IETF Logo Mail Archive

Re: [stir] Genart last call review of draft-ietf-stir-cert-delegation-03

"Peterson, Jon" <jon.peterson@team.neustar> Mon, 22 February 2021 23:42 UTC

Return-Path: <prvs=5687b5be9a=jon.peterson@team.neustar>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45CC33A218A for <stir@ietfa.amsl.com>; Mon, 22 Feb 2021 15:42:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=team.neustar header.b=Qp7WqV7h; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=neustar.onmicrosoft.com header.b=E4hZZQm2
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2199gwibD5UV for <stir@ietfa.amsl.com>; Mon, 22 Feb 2021 15:42:04 -0800 (PST)
Received: from mx0b-0018ba01.pphosted.com (mx0b-0018ba01.pphosted.com [67.231.157.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A34993A2184 for <stir@ietf.org>; Mon, 22 Feb 2021 15:41:27 -0800 (PST)
Received: from pps.filterd (m0078668.ppops.net [127.0.0.1]) by mx0b-0018ba01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 11MNZYev007884 for <stir@ietf.org>; Mon, 22 Feb 2021 18:41:26 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=team.neustar; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=team-neustar; bh=vYpcHw78gxJq2YT82qswcbuE7aNUocZB65M+2oIU2+w=; b=Qp7WqV7h9PDcK6jCDH7ezcdGfkuWdI2AKFiYcCzr7H8WRJRJ1uT2DfXZzX+vvvkJwvv+ 8Th9JPPclgTzHyCLRwKfNs/qxU+u5QFswYRVDHf1ZPvIe9DN8kVa9CzxcYNRVlUjKRCD MgM2obcwZ/opgN+kQbWN6jG/+ewSPxoM8c4LAk43BD6UvGKXiRtd55u3HjV//sepbLh0 oiQmks9ntGPlAHzRGvj9fM/OVw5OohBq6noan5/+H8NnqePrux1tinvZSKm8e7YSShhx 2vc4k+OwkFso50SnGEgdEqhLgTnoUCRgf2Wh8MTK99782vCv31/EixuQOJGhsvA5duYB MA==
Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-0018ba01.pphosted.com with ESMTP id 36tx3xdd99-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <stir@ietf.org>; Mon, 22 Feb 2021 18:41:26 -0500
Received: from m0078668.ppops.net (m0078668.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 11MNbdO9010180 for <stir@ietf.org>; Mon, 22 Feb 2021 18:41:26 -0500
Received: from nam10-bn7-obe.outbound.protection.outlook.com (mail-bn7nam10lp2100.outbound.protection.outlook.com [104.47.70.100]) by mx0b-0018ba01.pphosted.com with ESMTP id 36tx3xdd98-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 22 Feb 2021 18:41:26 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gW4Mg3Y+NsoRg5W+NtBypfLMoA2jySbJvFpIrZ9/9nxXZECcw2rGQ65ANr8m3mrEG3QrHtuJCoMHtHFGUnjC2B+t5Vx2hYEsaVXBfLJPk+jPMjjorHr+FDHuXKGTnjsze1LoorSe5KZoEwpkADVSO0Bq3iMzdp0I1d+coPbonrhU0sOwjTJQpBGkRMvE08+j86yq/5gd+MZOGSFqfrMr+VeQbeomeUH1tAdmOpNVvQAp20DJeC+1QSZoZ44t63Kj8khljXvfCuXjUpAitaxvpVVHPBrVP87WUU2K0538mC/tnGva5I9vpuO03pF5pyFS6+35it08mboTDJIcPG3TQA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PJNRrlasDJa4Utzmo9yiNKzRtw0u4AhD8AjgPYYkyCw=; b=oKrkyY2CO8DXKoEZ4HyXjytF6JTT2LW2eYzgo21nCfaS+NydECOXTRy1z5j9ltPMDuyPuNj+YdH0lHVl1IpB3+pBbL0NzR7qOnUCEEIs33YLpGQMRt2/qdMSHWY/QmwpsLXjzoC8l5PoRS1ilt0Syla/j/V2T/RckESSQOxzs4MZ/s6bOxAlNvKXCUxPqztCdP9A1wCW41Cpj1U/lsEYrNJc/skQkL55gSBeULosjZNE5+IRolMbS+kxk1GBvDqhv8Gh5HmrTvK440peVVBAU26N9KBYo6iDmZQyc4VrrndUoZg43lIiieCCZ3vPnE0CTbSAnpRigG7ad1xQhHw80w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=team.neustar; dmarc=pass