IETF Logo Mail Archive

Re: [stir] I-D Action: draft-ietf-stir-identity-header-errors-handling-05.txt

Jack Rickard <jack.rickard@microsoft.com> Wed, 12 October 2022 08:46 UTC

Return-Path: <jack.rickard@microsoft.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F2DDC1524C4 for <stir@ietfa.amsl.com>; Wed, 12 Oct 2022 01:46:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.679
X-Spam-Level:
X-Spam-Status: No, score=-2.679 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.571, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BT33An3TnWw7 for <stir@ietfa.amsl.com>; Wed, 12 Oct 2022 01:46:00 -0700 (PDT)
Received: from DM6FTOPR00CU001-vft-obe.outbound.protection.outlook.com (mail-cusazlp170100000.outbound.protection.outlook.com [IPv6:2a01:111:f403:c111::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 370BFC14CF14 for <stir@ietf.org>; Wed, 12 Oct 2022 01:45:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q4GQ3uJRvU++FvWZKWFF9cDgdZKa8TCwKlA7NmWUearN+N/FTOkfnEpP5gxrKdoTmwwtz4v/u1HIG4ib12iOhj9ISlBdKYDRgxxpjYykfTuTZx7qCnMvE7PpyRYNmQD3iyNcVLTdIHOGa/UUmpdW9gvBIDTXGdtmRx4sXGNuLEVIv/rMgxz/Tyw8emqMhB+Eof63/Qb7SEDr1+n+iW6ETa5/susj2cQcVqEKpsKgh1d8Wko43rLVYQlsMwmrumMyIyAESTOvL+iHITPt2RxaAg7ARANFqUZbUbrGzF6ZgBOyPf8uShKJvv60gdRJmO8ITlQLjWbq+GQBSIhQs3J8Rg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5r7D+o0ss13p0J964MgwXCvriCU3FyCvgX7paOh7uu8=; b=SXJ/rfATmQI+epGABwSbgFiTAl2oLlRebRbs0aUUcyJoq3w+ku3j7S+p/sMZT3s1sfoQE/uAm38uQImehyWt6Rdws7IKprPYNvCErcwSh5TRSObrvNufXPdQMKyanPlQs35doXbVB8y+fdeiCQsLf99J0tTErSLlb6/dEWpPFymzyojvQZ0yZs4uaJoLSAbmU0gjS6sFMprH7xlQCPLDnWTRJcofs79+aHoIvmjwH9p/Q8ZDMkwIe8dxMPx3Dbt4JByaaTE2GYykZwnnFE0cB6as6zQvGkI4ZrCYU1gFTxQyxVCDLN1pDMhtGpvYebjKDkEZyFQ1TGSeWBUP49/RyA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5r7D+o0ss13p0J964MgwXCvriCU3FyCvgX7paOh7uu8=; b=DVJNJC9u2ICJ1Fkp3qgFVT/Ne1/maiwBMRujEtBTvyVqinEH1aYw9X32LjzjGvK8+xaRtVvecv/Ar3hC9488bc9ASYFfZKwL8x2L36DooTEDo2pUe3lA4Z0FhhCP9G2YWGCI1hQv8yg/4S5EU+y/k2HGhXfr+40zVyFWa8UAsM4=
Received: from MW2PR00MB0396.namprd00.prod.outlook.com (2603:10b6:302:9::32) by PH0PR00MB1184.namprd00.prod.outlook.com (2603:10b6:510:9e::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5759.0; Wed, 12 Oct 2022 08:42:43 +0000
Received: from MW2PR00MB0396.namprd00.prod.outlook.com ([fe80::56fc:78af:217e:5d99]) by MW2PR00MB0396.namprd00.prod.outlook.com ([fe80::56fc:78af:217e:5d99%6]) with mapi id 15.20.5764.000; Wed, 12 Oct 2022 08:42:43 +0000
From: Jack Rickard <jack.rickard@microsoft.com>
To: "stir@ietf.org" <stir@ietf.org>
Thread-Topic: [stir] I-D Action: draft-ietf-stir-identity-header-errors-handling-05.txt
Thread-Index: AQHY3haMs737Qat0qU2om3M+NW3fUQ==
Date: Wed, 12 Oct 2022 08:42:23 +0000
Deferred-Delivery: Tue, 11 Oct 2022 17:51:29 +0000
Message-ID: <MW2PR00MB039640FF47E48E955B0F286B88229@MW2PR00MB0396.namprd00.prod.outlook.com>
References: <166479835458.58107.10101117155380435576@ietfa.amsl.com>
In-Reply-To: <166479835458.58107.10101117155380435576@ietfa.amsl.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MW2PR00MB0396:EE_|PH0PR00MB1184:EE_
x-ms-office365-filtering-correlation-id: d8d82bf2-8992-4123-048f-08daac2dbaa9
