IETF Logo Mail Archive

Re: [stir] Interop related topics for STIR

"Peterson, Jon" <jon.peterson@team.neustar> Tue, 13 July 2021 22:42 UTC

Return-Path: <prvs=0828c6aa3e=jon.peterson@team.neustar>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 035C83A0F35 for <stir@ietfa.amsl.com>; Tue, 13 Jul 2021 15:42:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.696
X-Spam-Level:
X-Spam-Status: No, score=-2.696 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=team.neustar header.b=K70fm171; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=neustar.onmicrosoft.com header.b=frcY37hz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ApFqNPc9GWpx for <stir@ietfa.amsl.com>; Tue, 13 Jul 2021 15:41:56 -0700 (PDT)
Received: from mx0b-0018ba01.pphosted.com (mx0a-0018ba01.pphosted.com [67.231.149.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C145E3A0F16 for <stir@ietf.org>; Tue, 13 Jul 2021 15:41:56 -0700 (PDT)
Received: from pps.filterd (m0078664.ppops.net [127.0.0.1]) by mx0a-0018ba01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 16DMb0kV029109 for <stir@ietf.org>; Tue, 13 Jul 2021 18:41:56 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=team.neustar; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=team-neustar; bh=HbE1mfpxQDuEJkf/iWsMG0PJDq/7mvM7EP1E1gvJGjA=; b=K70fm171Fqa4Rmekzq+xD+h6DheTGAcKOV9tTO1F/EVKCZ/kGibH1Duwg3bIkYC6Xaen S79ny/I2opbyC6jHUavvA6nWFDssMfzh3CoDScVNVQDcsPx6oKuyC33xGDLLSIn6bV6H wUaSViqgDZ9MsqQS2dJjJR1I87UJigWyGBt82KiiYw2gtAZtGcMMapXVx5Re+meik/o3 MR6bOCaShCXO2uguMDA3p+JFi5nKcQ9WWIPAkwPwcMgXak1TF0cXYNAHucXaht9oDXea Ak1WxE6q4Y1m+40yIcq3+HBHHjjkY7gGiQcADguZO0/Tgb6k0dFdDeVLBhJcT6jHPEGx Nw==
Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-0018ba01.pphosted.com with ESMTP id 39rxjwjp8d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <stir@ietf.org>; Tue, 13 Jul 2021 18:41:56 -0400
Received: from m0078664.ppops.net (m0078664.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 16DMeX22003770 for <stir@ietf.org>; Tue, 13 Jul 2021 18:41:55 -0400
Received: from nam10-bn7-obe.outbound.protection.outlook.com (mail-bn7nam10lp2108.outbound.protection.outlook.com [104.47.70.108]) by mx0a-0018ba01.pphosted.com with ESMTP id 39rxjwjp8a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 13 Jul 2021 18:41:54 