETF WG?
>
> Sometimes “STIR” used in document titles, sometimes there is text 
> saying “STIR”/“the STIR mechanism” does this and that, provides this 
> and that etc. draft-ietf-stir-identity-header-errors-handling talks 
> about “extending STIR”.
>
> RFC 7340 is supposed to describe the STIR problem, but 7340 does not 
> even say what STIR stands for (Secure Telephone Identity Revisited), 
> and there is no RFC named “STIR”.
>
> The question came up while I was reviewing the messaging draft, which 
> says:
>
> “Secure Telephone Identity Revisited (STIR) provides a means of 
> attesting the identity of a telephone caller…”
>
> Regards,
>
> Christer
>
> _______________________________________________ stir mailing list 
> stir@ietf.org https://www.ietf.org/mailman/listinfo/stir 
> <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-d9943c39f5aa48e9&q=1&e=48b6436c-996f-46ce-a87e-2698911a4b52&u=https%3A%2F%2Fnam02.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.ietf.org%252Fmailman%252Flistinfo%252Fstir%26data%3D05%257C01%257CPierce.Gorman%2540t-mobile.com%257C5c67550924d244c3e9d608da3383a0d7%257Cbe0f980bdd994b19bd7bbc71a09b026c%257C0%257C0%257C637878937678535160%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3DVWOs761ltIfh4S%252F2tzb%252FTt5Jo%252FMp1B4yw9XD8H4P4AQ%253D%26reserved%3D0> 
>
>
>
> _______________________________________________
> stir mailing list
> stir@ietf.org
> https://www.ietf.org/mailman/listinfo/stir

v2.23.0 | Report a Bug | By Email