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: SrQrt0TMH8i2GXR6o+x7aCmPt9a6nFaO7UT3j1YZLpREtBbfEPQBezUgoW49HQadWzDKHlIYcgIgbT9+5e2FryaP30sU54qSgNh7nkvqoJgnlElgcsGcr2xbtKhUXN0dqUOU/050gazrUi07bbESLesTPVa9F4dUwxr2D9YeGVwbiEGjlpmalC14pzY2/k80+lRkkBAVJZ8ILaJWngh02qDZhApUBGWqJwBf9Nx/R6E7TMOqI7725jj4BLQEMizoC5ihpcsttfQ1/aBGBIkY+tRiCAEMVCtIW33YeVXNo2IsW4Peumm63HoX3JLEvxVYZm5VuoYk2KzVY8uZLi3ky1/PnLnJQh5rosvIpgX5Fs6bVOGzTpIwrkQqVEZFQvu1n2F1PsEs1tKI9Bu4eakx/zv4Kb4hXXBvI7Fsx3wXfXjeEMsGyqEbsbmrc9hTU/BKOdMgdSzH692AMw4hpukppr+wssciCnUTLtbbNpNsxobF/lEDwknLjn3WL1BQVvG2uNfYTAs/kNWeoYyNYgW9X8eioAxsofT+TTAdLo00tltGJYPzbmyZiGsela/wyYWr7YSSOpx/cH2ASh1KYsOcB9BhP1u37Wyqdt3mtXokx97e+AUcHXrUSLsGGgiyZn63MevMir2RyoooHZnOZR6mwlQSR2NwsGaQDjBU//Y6MyqdKeE4zxyZpC5BryQD2KiuO3/rqQdjMSZ6mmMVZz/N5ZElaMszW8A8hAr21G9kjGKbztH5fvrJvBiuz0rSmVKLX7Biji97MFylp+WXGs5mgUYijs3+GWVCkvSURX6Viv5df3sFNFLsLpxx81xZMVdsQpCoPmPALX9Vz0wygMXjxafIqE4orWz5GI2E/EHgRHy+0EaA8Uma6I4UQwmeDUm6
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MW2PR00MB0396.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(366004)(39860400002)(346002)(136003)(376002)(396003)(451199015)(7696005)(6916009)(316002)(64756008)(66446008)(66556008)(6666004)(8676002)(66946007)(76116006)(66476007)(966005)(71200400001)(10290500003)(478600001)(5660300002)(52536014)(9686003)(2906002)(8990500004)(186003)(41300700001)(44832011)(6506007)(8936002)(66574015)(53546011)(83380400001)(122000001)(82950400001)(82960400001)(38100700002)(86362001)(55016003)(38070700005)(33656002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 7hD1LM9NOp4QoN+RFhzyOjqRTCu4ELlOhJRSR+lHKohkKIPhfiiyqffri9hxxD4bzlRMd/3PIwWHolU5fkYfJRkp/LQZGslQJrWZpStU13T5UJw6ecsRuaKQxQ41mfFrnGKh4u3S8ut18Gf6lrxwg43p0bt655T8cWrzjSaMuI8bE/8CPxZMBT/reBcFoFAn4h/PpLtnoyFrsx/aAVNfnh6nyBlaFLZbctD61LIY+3RyzX5a5wqmlhx+1kB+ifxKwR6iIDqpTskkTR91a/JcOwfSwgyQJOU4q/AOWUPfupbJAnVmOYcWGCI0l7g1LtXxRaZgZ9gGwYBqI0uIL43eZT7hxXx9pykg/v7wPdt+kGm++d6oR5+7YlzFf9RxND0YUD4mcYyh2VC8Wgkz+0EY4BcstMm9mMj8/Z0EhyPau0dyzui7PBBbvfDtXEusl7k9EwuWu9BmgqMS8Y9ophXelYNehBQ+cV9mOJOTQrV0VkvX93YS1KtyMxvw6sSNFseWenx0c1pWEpVDzCo4AJOWSst1jFCMMRl8DnGHMQ94jj2xJV6BP1mAToTmKk7IjeSfAOOQrL88gOCm5vmRZhfALuH5sGAEGgj+3UH/YHuHWd+itYgV241L8QUk8UdGP8fZLiZTGpVFVzmvwdcR90O+UkU13S/JMGHLSOUXmCR6SQx1Lli/fj/rd2vf44n1fZVttXOZ9r74MbcQWj3SSPxJFs/zYsZNwCkfJsBNzYOvBGwjxKnuB7HS3cn86F2rtMTMDaWIbT9PZbWKAnE2CHhEHTpKe40bcvSXQvaqrL3AdXmfZdsbPiFox3Yya8FS7C+iGpHMH3q2xvO/YydlzuW6liShyW66idlxlX37ZqgYXDEfJhvHVLx49Wig2UKQnnJZBMdeMCYWu1rI2+s1DltsjeFEpsC5qhJRJsePz18yR0fTGzAAD2OrdM0/qCKQUdFXowUGr5BX1guBzYy1rlrgTyaKr/rn0pUI+c52PL7AkvVVUtQGLY+aKTjlRzRNfutyl0qXfmjlMJ4cymLnQkpgNBfy/pYmIt2dxFqvn5DddRSB+nxMlnlUU6/+DwdjPOYn2nL0tjhlloJh5LAC5JNzziDUj6ptpNwObSrIf6vH1ZI7I6nHz0G5/ySH7YyN4ou85hHiKbaWm6FYs4/hkRE5k30aXYuM6mGoJO1G+pENy2iaIp8hwaWOVBtLHfAwhz8+BKovkg/qKzxF7LD7jNF9CtrGIxccOQNz+xwl6yyL8vXoWe+3DwUP2/RUmnM+ei87aR+8qvC1AzT6FAB77EN+qXiuNHXCNRZTiIC/GWGeHy0G3BRl633F5B/7NDmSptymVwuB8L0I/4PhLIPah9Gd8Zbhn7UqY22G0cRUR87ydoPnYiWokK/ZY4eXWQIUPTVEHpw0A1SqC0zvKHGEI6urswkzbvwW1+xCVS8hqAIcKeo3KhKfVjSblHVj4k2eNsYmUamHSUCPIrKYsbn8oSrq2cr/rDKmRmJ03mt6bPAIIuqNs/eq4CWdwK0IrcHkkoXahyP/t/1B7ySW3vymWm1Wu6sJxR1DPX16GHIVyNMUZB4BGCMzpdH5JmaANb1TP7lYWuXgBpF+jtDOwq8BFj7nTg==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW2PR00MB0396.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d8d82bf2-8992-4123-048f-08daac2dbaa9
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Oct 2022 08:42:43.1022 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: jXdT492Nb1niutLOv5A8JMsPf4tlPiDTJ90gCxfUik3nKflxeBRc4/XvOcDG9r6fhwxL6KP1WwthczWRiVmkr71iG1mXEeSvmNYPHobn6iE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR00MB1184
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/dW7KlWcdu2uUbyQBN3Iaq-zX3Vc>
Subject: Re: [stir] I-D Action: draft-ietf-stir-identity-header-errors-handling-05.txt
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Oct 2022 08:46:04 -0000

