Re: [stir] RFC 8224

Brian Rosen <br@brianrosen.net> Wed, 07 April 2021 15:27 UTC

Return-Path: <br@brianrosen.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F5D13A1D11 for <stir@ietfa.amsl.com>; Wed, 7 Apr 2021 08:27:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.887
X-Spam-Level:
X-Spam-Status: No, score=-1.887 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=brianrosen-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 78DJPrxhxFol for <stir@ietfa.amsl.com>; Wed, 7 Apr 2021 08:27:14 -0700 (PDT)
Received: from mail-il1-x132.google.com (mail-il1-x132.google.com [IPv6:2607:f8b0:4864:20::132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24E993A1CEA for <stir@ietf.org>; Wed, 7 Apr 2021 08:27:14 -0700 (PDT)
Received: by mail-il1-x132.google.com with SMTP id 6so6897965ilt.9 for <stir@ietf.org>; Wed, 07 Apr 2021 08:27:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brianrosen-net.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=dkC6Zg0QVAsuMGH3jabqifUdNXTi47r2O1afMAzfvCA=; b=w1Ow1e2sLq7M4PGrwcg5PUyJa2kK9O8Zq/TWUrXMU1WzSk52DRKDE3kYth2txBxwOx 1aLYZiQA6NGashjX6sd4vWwDjlm9A1lxmKoiT27FtjM3wmZm4eNEHyaezZU+i6ggRg6W /d/HWTVOl2O9jJV0S6bcpKhVEXdjeDZMgx5TgjIdty1gSrij0b7/tLr+Q0WoCzVoSKT3 AFRO42mXjeZ66mbWFLmrR/l+fevt/t48z1DJEuhwuj9/5drGcaKT5yX45GAo/OjXVhcZ XRDFaEG3vG5LvKTjBAvnbBaY7jYmLD6RQ/X0tFuEZuK5UwxnoMsSme3MUmAsAPrX9fjl Psiw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=dkC6Zg0QVAsuMGH3jabqifUdNXTi47r2O1afMAzfvCA=; b=Vj4KJDosSJfpQIp9A+TkJs/DnmBxazWkOpu2VfJu4pU4j40i1ERcqyjU6SVSwGkmZe gQ1B8wxYPpphPEgHKmz8JX5QzDsGPhdEeJ5wbK4n6aJ3XtF0nfYnB5BmqasojLo5QqjB N0dt1X0FzTUKUmj/qNY+iSDzXaXmE9FIwEc4oo2cr3hpHkDcyDtaqbXNoBWmpYp/2krn XQtx2X6OolIJwRGRQoWgDf8ZAV0M7DsZSoebq37bTcEFUSE9Ujikch6Ab2SQEyak9J2V U1K2xSP8W6eCigeqvQOa5ATVKwrgQ/0skTl+w8+y/ZeaK86irLRyVE/E6vAmCY1vPjhH JFgQ==
X-Gm-Message-State: AOAM530g0dvDw5uSVOUR4BYy0A97ijL2gsYLngMdxPXtCFRWgfrWSarP Bti7YArWgu/Tjnb57ze8y3hjFg==
X-Google-Smtp-Source: ABdhPJwWA1z0WVUlOxUug12wZRHdYEWS0tzZqcnSmKRtKzWKEYfQ90lxK+vO4YLOpwQ4ST1z6zZrdw==
X-Received: by 2002:a92:d74c:: with SMTP id e12mr3219465ilq.13.1617809231672; Wed, 07 Apr 2021 08:27:11 -0700 (PDT)
Received: from brians-mbp.lan (dynamic-acs-24-154-121-237.zoominternet.net. [24.154.121.237]) by smtp.gmail.com with ESMTPSA id d22sm15257905iof.48.2021.04.07.08.27.10 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Apr 2021 08:27:11 -0700 (PDT)
From: Brian Rosen <br@brianrosen.net>
Message-Id: <ADC6B585-1DA8-4F42-B543-3398433326BF@brianrosen.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_E858A7BF-2C25-4C85-955B-483D0DD78701"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
Date: Wed, 07 Apr 2021 11:27:08 -0400
In-Reply-To: <5BE0F62B-2DE2-4073-BB7D-47DA2E1584B4@chriswendt.net>
Cc: Christer Holmberg <christer.holmberg@ericsson.com>, Eric Rescorla <ekr@rtfm.com>, Jon Peterson <jon.peterson@neustar.biz>, Marc Petit-Huguenin <marc@petit-huguenin.org>, IETF STIR Mail List <stir@ietf.org>, Cullen Jennings <fluffy@iii.ca>, "Toy, Arthur" <atoy@tnsi.com>, "Zerr, Brad" <BZerr@tnsi.com>
To: Chris Wendt <chris-ietf@chriswendt.net>
References: <DM6PR15MB4108EDAC1D320CA0132CFFE3C8779@DM6PR15MB4108.namprd15.prod.outlook.com> <85B1C6DA-6128-4D4D-A0A4-499C03CA390D@iii.ca> <AM0PR07MB3860550B5D4DB10FAA5EF0D293769@AM0PR07MB3860.eurprd07.prod.outlook.com> <ca269d6c-5b64-1c2d-3c30-06ecbe1945ee@petit-huguenin.org> <AM0PR07MB3860D8B8F633F8AD911CA47893759@AM0PR07MB3860.eurprd07.prod.outlook.com> <DM6PR15MB4108A6CF60DB1FB40C427C7FC8759@DM6PR15MB4108.namprd15.prod.outlook.com> <AM0PR07MB38609183F83C41834AC0BDB493759@AM0PR07MB3860.eurprd07.prod.outlook.com> <5BE0F62B-2DE2-4073-BB7D-47DA2E1584B4@chriswendt.net>
X-Mailer: Apple Mail (2.3654.60.0.2.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/hdKWOdwK2eiAT6wu_2d58GbOVH8>
Subject: Re: [stir] RFC 8224
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Apr 2021 15:27:20 -0000

