IETF Logo Mail Archive

Re: [stir] WG last call comments on stir-oob-04

"Peterson, Jon" <jon.peterson@team.neustar> Thu, 25 April 2019 22:03 UTC

Return-Path: <prvs=3018427e2f=jon.peterson@team.neustar>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8AD41202E4 for <stir@ietfa.amsl.com>; Thu, 25 Apr 2019 15:03:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.637
X-Spam-Level:
X-Spam-Status: No, score=-0.637 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, KHOP_DYNAMIC=1.363, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=team.neustar
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KtDthWniRDIT for <stir@ietfa.amsl.com>; Thu, 25 Apr 2019 15:03:20 -0700 (PDT)
Received: from mx0b-0018ba01.pphosted.com (mx0a-0018ba01.pphosted.com [67.231.149.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22153120337 for <stir@ietf.org>; Thu, 25 Apr 2019 15:03:19 -0700 (PDT)
Received: from pps.filterd (m0078664.ppops.net [127.0.0.1]) by mx0a-0018ba01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x3PLr1jO007305; Thu, 25 Apr 2019 18:03:18 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=team.neustar; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=selector1; bh=nL5zGfxoqHH085Hr3Q36O08UC7Ghk0ZFzA3v5MGguW8=; b=UgHlzlKa8hMmckT9X5f9e0mbf+YZMJ03zQsZhvQ+ppUs5lbW6IzhfiOTX9eWs4/bKoKj pZXUmfftKp+eJvLrSR0cTvW2t8zoO508Vn4TGqKnUJt8vP6YMgDNrgZyHNK2JuKhSIm4 Cnu7EfsqDgKNwRmzZEilBldu1xlAf/Iznn+2AxwC9NE0K2pGfbSi+PPe9/zL4Hui+puv OtjS0Yo59WeA8jxaS3TDEKlfxxdzHgQJz2uxa318Md6K/HA0TtsghEnnrr/J0g4/7T+e hJA5k6NT+EdqlJhSQF3MUANYtERdPCbdJ+Nt/0lKfOAzbMp/BG7RgTAzy2qp5/UK8KrH YQ==
Received: from stntexhc11.cis.neustar.com ([156.154.17.216]) by mx0a-0018ba01.pphosted.com with ESMTP id 2s3g4yrjn6-1 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 25 Apr 2019 18:03:18 -0400
Received: from STNTEXMB101.cis.neustar.com ([fe80::a831:d3b4:fb4e:e45b]) by stntexhc11.cis.neustar.com ([::1]) with mapi id 14.03.0439.000; Thu, 25 Apr 2019 18:03:16 -0400
From: "Peterson, Jon" <jon.peterson@team.neustar>
To: Mary Barnes <mary.ietf.barnes@gmail.com>, "stir@ietf.org Mail List" <stir@ietf.org>
CC: Eric Rescorla <ekr@rtfm.com>
Thread-Topic: WG last call comments on stir-oob-04
Thread-Index: AQHU9in8Lskpqc5P8Uuqk4xpbcNHUqZNRr6A
Date: Thu, 25 Apr 2019 22:03:16 +0000
Message-ID: <C89593B6-4EA9-49E9-A112-DA5EDE2AA149@team.neustar>
References: <CAHBDyN5W_+dj_2o9ZeafLmJw=8LanR5DcnBz+85YTDppRaz51A@mail.gmail.com>
In-Reply-To: <CAHBDyN5W_+dj_2o9ZeafLmJw=8LanR5DcnBz+85YTDppRaz51A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.9.190412
x-originating-ip: [10.96.13.90]
Content-Type: multipart/alternative; boundary="_000_C89593B64EA949E9A112DA5EDE2AA149teamneustar_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-04-25_18:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1904250134
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/d5AVAfh-PcTn_K-VA6884H8eGKs>
Subject: Re: [stir] WG last call comments on stir-oob-04
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Apr 2019 22:03:23 -0000

Thanks for the notes Mary. A few responses inline.

Minor comments:
----------------------
- General: per Eric's comments, there is still a lot of work to do to get this completed or even to get a simple profile specified. It might be very helpful somewhere to summarize the gaps that must be addressed.  And, it should clearly state that this document doesn't provide a complete solution but rather identifies building blocks and gaps required to realize a solution.  Maybe something like this added at the end of the introduction:

"This document provides the operating environments in which this out-of-band STIR mechanism is intended to operate.  It provides use cases and provides a description of the components and a solution architecture.  It describes the storage and retrieval of PASSporTs in the CPS within this context.  Gaps that must be addressed in a solution are also identified."

<Jon> Sure, I mean, moving it to Info from PS is intended to signify that it is just a framework and not a protocol specification (apart from the little strawman which is marked clearly as a strawman). But I don’t have a problem adding something like that to the end of the intro. </Jon>

- Section 1, 2nd paragraph.  Is it really "most" calls that still traverse the PSTN?  I would think "a number of" might be a better way to say that.

<Jon> The numbers I hear are well into “most”, even if more than half of residential landline is now last-mile IP. But it’s true that statements like this don’t age well or add much value for posterity. I can patch it. </Jon>

- Section 5.2.  I don't quite understand the premise in that first paragraph.  Are there 2 simultaneous calls and once it hits the gateway it gets dropped?

<Jon> Not two calls, no, the PBX we’re assuming here does not have a SIP trunk, just an old-school PRI or something, but it does have a regular Internet connection. So it is dropping the call to that PRI, and as it does so, it puts the PASSporT in the CPS. Would it help if I made it clear that despite having Internet access, it doesn’t have an outbound Internet voice call path, or something? </Jon>

- Section 7.5, last paragraph.  It seems to me that the recommendation for the amount of time to store a PASSporT should have some relation to the time chosen for verifying "iat" values in the PASSporT.  Maybe change "for more than sixty seconds."   to "something like "no longer than a value that might be selected for the verification service policy for freshness of the "iat" value as described in [RFC 8224]."   As I recall, there was a conscious choice made to not put a specific value on that time in 8224 and I can't see why we wouldn't want to do the same here.

<Jon> That’s probably fine. Your nits below are also appreciated. Thanks again for the read. </Jon>

Editorial nits:
-----------------
- Section 1, 3rd sentence:  I found this wording awkward, so I suggest the following change:
OLD:
  For example, [RFC8224] defines an Identity header of SIP requests capable of carrying a
  PASSporT [RFC8225] object in SIP as a means ...
NEW:
   For example, [RFC8224] defines a SIP Identity header field capable of carrying
  PASSporT [RFC8225] objects in SIP requests as a means ...

- Section 4, 3rd paragraph.  I think a list with numbers is more readable than this plain list.  and strictly speaking an "or" at the end of item 1 is more accurate since I think you're describing two options.

- Section 5.3, 1st paragraph:
"it will immediate drop" -> "it will immediately drop"

- Section 5.4, last paragraph:
" perhaps the destination endpoints queries" -> "perhaps the destination endpoint queries"

- Section 6.1, 3rd paragraph:  "the most obviously way" -> "the most obvious way"

- Section 6.2, 3rd paragraph:  "will need decrypt" -> "will  need to decrypt"

- Section 7.3 Again, I think a numbered list is a better way to annotate those two points.

- Section 7.5. Ditto Russ' comment on reference to "blind signature"

- The reference to the VIPR overview spec isn't to the most recent version.  It should be draft-jennings-vipr-overview (and as I've said a number of times, I think it would be good to actually publish that one)

<Jon> Heh. Will update the ref at least. </Jon>

v2.23.0 | Report a Bug | By Email