[stir] AD Review: draft-ietf-stir-oob
Adam Roach <adam@nostrum.com> Tue, 03 September 2019 05:18 UTC
Return-Path: <adam@nostrum.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC0EA1200DF; Mon, 2 Sep 2019 22:18:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.98
X-Spam-Level:
X-Spam-Status: No, score=-1.98 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nostrum.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pQ_UrPokbCRQ; Mon, 2 Sep 2019 22:18:35 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A2FB120020; Mon, 2 Sep 2019 22:18:32 -0700 (PDT)
Received: from Svantevit.local (99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id x835IQcT005682 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Tue, 3 Sep 2019 00:18:30 -0500 (CDT) (envelope-from adam@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1567487910; bh=0SxYKNXJQ1fnUyY6LQLLXgMNjGwwO7ZRFSfUts/UGXY=; h=To:From:Subject:Date; b=EQcOf04k2nL8aeibDw6Sc1t5F17YOKFlOxcAhddlpaaCaSbWxXXU9XburobpTEy6N +BTfLKnJ/nr9s+GYYO48bB2E8kPH+S+6swcDGvkpMJn5d2yD/q9Njlnntm4cfZT2o7 rjsZ4AuJQfgjEPx6bne+r2iLg0ITfvxcQPw2UQpQ=
X-Authentication-Warning: raven.nostrum.com: Host 99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228] claimed to be Svantevit.local
To: draft-ietf-stir-oob@ietf.org, "stir@ietf.org" <stir@ietf.org>
From: Adam Roach <adam@nostrum.com>
Message-ID: <838e0acf-1d37-2986-15a2-a28aad674b1c@nostrum.com>
Date: Tue, 03 Sep 2019 00:18:19 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/cITBna6hUCWmh8rnZoWkYNdIIsE>
Subject: [stir] AD Review: draft-ietf-stir-oob
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Sep 2019 05:18:37 -0000
This is my AD review for draft-ietf-stir-oob. I will be requesting that it be put in IETF last call shortly. Thanks to everyone involved for taking the work to work out and document the thinking so far on an out-of-band mechanism. I have no substantive comments, and only a small number of editorial suggestions, below. Please treat these as any other IETF last call comments. /a --------------------------------------------------------------------------- §1: > do use SIP do not always carry SIP signaling end-to-end. Xalls from Nit: "Calls" --------------------------------------------------------------------------- §1: > This specification therefore builds on the PASSporT [RFC8225] > mechanism and the work of [RFC8224] to define a way that a PASSporT > object created in the originating network of a call can reach the > terminating network even when it cannot be carried end-to-end in-band > in the call signaling. This relies on a new service defined in this > document called a Call Placement Service (CPS) that permits the > PASSporT object to be stored during call processing and retrieved for > verification purposes. This is still phrased as if the remainder of this document is a complete specification of mechanism rather than the more limited scope described in the paragraph that follows it. Perhaps: s/This specification/The techniques described in this document/ s/define a way/describe a way/ --------------------------------------------------------------------------- §5.2: > A call originates with an enterprise PBX that has both Internet > access and a built-in gateway to the PSTN, which communicates through > traditional telephone signaling protocols. The PBX immediately drops > the call to the PSTN The colloquial use of "drops" in this context can be confusing. (I had to re-read to ensure that it meant "routes" rather than "aborts"). Perhaps "...immediately routes the call..." The same comment applies to §5.3. --------------------------------------------------------------------------- §5.3: > If > so, it can retrieve the PASSporT and, when it creates a SIP INVITE > for this call, add a corresponding Identity header per [RFC8224]. Nit: "...Identity header field..." --------------------------------------------------------------------------- §5.5: > the SIP call with an Identity header. As a fallback in case the call Nit: "...Identity header field." --------------------------------------------------------------------------- §6.2: > This requires the retargeting entity to generated > encrypted PASSporTs that show a secure chain of diversion: Nit: "...to generate..." --------------------------------------------------------------------------- §8.1: > or more credentials that can be used to sign for that identity, be it > a domain or a telephone number or something other identifier. For Nit: "...or some other identifier." > Identity header field value of the SIP request - though SIP would > carry cleartext version rather than an encrypted version sent to the Nit: "...carry a cleartext..." --------------------------------------------------------------------------- §8.3: > could receive a call with an Identity header, extract a PASSporT from > the Identity header, and store that PASSporT at a CPS. Nit: "...Identity header field..." (twice) --------------------------------------------------------------------------- §9: > As an rough example, we show a Call Placement Service implementation Nit: "...a rough..." --------------------------------------------------------------------------- §10: > This document does not prescribe any single way to do service > discovery for a CPS; it is envisioned that initial deployments will > provision the location of the CPS at the AS and VS. Nit: expand the acronyms "AS" and "VS".
- [stir] AD Review: draft-ietf-stir-oob Adam Roach
- Re: [stir] AD Review: draft-ietf-stir-oob Russ Housley
- Re: [stir] AD Review: draft-ietf-stir-oob Adam Roach
- Re: [stir] AD Review: draft-ietf-stir-oob Peterson, Jon