action=none header.from=team.neustar; dkim=pass header.d=team.neustar; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=neustar.onmicrosoft.com; s=selector1-neustar-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PJNRrlasDJa4Utzmo9yiNKzRtw0u4AhD8AjgPYYkyCw=; b=E4hZZQm2LStsWoTaU0PeTLEZsAtMIi7p05dz6NlwayfvK6Yhz08NbGM+9OU4e6tuk6ud2O69MaQmUElkpg6PBmmETuMGJKKWFUmBsJlwCog1LQPBvu2AByYYSM6M7uej7EJvVq0HaohfSFNvnMe6bN2juXcbzJ39VmuNPB7cL9I=
Received: from BY5PR17MB3569.namprd17.prod.outlook.com (2603:10b6:a03:1b9::20) by BY5PR17MB3222.namprd17.prod.outlook.com (2603:10b6:a03:183::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3868.29; Mon, 22 Feb 2021 23:41:24 +0000
Received: from BY5PR17MB3569.namprd17.prod.outlook.com ([fe80::fd51:22ce:499d:3ae4]) by BY5PR17MB3569.namprd17.prod.outlook.com ([fe80::fd51:22ce:499d:3ae4%3]) with mapi id 15.20.3868.029; Mon, 22 Feb 2021 23:41:24 +0000
From: "Peterson, Jon" <jon.peterson@team.neustar>
To: Ines Robles <mariainesrobles@googlemail.com>, "gen-art@ietf.org" <gen-art@ietf.org>
CC: "last-call@ietf.org" <last-call@ietf.org>, "stir@ietf.org" <stir@ietf.org>, "draft-ietf-stir-cert-delegation.all@ietf.org" <draft-ietf-stir-cert-delegation.all@ietf.org>
Thread-Topic: Genart last call review of draft-ietf-stir-cert-delegation-03
Thread-Index: AQHWe/AYs1BD5DQUiU25zQr9ryx5O6nw7i8A
Date: Mon, 22 Feb 2021 23:41:23 +0000
Message-ID: <B2AF5132-9568-495D-954A-3836F28FAEA4@team.neustar>
References: <159847741398.23291.8299604699001624244@ietfa.amsl.com>
In-Reply-To: <159847741398.23291.8299604699001624244@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.1b.201012
authentication-results: googlemail.com; dkim=none (message not signed) header.d=none;googlemail.com; dmarc=none action=none header.from=team.neustar;
x-originating-ip: [2600:1700:2ec0:8108::3]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ebd69711-9526-48d4-3703-08d8d78b5d7b
x-ms-traffictypediagnostic: BY5PR17MB3222:
x-microsoft-antispam-prvs: <BY5PR17MB3222FE688AAA0A7C51440731E2819@BY5PR17MB3222.namprd17.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: byBQfQL1x/AQwzQH7TM0kRRcSJ4u9H6fUp25IyIDsF+9LpqpcVdh0z4GytjTAmRIDmawpaJlPhQo4cvFJ9jIG6aYscwdpPuKHKnVHeV53O0KH0vUj1WQ1GEU2C82bthq+8/aqlU+xeVWUZT7p/cUukpxja+LDKXVaDyMXjpaUbHc3tze54mZpGAhrwo61NYLTQjC1+QOu4z7Yc31zLgFUBFAaYUbcWgAk77jgXsy7QjjligQY5plv/15i92IVG5D+IS8ivNbXwtRgyu0BsZCsEQPKiqllo5h/iQyc6nFLGAT+Q/L3+PBiDcO10JUbZ6m8KsqmvKK2RQx6HGP9TQSLCy07PHDJ529ItZTz6e0Bgu4jvuWX+SM0bf62kKeFvf5tDBg9uYfwWY64CeLCW6KfDddHzpRQanS6Ofap6rZ09mVoWlIICkjVaCuAwfpRtM0Dz7cW6HfuTwTp+fW5Ai67ydYb6zeFLksKr8JUBO9JlEn0vzgmz3taAy9wyyL9e1QwD9BJ2VIjY/WDe2zdRAv4fkoIQwL9JTsXg3vDNhrvnvlykx3h8P+rTpepr+vLS5fJuXFBKSDvuG8qU0kO1a9DgGmOW3dUjBrg56o++ksjX9yI1HoE4u2C/fFAg+i3FXcisdUoFKGm9pLvHKNQGTQYaYHKACOKhoi/sTb9U040qhrPq3QaMPvjDVX2QjNU9mDgQBoOGpMZ+IyLj5IHWRvlG3kPfbphnGtqlXy1S7l5ow=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR17MB3569.namprd17.