Re: [stir] Roman Danyliw's Discuss on draft-ietf-stir-passport-rcd-23: (with DISCUSS and COMMENT)
Chris Wendt <chris-ietf@chriswendt.net> Sun, 05 March 2023 15:03 UTC
Return-Path: <chris-ietf@chriswendt.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79255C14F747 for <stir@ietfa.amsl.com>; Sun, 5 Mar 2023 07:03:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=chriswendt-net.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rjgyb_QneXod for <stir@ietfa.amsl.com>; Sun, 5 Mar 2023 07:03:21 -0800 (PST)
Received: from mail-qt1-x82d.google.com (mail-qt1-x82d.google.com [IPv6:2607:f8b0:4864:20::82d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39F08C14CF1C for <stir@ietf.org>; Sun, 5 Mar 2023 07:03:21 -0800 (PST)
Received: by mail-qt1-x82d.google.com with SMTP id w23so8058090qtn.6 for <stir@ietf.org>; Sun, 05 Mar 2023 07:03:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chriswendt-net.20210112.gappssmtp.com; s=20210112; t=1678028600; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=+kMYYcZitNkWEqxDLtroJbi0g3kE2OToBRZQA1Rj7t0=; b=oGVkZkKym7YA2fUx4SsobDcYeR/UN5q39K0nsKpGdJC5eKzUQJiHrPrSk7zcenu1eY cDcHxqTa6Aka8ZfKeQvQDj3BkTB/lNWhgBUEFMY3c2lbbzPfLwAJPOkzQWF0T2lD0fuk wGBWewcQvsospA5Na642dlhb4OgEMCS7BhfrVD0tvqCOAjK4rp5HhPSbVUjQ8gi/FvlX BacHqWEr2P6trDv2/6uwThpgBMyQ23QXTmNav3qoxBwBoJtWCcxT2mLYUlP9ja6L3jxP rbtWSXMJBcRhjqxBtU4k+Kg7iApOSmQxx7/euk88A1vh0Oo9z7LqBT/MB48omFGDap3K n85w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678028600; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=+kMYYcZitNkWEqxDLtroJbi0g3kE2OToBRZQA1Rj7t0=; b=fX/9un6DwkJP46JLj/QMPPzRV+vlqk90Yx2vvv9jPyakyeRKhATbWp+2NeDRc8kT4F Uvqga4dP8JRaXLCKRYHZKlxG5VuhkzxPQ35YX5EtGTOKkUi+JBPTUs3RhxRKsZb8Pl8h z7GhPleeeIMBnT2p+YrcGNk4I6H8F0+7OSffX+HRM/B5bAT2RtzklaMokxEsNdf9dnXH Lx3ItBAi2EojOFZFzzblySJrljVszYDx/IbyC0Ls05LYrn6mA4HHqXiYKeTetQwl4zU4 m7ZvDoC1tXBICO6QTgEAxMv4FsFpEP1OBGfrMe6FqhW6DiJPDBSNJvjm31CXyImKXQBR TVBQ==
X-Gm-Message-State: AO0yUKW0hEGwNgYJq3N8BLS6b6JKhK5r2PIntTYx4YK8B0FS1ePfnuGA Fdwx3PrGJJNQbMrnaUm9InlxoQ==
X-Google-Smtp-Source: AK7set9mu9xXrB42qi0ijRxYWsq6mRAYoth3/Py0bs37aUEvtwg2TUt7JpKCp4fOelLCfzSmen2RIQ==
X-Received: by 2002:ac8:5955:0:b0:3bf:cfa6:8851 with SMTP id 21-20020ac85955000000b003bfcfa68851mr14226463qtz.20.1678028599909; Sun, 05 Mar 2023 07:03:19 -0800 (PST)
Received: from smtpclient.apple (static-71-185-246-14.phlapa.fios.verizon.net. [71.185.246.14]) by smtp.gmail.com with ESMTPSA id 82-20020a370755000000b007423a896659sm5700299qkh.86.2023.03.05.07.03.18 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 05 Mar 2023 07:03:19 -0800 (PST)
From: Chris Wendt <chris-ietf@chriswendt.net>
Message-Id: <A78C373B-82DF-4504-ACC3-240F35291671@chriswendt.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_469A8075-B569-498A-BCD4-9EE60C248523"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.400.51.1.1\))
Date: Sun, 05 Mar 2023 10:03:10 -0500
In-Reply-To: <9C71358E-DB39-40FC-BA18-734175B6BEA3@nostrum.com>