I've just realised this could have some slightly odd effects when div is involved. I don't think this will impact the document but I'm interested in whether anyone thinks this is an issue.

If A calls B (creates a PASSporT P: A -> B) then B diverts to C (creates a DIV PASSporT Q: B -> C). Then if C doesn't trust Q for some reason then it will also think that P is wrong because it has the wrong destination, it will then generate errors E_P and E_Q (granted a clever verifier might be able to spot that the DIV should have fixed P and not generate E_P). C will then send these errors back up, B will see E_Q, strip it and pass E_P to A. Now A sees E_P and gets very confused because it did everything correctly but sees an error saying the destination was wrong.

I think this is fine because a person reading E_P can probably figure out what happened, but it just struck me as an odd effect of the standards working together.

Thanks,
Jack

-----Original Message-----
From: stir <stir-bounces@ietf.org> On Behalf Of internet-drafts@ietf.org
Sent: Monday, October 3, 2022 12:59 PM
To: i-d-announce@ietf.org
Cc: stir@ietf.org
Subject: [EXTERNAL] [stir] I-D Action: draft-ietf-stir-identity-header-errors-handling-05.txt


A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Secure Telephone Identity Revisited WG of the IETF.

        Title           : Identity Header Errors Handling
        Author          : Chris Wendt
  Filename        : draft-ietf-stir-identity-header-errors-handling-05.txt
  Pages           : 7
  Date            : 2022-10-03

Abstract:
   This document extends STIR and the Authenticated Identity Management
   in the Session Initiation Protocol (SIP) error handling procedures to
   include the mapping of verification failure reasons to STIR defined
   4xx codes so the failure reason of an Identity header field can be
   conveyed to the upstream authentication service when local policy
   dictates that the call should continue in the presence of a
   verification failure.  This document also defines procedures that
   enable a failure reason to be mapped to a specific Identity header
   for scenarios that use multiple Identity header fields where some may
   have errors and others may not and the handling of those situations
   is defined.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-stir-identity-header-errors-handling/
There is also an htmlized version available at:
https://datatracker.ietf.org/doc/html/draft-ietf-stir-identity-header-errors-handling-05

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-stir-identity-header-errors-handling-05

Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts


_______________________________________________
stir mailing list
stir@ietf.org
https://www.ietf.org/mailman/listinfo/stir

v2.23.0 | Report a Bug | By Email