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KEvrGk5c7EZLYqA81FQQ9nM3CfAU3PiBEgQFDSLXddLmqEKjhAgjIvR3/gL1lE5jr0LiYzlDZQrZTJQPk9OgjjWz3xLDt+2VUijbALucrLPgHt8jdj7Bj6d/bv/KxBbHhg0SWWtK/N+L9pB0QNYwXm2Y9UcD2tXP+9jgFi4SPnP6COvsd3+EKa4fjffhhVdB13CVylnhExT5/s8IYc5BDHuNrTdIpSNdxgK4zAq/xxQKCK8Y/o8TzM6vQMnBWDnx6QI7oHLUChHCWsmyzHZDF6ebm0p2INktF5DxFNZBxPfLZxl2I79lNh7+fc2X2fITeuYwpFBoNuz6dNqgOSIZ6g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2z5aL2xCmBHHJomMJoE7+nkVPqetZG1PgtL/P1T+Euk=; b=O9z5jwJrSj590L7wgxDIQlmBiSm68VYcV7ATc4Ec+sIq1w433PXNfeRmiolcJ+TsVdcT+a4Nanawol19xnld9O+JjBb1U/+IidNDlmCqBTk0UpAh+eOZnw0/5ouiMkmCa4JJT4wLh/KPAElJeI5qtgKp3VOa5YjrVcX85wMu+LkxaQVJi+VacTY+l6bB7kvyuGLkk0ch0EFnhqf/wQiqiHTwsrW0c400q4UKd+IrZ8wIaZyovUG81pfeQWSUAY3LM4iV2/W6qFcWtOrv9g9p5sbdpMaBHOHdam0J+HvDKE8GkWR0CKMYKXXFIZFWj67CkX5W3FuN2n6M7hAli4jK4A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=team.neustar; dmarc=pass action=none header.from=team.neustar; dkim=pass header.d=team.neustar; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=neustar.onmicrosoft.com; s=selector1-neustar-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2z5aL2xCmBHHJomMJoE7+nkVPqetZG1PgtL/P1T+Euk=; b=frcY37hz6auS8yYHmcNNHNJEQbGURf/vVaCM0Bjyv3J2KnsgqCg49C4+f6mJP7L2DieC/WcYKFfNaP2hGU8u0Xtuqj5L/7xqv6GxmgvONbf3MdB3PJBjwb5z9PCKrmhBKPkQeF309d/PoW0HUlYQnynX4s3i9HcEpZIXsQeiVQ0=
Received: from BY5PR17MB3569.namprd17.prod.outlook.com (2603:10b6:a03:1b9::20) by SJ0PR17MB4510.namprd17.prod.outlook.com (2603:10b6:a03:293::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.21; Tue, 13 Jul 2021 22:41:52 +0000
Received: from BY5PR17MB3569.namprd17.prod.outlook.com ([fe80::4093:43ea:c83:1e99]) by BY5PR17MB3569.namprd17.prod.outlook.com ([fe80::4093:43ea:c83:1e99%4]) with mapi id 15.20.4308.027; Tue, 13 Jul 2021 22:41:52 +0000
From: "Peterson, Jon" <jon.peterson@team.neustar>
To: Roman Shpount <roman@telurix.com>, Chris Wendt <chris-ietf@chriswendt.net>
CC: Christer Holmberg <christer.holmberg@ericsson.com>, Russ Housley <housley@vigilsec.com>, IETF STIR Mail List <stir@ietf.org>
Thread-Topic: [stir] Interop related topics for STIR
Thread-Index: AQHXeBa8/2WwZ2OYqUyrO8TyLdnR8qtBQZ4A//+VEACAAH1NAIAAB0CAgAAVvYD//5oMgA==
Date: Tue, 13 Jul 2021 22:41:52 +0000
Message-ID: <C5BD7F3C-2172-4BE9-A8B5-EA132B8B0A8E@team.neustar>
References: <2C876D56-5E92-462F-890D-383076B91233@vigilsec.com> <CAD5OKxtE=W=wg8FDOC=yOqB6cHEAf5hoLWArvs6ysoeaWsxZMQ@mail.gmail.com> <8C2E746A-2B02-44CD-99F0-CA55C4051818@vigilsec.com> <CAD5OKxsQ+WO6zPcF49_DZV+DdxuNZJbSVWJtaRCTUqHAf2t80g@mail.gmail.com> <62682C90-8635-42B4-8D04-A89243ED54FF@vigilsec.com> <20E31A90-44D4-4F55-B67E-6106DC9D9763@team.neustar> <HE1PR07MB444105CF3A1F1E8C22553AD093149@HE1PR07MB4441.eurprd07.prod.outlook.com> <DEA7B3ED-ABD9-4BE6-8CE7-207849B18D75@chriswendt.net> <CAD5OKxsn4gEnNfnre9WNff7iPyvvHGC2Ryjc+8uBp=SgfQ2bmA@mail.gmail.com>