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(136003)(346002)(366004)(39860400002)(376002)(83380400001)(6506007)(8936002)(4326008)(16799955002)(186003)(316002)(33656002)(110136005)(8676002)(77540400001)(966005)(66446008)(64756008)(2616005)(86362001)(478600001)(66556008)(71200400001)(6486002)(5660300002)(54906003)(6512007)(76116006)(66946007)(2906002)(66476007)(46492009)(43620500001)(45980500001)(15398625002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: I5sayk8dBWXEc/JyYMAB1hggpfd77eRuk07RVKaLfoh8QEw8G1zT7loouArputJI5AEmIrnDDOw98eCr51jTeP4R6aja6Y/oKSFXxMSEJUorBEFaIOHjXMz+2wrxoZ3eqZb7uus3JRjSG6aQvYR+F2ZFcCVpvPLrAmXKxA2BGVFhOTbUSOt3MVpTSe2EfktumI1w+tOLMyFBe+rxZl4Tgv5ANGnOrIsPJxI7gMBhGKPsdmQiGynNVFzJC1MjumW7vWFdqf+TH270/B+HUOkn1B47wrSkysGKJWJWN7ujZBtE0FS8856nr4ugX/Jd/TTn3N673/X5qcB9uq6RPmI4aQEOmtG2rZpT/OQ8ehNSUWRtVO95Q67NsYQfoe4FmBYQIz/gTixEpLURjSb9Ya1Hmq2pUoYfk5458nvE0uwYxjJ1COaApVFEu/L874AkTnQy4wPhbdwXnqqv2VSCH/qR1OikjxnLfJJdxdtCIXUfnknccJh4jv6hzm3WndKlcFFQUZ9X/OIm7R0stHg8mFh8vtkJtUPGkR4tMuhnUwN14sa07JP4zIL6ZlUp9LICv1jBniaBTjPDLWj7JmhuVOOoMySDMMlDVzD372oaeABrzTJf18zC9ZRfK5pPkoKIHT9nmy8yrWyEpDTGMfucXls2D71QfTxHVzC52xj/9xSRbY6L/ITb7FwMuAaFEZ0/fEJ5xwWfM0pPDETkYDlXhvCUmPxqcehq2DOqCJcPEF8bZChVwhzq91GVxNSBM78tBKo50vXOJj+3+w8peVDr6WvPaIr4RBRrQHH32xdQsx24eAJYkXPfCetKBFDEETasu1V5cgQQjk4SvJ51t6HYD2/RHjWwhq/h6kiIMRp+9SGrCC1tQvfOUqLAg3mjEwARJXy4G9k+TpNHcIH9pDZFeAXrDag+C6iGxzrzZOtoiWVTEWYUXCkZ1I+9iDHK2dfP2VZ00DSpyVLobM9J5d/rymlewMbMuwh/IYi94Zxf2hVPLb0hfCOLcbA1PMaNTnpLBXuH5s0zaOrTGv3UGn3V0XqoOgzsA6lPdausTCfVbOzn/AkvYO1jMnZEyR8dsezjCld07WLuHgfFOO6/n+r7Vt86IbjlPPpONRoTMxPN1lo42FPN175HclWRdSrETM9IAL826ba5BcoK54AcQ5+6B+T6NiYqi2NPjxaXYy624awMHRWIIq8HVbMSHN7RBfoaydZ2K+rSGTq4wQcV3TbS5MTniDSEDP7QefkoLToSnvo+6IUj1xr51x70yXuHDk06cIr2NMLAMvGAowxkH58zX8CxHmaXnLfxmm4bNM6RJpYCvoksWjJJrTqGvAPqAwepJKOEJInuzJHn7YnevQUVkgd/EiDLFQtDsj3grosuk1EXOVQ=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <9563C25CE2305B4084AF419ED282F2EB@namprd17.prod.outlook.com>
X-OriginatorOrg: team.neustar
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR17MB3569.namprd17.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ebd69711-9526-48d4-3703-08d8d78b5d7b
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Feb 2021 23:41:24.0308 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 73a2bbc1-f307-47c4-8f94-5f379c68bc30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: y8Clf9ovdU9bBIVkcZ81UFINEPLhyNmeT6/0okNMSmaYoM8zViaMS/4pvsKRfK8EohhVdMt+dPAESALRDPr0RDx40AN+PARztAcjbeyFiwc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR17MB3222
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761 definitions=2021-02-22_08:2021-02-22, 2021-02-22 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=864 bulkscore=0 priorityscore=1501 clxscore=1011 malwarescore=0 suspectscore=0 lowpriorityscore=0 mlxscore=0 spamscore=0 impostorscore=0 phishscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=2 engine=8.12.0-2009150000 definitions=main-2102220203
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/d0RF-QHezKCJcbnKKTeNYnbuyhU>
Subject: Re: [stir] Genart last call review of draft-ietf-stir-cert-delegation-03
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Feb 2021 23:42:06 -0000

