[stir] Shepherd Review of draft-ietf-stir-servprovider-oob-24
Ben Campbell <ben@nostrum.com> Fri, 13 October 2023 04:22 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E89FC14CE31; Thu, 12 Oct 2023 21:22:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.684
X-Spam-Level:
X-Spam-Status: No, score=-1.684 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, KHOP_HELO_FCRDNS=0.001, MAY_BE_FORGED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7fCRe7LQLYbv; Thu, 12 Oct 2023 21:22:18 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B73B3C14CE52; Thu, 12 Oct 2023 21:22:18 -0700 (PDT)
Received: from smtpclient.apple (mta-70-120-133-87.satx.rr.com [70.120.133.87] (may be forged)) (authenticated bits=0) by nostrum.com (8.17.2/8.17.1) with ESMTPSA id 39D4MQuB032599 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 12 Oct 2023 23:22:27 -0500 (CDT) (envelope-from ben@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1697170948; bh=DFrMQtQPYZslx6ZKmvONb5zK5n1mt12CgJmpQGFBTQc=; h=From:Subject:Date:Cc:To; b=YSs0040akiHCX7Xu5kkvvuEsXuQe/W2SJBoZpwlCWsykZ1/OKcKF+4ndm1zUFHV5Y w1fWD9xr2TMU52z/kkaKQ/a/uUm/riu1SQFIwC2iS8eCurW2ErPBFl+KY/hPFUtdgT sVJ8gqD2/zHwOBWnXBcUlLy2BcCLHD6zd5lYAJ2k=
X-Authentication-Warning: raven.nostrum.com: Host mta-70-120-133-87.satx.rr.com [70.120.133.87] (may be forged) claimed to be smtpclient.apple
From: Ben Campbell <ben@nostrum.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
Message-Id: <C9898106-3EF7-47E0-9588-4A413DBC25CB@nostrum.com>
Date: Thu, 12 Oct 2023 23:22:10 -0500
Cc: "Peterson, Jon" <jon.peterson@transunion.com>, STIR Chairs <stir-chairs@ietf.org>
To: IETF STIR Mail List <stir@ietf.org>
X-Mailer: Apple Mail (2.3731.700.6)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/d-ZIT-kPBTtPv2EmDwBa7DcipCk>
Subject: [stir] Shepherd Review of draft-ietf-stir-servprovider-oob-24
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Oct 2023 04:22:22 -0000
Hi, I’ve just reviewed draft-ietf-stir-servprovider-oob-24 as part of the process of doing the shepherd writeup, and have a few comments and questions. # Substantive: ## General: Is informational still the right status? It has quite a bit of normative language. There’s nothing inherently wrong about that, but that sort of thing does tend to trigger AD questions. If “Informational” is still correct, I suggest adding a paragraph somewhere early in the document to say why we think that and why we still included 2119/8174 language. IMO, this would be helpful both to head off questions in advance and to help end-readers understand how to think about the document. (I suspect the fact that 8816 is informative is a lot of the reason, but there are work-arounds if we think this document effectively defines a standard.) ## §4, 2nd paragraph: “ The advantage to signing with STIR certificates is that they contain a "TNAuthList" value indicating the telephone network resources that a service provider controls. Unfortunately, here, the biggest current deployment of STIR mostly still just puts SPCs in TnAuthList. The ATIS approach effectively allows any SPC token holder to attest to any phone number. # Editorial: ## Abstract, last sentence: If we stick with “Informational”, I suggest saying “This document describes” rather than “This specification defines”. ## §1, 2nd paragraph: ### “… and who thus will learn about the parties to communication independently…” The phrase is a little hard to follow. I suggest “...Who thus will independently learn about the parties to communication…" ### “… like mobile networks …” Given that modern mobile networks tend to use SIP, they might not be the best target to pick on. Maybe something like “such as legacy non-IP telephone networks” ### “ where in-band transmission of STIR may not be feasible: s/STIR/PASSporTs ## §10, first paragraph: "This draft mitigates those concerns by making the CPS one of the two parties to call setup” In the gateway case, there may be more than 2 parties to the call setup. I suggest changing “one of the two parties” to “one of the parties”.
- [stir] Shepherd Review of draft-ietf-stir-servpro… Ben Campbell
- Re: [stir] Shepherd Review of draft-ietf-stir-ser… Peterson, Jon
- [stir] Proposal to change servprovider-oob to Sta… Ben Campbell