In-Reply-To: <CAD5OKxsn4gEnNfnre9WNff7iPyvvHGC2Ryjc+8uBp=SgfQ2bmA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.1b.201012
authentication-results: telurix.com; dkim=none (message not signed) header.d=none;telurix.com; dmarc=none action=none header.from=team.neustar;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: be9c7306-53ab-42af-5c48-08d9464f68eb
x-ms-traffictypediagnostic: SJ0PR17MB4510:
x-microsoft-antispam-prvs: <SJ0PR17MB4510933A24ECD5BE06AEA2F1E2149@SJ0PR17MB4510.namprd17.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6790;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: SHrpgLkCf1lM3h0Bo/XmLrsysDRy+mwwoVyk64/SXjDZ46+aLYBwCJ9708ujwd2S98KedtaBKukKM9qutTRfKxrwf5PKhlS9uDOHAPXlHuo3Ayz/kd7BS4L4J7DFn1c/TbQJMTMjgmoP6H7HZZg8I5yQ+U9JDjRRuRrpCx1SI88Ckt/h4yFHlAcH1lPer/BPD2n/FmQOqMAOZUSHs/zIs0u85tcxblKWDALfqazeKsKZSRe8xcog8/zku9x2XKWYZc7HAUfKMwdjIq9pvxsXai5vWC4lyzSzCggjy1sx+4ZZXuPPCPatWUHzCf2P5CPuJ6fW9y/67IJwg4hAht2e77/XpaDhKiTOSRqU97MrlD6XvWtxORIS82iCjC/JS5H2hAKFkx85vrHAkEawUkOfS2kQKxeqIakgGZ42eAEw/LVqJ2tHrhVVNwDMUkpCd+NAREdh8Wyi8dO/lTbUyFZiUcDBm9CE1ckVeYRyboCfiGWk56VwrJiJrqy7yYPt8trlRFtBF/Js6RI1s0JDB3Gqh8P+MhXN40h6HPlm3ZO3h05LqKRrB+VzJZ+VtxBOIHBHDdiVC8Q50RqTbE/vVIXbIGcVF/Vo0+nQme5HTlnnvZr7vUPyS8FyEQljADPd4mEa9eK2n9DSo4qjqoPgDdKjlWflZJD4PvyyjUIjK/XmUNiZKrZsBi//v0k6BS2E6yvMIMBBe2kPPNPC2QfUO+MuqqfDfTCtWKzE1KuuPXB7Ltm5Qx8lJ801zS8eRU32d4Q/u0WdQ+9xvAyBt/KKj7clTQDvl3qVdtQ8WOf8/5g5JdbmH2wLMQYX/MnGANQScmN6SJgSMkAxejTnFEHqYp/Lug==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR17MB3569.namprd17.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(346002)(396003)(136003)(39860400002)(376002)(6512007)(6486002)(5660300002)(186003)(122000001)(2906002)(8676002)(6506007)(38100700002)(53546011)(33656002)(26005)(8936002)(86362001)(4326008)(76116006)(110136005)(66446008)(66574015)(83380400001)(66476007)(66946007)(71200400001)(66556008)(316002)(64756008)(966005)(166002)(478600001)(54906003)(2616005)(46492011)(45980500001)(38070700004); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: VIqzZHbPcL/sjV13RpjuAR1txW+V2KlNfNR8hzMKM+WNk+vIAJNXWwrLhPf0ApJtFNqpWtJGYngCnZfmYdxV9YWoeXPCi9FKUPgBU6LGkSMy/MVPHEGSCEKUm0CMmfI6sgYvXVM4Rny7Mu/AntfjtrkgP4qyd21CsnT6DI3eyHk50xQVNFUsC7Om1lt+2TmxN+EZvgMMk03fPDKoqnBTWBW85AHoSnxBmBzD4M90BOBElRo7PAMxPWRsAijaYakyPvFg8HSv73WoH0QOhK2Zw+Dn0bIqz8bTykd/C6E2yUP7ISkoKbb9o8oMx6J4L2SwJqmB9G4HJF78AYWDCUnUeyP5D/qNwFg0v/hk90SIRNdaWsVfz2qV3kCDYimrSvQ4Av3ICxcmQ8d54ODUJBU3GyozZd+GYAp+4WC71zsPOGIRqgpVN0j6eh+kNIv9RmE43NyOCNdIsS99b997gvLcNFW3WXh0/LjT8fwkOLlWh5UlVBrNc75H/yi4qqYLGlaHkERljtNi0pP8CyhqRwgg3+8wmh6oloQabD27SNOrhGjxD3Ao9ZZyIt/hdVIrtcEHPJzIsBuTkg05d5GJN4COR5+71suuTvvK8H77NWnOghUdobKhDqTAmdZLpmWf/qKcwDIdE7A1/UGrJEZlq30VZjssGKoqZs5WCHsIDC1IOIMaB6UdN+eyfbuV6ACQPiMqBuK3wJrYejU+dCaEV9KF7nO0HuR+/iNLuXNnySudCSns3SDbUi8WrAVslSuPktSE3RfvlfBIYU/NHM6pclCdymiifBmkHRVd8+WAyDiX/XCRb+a3DGsj+Xs3TaRIblwyDhle6fpUY++MZT5BrubRDzLCC1zwMRMYfQZlUjsTnuHSdyZl4thE17x6pt4W2PVsHeZXhPmkfkRHkDhf8kYpwbyNd/AlRcqpPCz5HVnTtA4Pcs/+Edr9QBd7K93dvzb+HuX3SyHxf8S/DdPOq6C2Gp9vlZ2vGF0XSP/caqodqChDQfNqduEq6l7AWkWC5/buoC8XpK5fUMJ511C9FeM7cgrsqVBU+A5Cx/gqyzEhnpQwAslJK3WA1oZiHDPioKxzScZo2zLimbdhQoPzq3Jy1GPjBxRDLgEY3vW/GmRgmzQLdXOuS3V3jL2JTt0j6ULSMDArMlxBdv3/WE35OILh2yY1JCYehMZkBB75xlJinf8nz0uWgdagZwZTGxlsDzHNEDIUEszZxsu19vSoKMlmDfQJo2ftwKz1dgsL+OVQzCsh2+fMcGcbfD6F9W0tSmzAqsyo/5iaIFRWtk3bCC7Yugs9dtLoyABvWAl2O8r8QOFxTKsy4THsecdkIiPJCNHH
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_C5BD7F3C21724BE9A8B5EA132B8B0A8Eteamneustar_"
X-OriginatorOrg: team.neustar
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR17MB3569.namprd17.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: be9c7306-53ab-42af-5c48-08d9464f68eb
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jul 2021 22:41:52.5182 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 73a2bbc1-f307-47c4-8f94-5f379c68bc30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: jxPzVD2LhiuBCnyOFC652HetiBDOT/BhhFOmbaFbuqtJDoZb2YtEwt6S9kavNHiGmkVrlGwjUX1A7pZRo0dhdKKmfFlOdb9Hj7EATntZfbU=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR17MB4510
X-Proofpoint-GUID: faPp8-fqkVSE7ScqdI5xIKQxyca9TWR3
X-Proofpoint-ORIG-GUID: faPp8-fqkVSE7ScqdI5xIKQxyca9TWR3
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-13_12:2021-07-13, 2021-07-13 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=999 phishscore=0 lowpriorityscore=0 clxscore=1011 priorityscore=1501 impostorscore=0 mlxscore=0 spamscore=0 malwarescore=0 suspectscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=2 engine=8.12.0-2104190000 definitions=main-2107130137
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/hJKD82Hedo4fVvzMhLLcBLcCPC8>
Subject: Re: [stir] Interop related topics for STIR
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jul 2021 22:42:02 -0000

