Re: [stir] AD Review: draft-ietf-stir-oob
Russ Housley <housley@vigilsec.com> Tue, 03 September 2019 21:38 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 750ED12013A for <stir@ietfa.amsl.com>; Tue, 3 Sep 2019 14:38:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e1CJ60zp4S8F for <stir@ietfa.amsl.com>; Tue, 3 Sep 2019 14:38:40 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76D20120071 for <stir@ietf.org>; Tue, 3 Sep 2019 14:38:40 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id CDDEA300B0E for <stir@ietf.org>; Tue, 3 Sep 2019 17:38:38 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Z4fIZrmRIkTf for <stir@ietf.org>; Tue, 3 Sep 2019 17:38:37 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (unknown [138.88.156.37]) by mail.smeinc.net (Postfix) with ESMTPSA id 0DF0E3005DF; Tue, 3 Sep 2019 17:38:37 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <838e0acf-1d37-2986-15a2-a28aad674b1c@nostrum.com>
Date: Tue, 03 Sep 2019 17:38:37 -0400
Cc: draft-ietf-stir-oob@ietf.org, IETF STIR Mail List <stir@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <264525FB-CBD3-442E-80ED-573719B7ED69@vigilsec.com>
References: <838e0acf-1d37-2986-15a2-a28aad674b1c@nostrum.com>
To: Adam Roach <adam@nostrum.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/fM9dGUdf773rN1nwuB3tN6_EwSg>
Subject: Re: [stir] AD Review: draft-ietf-stir-oob
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Sep 2019 21:38:43 -0000
Adam: These look straightforward to fix. Do you want to proceed with IETF Last Call in parallel? Russ > On Sep 3, 2019, at 1:18 AM, Adam Roach <adam@nostrum.com> wrote: > > This is my AD review for draft-ietf-stir-oob. I will be requesting > that it be put in IETF last call shortly. > > Thanks to everyone involved for taking the work to work out and document the > thinking so far on an out-of-band mechanism. I have no substantive comments, > and only a small number of editorial suggestions, below. Please treat these as > any other IETF last call comments. > > /a > > > --------------------------------------------------------------------------- > > §1: > > > do use SIP do not always carry SIP signaling end-to-end. Xalls from > > Nit: "Calls" > > --------------------------------------------------------------------------- > > §1: > > > This specification therefore builds on the PASSporT [RFC8225] > > mechanism and the work of [RFC8224] to define a way that a PASSporT > > object created in the originating network of a call can reach the > > terminating network even when it cannot be carried end-to-end in-band > > in the call signaling. This relies on a new service defined in this > > document called a Call Placement Service (CPS) that permits the > > PASSporT object to be stored during call processing and retrieved for > > verification purposes. > > This is still phrased as if the remainder of this document is a complete > specification of mechanism rather than the more limited scope described > in the paragraph that follows it. Perhaps: > > s/This specification/The techniques described in this document/ > s/define a way/describe a way/ > > --------------------------------------------------------------------------- > > §5.2: > > > A call originates with an enterprise PBX that has both Internet > > access and a built-in gateway to the PSTN, which communicates through > > traditional telephone signaling protocols. The PBX immediately drops > > the call to the PSTN > > The colloquial use of "drops" in this context can be confusing. (I had to > re-read to ensure that it meant "routes" rather than "aborts"). Perhaps > "...immediately routes the call..." > > The same comment applies to §5.3. > > --------------------------------------------------------------------------- > > §5.3: > > > If > > so, it can retrieve the PASSporT and, when it creates a SIP INVITE > > for this call, add a corresponding Identity header per [RFC8224]. > > Nit: "...Identity header field..." > > --------------------------------------------------------------------------- > > §5.5: > > > the SIP call with an Identity header. As a fallback in case the call > > Nit: "...Identity header field." > > --------------------------------------------------------------------------- > > §6.2: > > > This requires the retargeting entity to generated > > encrypted PASSporTs that show a secure chain of diversion: > > Nit: "...to generate..." > > --------------------------------------------------------------------------- > > §8.1: > > > or more credentials that can be used to sign for that identity, be it > > a domain or a telephone number or something other identifier. For > > Nit: "...or some other identifier." > > > Identity header field value of the SIP request - though SIP would > > carry cleartext version rather than an encrypted version sent to the > > Nit: "...carry a cleartext..." > > --------------------------------------------------------------------------- > > §8.3: > > > could receive a call with an Identity header, extract a PASSporT from > > the Identity header, and store that PASSporT at a CPS. > > Nit: "...Identity header field..." (twice) > > --------------------------------------------------------------------------- > > §9: > > > As an rough example, we show a Call Placement Service implementation > > Nit: "...a rough..." > > --------------------------------------------------------------------------- > > §10: > > > This document does not prescribe any single way to do service > > discovery for a CPS; it is envisioned that initial deployments will > > provision the location of the CPS at the AS and VS. > > Nit: expand the acronyms "AS" and "VS". > > _______________________________________________ > stir mailing list > stir@ietf.org > https://www.ietf.org/mailman/listinfo/stir
- [stir] AD Review: draft-ietf-stir-oob Adam Roach
- Re: [stir] AD Review: draft-ietf-stir-oob Russ Housley
- Re: [stir] AD Review: draft-ietf-stir-oob Adam Roach
- Re: [stir] AD Review: draft-ietf-stir-oob Peterson, Jon