Hi Ines,

Thanks for the read on this one (and sorry for the lengthy RTT). A few responses.
    
    Minor issues:
    
    1-Introduction Section:
    
    "..., including various forms of robocalling, voicemail hacking, and
    swatting..." --> should a reference to RFC7375 be added here?

Sure, I added that.
    
    2- It would be nice to add in Terminology section:
    
    -  delegation: the concept of delegation and its levels are defined in RFC8226.
    - definition for "legitimate spoofing". I understand that the draft explain it
    with an example.

Okay, done.
    
    3- It would be nice to add references to concepts, e.g. cA boolean --> cA
    boolean [rfc5280#section-4.2.1.9]

Happy to add an RFC5280 ref there, though there's one in the next sentence as well. 
    
    "x5u" link -> "x5u" (X.509 URL) [RFC7515#section-4.1.5] link

Above, the document already clarified that it is the '"x5u" field of a PASSporT", so I think this is okay,
    
    4- Section 4: It would be nice to add graphics explaining the process.
    E.g. can be used as a model the images displayed in
    https://urldefense.com/v3/__https://access.atis.org/apps/group_public/download.php/47134/IPNNI-2019-00043R000.pdf__;!!N14HnBHF!ruZOc0NFQcees5TRawLc_mZjF0IeX-yIKalJpT_41IU-uAKmu9vZCwNJ9V8$  
    or https://urldefense.com/v3/__https://niccstandards.org.uk/wp-content/uploads/2019/03/ND1522V1.1.1.pdf__;!!N14HnBHF!ruZOc0NFQcees5TRawLc_mZjF0IeX-yIKalJpT_41IU-uAKmu9vZMzXwShk$  
    
Not sure about adding new pictures at this point; or at least, I think the basic idea should be clear from the text by itself.

    5- Section 5:"Authentication service behavior for delegate certificates is
    little
       changed from [RFC8224] STIR behavior" --> It is not clear to me what are the
       little changes.
    
    Additionally, how you quantify little/big changes?, maybe something like?:
    "Authentication service behavior varies from STIR behavior [RFC8224] as
    follows:...."

Okay, I can do that.
    
    6- Section 8.1: Should the picture displayed in
    https://urldefense.com/v3/__https://www.ietf.org/proceedings/104/slides/slides-104-stir-certificate-delegation-00--Slide__;!!N14HnBHF!ruZOc0NFQcees5TRawLc_mZjF0IeX-yIKalJpT_41IU-uAKmu9vZ_sKwt4g$  
    5 be added here?
    
Really would rather not do new pictures at this point.

    7- Security Consideration section: should a reference to RFC7375 be added here?

Added.
    
    Nits/editorial comments:
    
    8- Expand the first time: JWS -> JSON Web Signature (JWS)

Done. Thanks!

Jon Peterson
Neustar, Inc.
    
    Thank you for this document,
    
    Ines.

v2.23.0 | Report a Bug | By Email