I’m sure you all haven’t dealt with this yet, but:

The way we usually see telephone numbers is in a SIP URI: sip:+12025551212@example.com <sip:+12025551212@example.com>; user=phone.

SHAKEN deals mostly with the TN.  But 9-1-1 has a use case for the domain part: we send calls directly back to where they came from to increase the probability we will be able to recreate the same media conditions (video, codecs, RTT) etc the original call had.  In 9-1-1, there are no transit networks for the SIP path other than sometimes a specialized service provider, and we can deal with getting them not to rewrite the URI.  It really would be helpful to (eventually) sign the actual FROM/P-A-I with the domain.

If we ever got the messaging super players to support emergency messaging, we would have a similar circumstance.

Brian

> On Apr 7, 2021, at 11:09 AM, Chris Wendt <chris-ietf@chriswendt.net> wrote:
> 
> This is a legit question for RFC8224 and agree with the answers, but just in case it’s relevant you would not send these types of SIP URIs as dest in context of STIR/SHAKEN (over NNI/peering relationship) which only supports tel URIs currently.  That may not be your use-case but just wanted to clarify in case it was relevant.  I would be curious to know the context if you are willing to share though, i am guessing intra network use case between device and app server?  Definitely interested in those cases, for me in context of delegate certs.
> 
> -Chris
> 
>> On Apr 7, 2021, at 9:52 AM, Christer Holmberg <christer.holmberg@ericsson.com <mailto:christer.holmberg@ericsson.com>> wrote:
>> 
>> Hi,
>>  
>> ´*´ can be used as such in a SIP-URI, but ‘#’ would have to be escaped.
>>  
>> So:
>>  
>> To: sip:*55;phone-context=ims.mnc420.mcc312.3gppnetwork.org@ims.mnc420.mcc312.3gppnetwork.org;user=phone <sip:*55;phone-context=ims.mnc420.mcc312.3gppnetwork.org@ims.mnc420.mcc312.3gppnetwork.org;user=phone>
>>  
>> …is ok, but;
>>  
>> To: sip:#55;phone-context=ims.mnc420.mcc312.3gppnetwork.org@ims.mnc420.mcc312.3gppnetwork.org;user=phone <sip:*55;phone-context=ims.mnc420.mcc312.3gppnetwork.org@ims.mnc420.mcc312.3gppnetwork.org;user=phone>
>>  
>> …is NOT ok. Instead:
>>  
>> To: sip:%2355;phone-context=ims.mnc420.mcc312.3gppnetwork.org@ims.mnc420.mcc312.3gppnetwork.org;user=phone <sip:%2355;phone-context=ims.mnc420.mcc312.3gppnetwork.org@ims.mnc420.mcc312.3gppnetwork.org;user=phone>
>>  
>> …will have to be used.
>>  
>> Regards,
>>  
>> Christer
>>  
>>  
>>  
>> From: Zerr, Brad <BZerr@tnsi.com <mailto:BZerr@tnsi.com>> 
>> Sent: keskiviikko 7. huhtikuuta 2021 14.27
>> To: Christer Holmberg <christer.holmberg@ericsson.com <mailto:christer.holmberg@ericsson.com>>; Marc Petit-Huguenin <marc@petit-huguenin.org <mailto:marc@petit-huguenin.org>>; Cullen Jennings <fluffy@iii.ca <mailto:fluffy@iii.ca>>; IETF STIR Mail List <stir@ietf.org <mailto:stir@ietf.org>>