The stuff in full form PASSporTs is also redundant with the To, the From and/or PAID, and I gather a bunch of 3GPP headers. Full form was designed to be redundant with things that appear elsewhere in a SIP request. If we want to explore how to save twenty or thirty octets in SIP messages when STIR is involved, I think there are a number of potential ways to try to achieve that. I’m not sure how pressing that is, though.

Moreover, as there are about a zillion calls being signed per day now, I think we need to be cautious about jettisoning things that RFC822X told implementors to expect to be there. It’s one thing if we gave confusing guidance (per issue 1) and another thing if the guidance was clear but some people aren’t doing it. We can make significant changes in the long term, but I expect we’ll be more motivated by either fixing things that don’t work as written or enabling new things we want to do that we can’t enable without surgery – even if it would potentially break existing implementations. The bar for that is fairly high, I think.

Jon Peterson
Neustar, Inc.

From: Roman Shpount <roman@telurix.com>
Date: Tuesday, July 13, 2021 at 2:48 PM
To: Chris Wendt <chris-ietf@chriswendt.net>
Cc: Christer Holmberg <christer.holmberg@ericsson.com>, "Peterson, Jon" <jon.peterson@team.neustar>, Russ Housley <housley@vigilsec.com>, IETF STIR Mail List <stir@ietf.org>
Subject: Re: [stir] Interop related topics for STIR

Regarding 2 (SIP Message Date header), since the signature date is already present in the Full-Form Passport, the additional Date header on the actual message is completely redundant. Also, the Date header can be modified or removed by equipment down the line from the SIP signer, so the SIP message can be verified even if the Date header is not present. I cannot claim that I've participated in every interop event, but this issue has caused problems with OpenSIPS, Kamailio, Asterisk, and Ribbon SBC (which affected most of the large US LD carriers). A lot of singed calls do not currently insert the Date header even though it is required.
_____________
Roman Shpount


On Tue, Jul 13, 2021 at 4:29 PM Chris Wendt <chris-ietf@chriswendt.net<mailto:chris-ietf@chriswendt.net>> wrote:
Agree with Jon and Christer's comments, 1 we all agree on as discussed in meeting, but 2-3 and 5 are news to me, 2 is an important part of replay attack, could it be done in other ways, perhaps, but i think it’s a little late for that conversation at this point.  In US at least, there is a highly significant percentage of calls being signed as we speak, particularly after the June 30 deadline and these issues haven’t surfaced in IPNNI discussions, interop forums and real-world usage to my knowledge and i’ve been paying pretty close attention to this :)

-Chris


On Jul 13, 2021, at 4:03 PM, Christer Holmberg <christer.holmberg=40ericsson.com@dmarc.ietf.org<mailto:christer.holmberg=40ericsson.com@dmarc.ietf.org>> wrote:

Hi,

Regarding 4), I agree with Jon. As I’ve said before, a SIP message can exceed 1300 bytes even without STIR. If the usage of TCP for SIP needs to be better explained, that belongs to 3261 (or, perhaps a generic TCP-for-SIP draft).

Regards,

Christer

From: stir <stir-bounces@ietf.org<mailto:stir-bounces@ietf.org>> On Behalf Of Peterson, Jon
Sent: tiistai 13. heinäkuuta 2021 22.35
To: Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>>; Roman Shpount <roman@telurix.com<mailto:roman@telurix.com>>
Cc: IETF STIR Mail List <stir@ietf.org<mailto:stir@ietf.org>>
Subject: Re: [stir] Interop related topics for STIR


I think 1 needs to be fixed as an errata; it’s an actual bug in the current spec.  From my perspective, 2 and 3 are more “it would be nice” sorts of issues that we’d explore if we had some more substantial motivations to do an rfc8224bis – I don’t think they are worth doing a bis for on their own merits, especially not given the current state of deployment. 4 is not really a STIR issue, just a 20-year-old SIP issue that STIR is the latest thing to exacerbate. And as for 5, I’m not sure what the issue is… elaborate?

Jon Peterson
Neustar, Inc.