Cc: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>, draft-ietf-stir-passport-rcd@ietf.org, STIR Chairs <stir-chairs@ietf.org>, IETF STIR Mail List <stir@ietf.org>, Russ Housley <housley@vigilsec.com>
To: Ben Campbell <ben@nostrum.com>
References: <166977514888.24379.6431023985333578193@ietfa.amsl.com> <B1A2B8C8-C478-4D67-86D1-5326E0206316@chriswendt.net> <9C71358E-DB39-40FC-BA18-734175B6BEA3@nostrum.com>
X-Mailer: Apple Mail (2.3731.400.51.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/d8ydnrjWwcUqHi8dt9LZK6Ey5_E>
Subject: Re: [stir] Roman Danyliw's Discuss on draft-ietf-stir-passport-rcd-23: (with DISCUSS and COMMENT)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Mar 2023 15:03:25 -0000
Hi Ben, Yes, thanks for catching that, perhaps HTTPS or CID is best path. Curious for other opinions. -Chris > On Mar 2, 2023, at 5:01 PM, Ben Campbell <ben@nostrum.com> wrote: > > (No hats) > > I have a context related comment on one item: > > Thanks! > > Ben. > >> On Mar 1, 2023, at 12:02 PM, Chris Wendt <chris-ietf@chriswendt.net> wrote: > > […] > >> >>> >>> ** 5.*. Inconsistent requirements for URIs >>> >>> -- icn: appears to be any URI per Section 5.1.3. This would make gopher://, >>> ftp://, https:// all equally valid. These have different security >>> characteristics. >>> >>> -- jcd: per Section 5.1.4 “is intended to directly match the Call-Info header >>> field value defined in [I-D.ietf-sipcore-callinfo-rcd].” Section 4 of that >>> document says it “MUST define the use HTTPS or a transport that can validate >>> the integrity of the source of the resource as well as the transport channel >>> through which the resource is retrieved”. >>> >>> -- jcl: is an HTTPS URL (per Section 5.1.5) >>> >>> Why are these different? Support different levels of transport security? >> >> You are correct, i fixed “icn” to specifically be an HTTPS URL vs generic URI. jcd is not a URI, it’s a directly included JSON jcard object in the “rcd" claim. >> > > IIRC, a previous version did specify HTTPS URLs for “icn”, but we discussed the possibility that an icon could be imbedded in a body part of the SIP request and be referenced with a “cid” URL. I suppose that if that is true for “icn”, it is probably also true for “jcl”. > > That being said, I am not aware of anyone actually doing that (yet) will not object if we think it is better to limit it to HTTPS. (Or as a compromise, say it MUST be either HTTPS or CID?) > > >> […] >
- [stir] Roman Danyliw's Discuss on draft-ietf-stir… Roman Danyliw via Datatracker
- Re: [stir] Roman Danyliw's Discuss on draft-ietf-… Chris Wendt
- Re: [stir] Roman Danyliw's Discuss on draft-ietf-… Ben Campbell
- Re: [stir] Roman Danyliw's Discuss on draft-ietf-… Chris Wendt
- Re: [stir] Roman Danyliw's Discuss on draft-ietf-… pierce
- Re: [stir] Roman Danyliw's Discuss on draft-ietf-… Alec Fenichel
- Re: [stir] Roman Danyliw's Discuss on draft-ietf-… Ben Campbell
- Re: [stir] Roman Danyliw's Discuss on draft-ietf-… Ben Campbell
- Re: [stir] Roman Danyliw's Discuss on draft-ietf-… DOLLY, MARTIN C