From: stir <stir-bounces@ietf.org<mailto:stir-bounces@ietf.org>> on behalf of Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>>
Date: Tuesday, July 13, 2021 at 11:57 AM
To: Roman Shpount <roman@telurix.com<mailto:roman@telurix.com>>
Cc: IETF STIR Mail List <stir@ietf.org<mailto:stir@ietf.org>>
Subject: Re: [stir] Interop related topics for STIR

Roman:

Assuming that others agree with the way forward, it seems that 1-3 are the start of 8224bis, and it seems that 4 might be a new Operational Considerations in 8224bis.

Again, assuming agreement on the way forward, 8226bis should reflect real implementation.  That said, 8226 also envisions finer granularity than we have seen so far.

I think a STIR Torture Test document would be very valuable.

Russ


On Jul 13, 2021, at 2:41 PM, Roman Shpount <roman@telurix.com<mailto:roman@telurix.com>> wrote:

I am moving this into a new thread.

So far the following RFC8224 issues were identified:

1. Errata regarding quotes in ppt value (Errata ID: 6519). Need to verify that both ppt values with and without quotes are supported when Identity header is received

2. Date header is required. It should probably be optional since the information there is redundant when the Full-Form PASSportT is used. Several known implementations omit it.

3. Should it be possible to omit ident-info and ident-info-params when the Full-Form PASSportT is used? All implementations I have seen include it, but there are occasional mismatches.

4. When SIP message is over 1300 bytes, the request MUST be sent using a congestion-controlled transport protocol such as TCP (https://urldefense.com/v3/__https://datatracker.ietf.org/doc/html/rfc3261*section-18.1.1__;Iw!!N14HnBHF!s3wkdF-CPSzQ5Dj_xE-bIU-BYRIo1_DTm68Zwtemz11lc175-u2pEnXxEk8$ <https://urldefense.com/v3/__https:/protect2.fireeye.com/v1/url?k=903fe637-cfa4ded5-903fa6ac-86073b36ea28-33d90488cafd9ba9&q=1&e=0b2e7635-bc78-4316-8051-c8abb27c2107&u=https*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2Fdatatracker.ietf.org*2Fdoc*2Fhtml*2Frfc3261*2Asection-18.1.1__*3BIw*21*21N14HnBHF*21oAy6J5s7jZgI4_5_yZuq0vQqaQNof-Hm5As08cXc4f_4q6Ey-LKdpEIAy_v4cJVm6QTc4w*24__;JSUlJSUlJSUlJSUlJSUlJQ!!N14HnBHF!szFDEdAqnJ7qCB8YhW3a3ZVGX1xptKX3SY7GNVMOnf3QlLaIDopLVaOvAWw0z6i1ocGhzQ$>). Considering that the Identity header is typically around 1000 bytes, this requires all networks to start using reliable protocols which is not currently the case. There is a way to work around this for the private links where MTU is under vendor control, but for links over the public internet, this needs to be clearly stated and tested.

5. I do not think RFC8226 reflects the actual practices for STIR certificates.

We should also consider an informational document with STIR Torture test messages as well as BCP.
_____________
Roman Shpount


On Tue, Jul 13, 2021 at 1:57 PM Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>> wrote:
I think that a SIPIT would be a very good thing, but that is not and IRTF activity.  That said, I would be very happy to use this list to know about a SIPIT once it is organized.
Are there other interoperability or ops-orient topics about STIR that needed to be discussed?  If so, please start a thread.


_______________________________________________
stir mailing list
stir@ietf.org<mailto:stir@ietf.org>
https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/stir__;!!N14HnBHF!s3wkdF-CPSzQ5Dj_xE-bIU-BYRIo1_DTm68Zwtemz11lc175-u2p3-U0qYA$ <https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/stir__;!!N14HnBHF!szFDEdAqnJ7qCB8YhW3a3ZVGX1xptKX3SY7GNVMOnf3QlLaIDopLVaOvAWw0z6iFMXB1vQ$>

v2.23.0 | Report a Bug | By Email