>> Cc: chris-ietf@chriswendt.net <mailto:chris-ietf@chriswendt.net>; Eric Rescorla <ekr@rtfm.com <mailto:ekr@rtfm.com>>; Jon Peterson <jon.peterson@neustar.biz <mailto:jon.peterson@neustar.biz>>; Toy, Arthur <atoy@tnsi.com <mailto:atoy@tnsi.com>>
>> Subject: RE: [stir] RFC 8224
>>  
>> Good Morning.
>>  
>> Would you mind providing an example of what the TO header should look like for both a * and # dial to help clear up?  Assume they are leading characters in the TO header.
>>  
>> Example of what is being sent today:
>>  
>> To: sip:*55;phone-context=ims.mnc420.mcc312.3gppnetwork.org@ims.mnc420.mcc312.3gppnetwork.org;user=phone <sip:*55;phone-context=ims.mnc420.mcc312.3gppnetwork.org@ims.mnc420.mcc312.3gppnetwork.org;user=phone>
>>  
>> To: sip:#55;phone-context=ims.mnc420.mcc312.3gppnetwork.org@ims.mnc420.mcc312.3gppnetwork.org;user=phone <sip:*55;phone-context=ims.mnc420.mcc312.3gppnetwork.org@ims.mnc420.mcc312.3gppnetwork.org;user=phone>
>>  
>> From: Christer Holmberg <christer.holmberg@ericsson.com <mailto:christer.holmberg@ericsson.com>> 
>> Sent: Wednesday, April 7, 2021 3:14 AM
>> To: Marc Petit-Huguenin <marc@petit-huguenin.org <mailto:marc@petit-huguenin.org>>; Cullen Jennings <fluffy@iii.ca <mailto:fluffy@iii.ca>>; Zerr, Brad <BZerr@tnsi.com <mailto:BZerr@tnsi.com>>; IETF STIR Mail List <stir@ietf.org <mailto:stir@ietf.org>>
>> Cc: chris-ietf@chriswendt.net <mailto:chris-ietf@chriswendt.net>; Eric Rescorla <ekr@rtfm.com <mailto:ekr@rtfm.com>>; Jon Peterson <jon.peterson@neustar.biz <mailto:jon.peterson@neustar.biz>>; Toy, Arthur <atoy@tnsi.com <mailto:atoy@tnsi.com>>
>> Subject: RE: [stir] RFC 8224
>>  
>> Hi,
>> 
>> >I think the question was about the format to use before canonicalization.
>> >
>> >My understanding of RFC 3986 is that `#` should be escaped because it is the delimiter for an URI fragment. Fragments are not defined in SIP URIs, but a generic URI parser may still remove everything after and including '#'.
>> 
>> "#" will have to be escaped in a SIP-URI, e.g., in a To header field.
>> 
>> But, Section 8.3 of RFC 8224 has nothing to do with a SIP-URI or the To header field.
>> 
>> Regards,
>> 
>> Christer
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> OTOH there is no need to escape '*' as it is part of the `sub-delims` rule.
>> 
>> so
>> 
>> ....
>> To: sip:*55;phone-context=ims.mnc420.mcc312.3gppnetwork.org@ims.mnc420.mcc312.3gppnetwork.org;user=phone <sip:*55;phone-context=ims.mnc420.mcc312.3gppnetwork.org@ims.mnc420.mcc312.3gppnetwork.org;user=phone>
>> ....
>> 
>> is fine, but dialing directly an extension would be:
>> 
>> ....
>> To: sip:+14085550460%2377@example.org;user=phone <sip:+14085550460%2377@example.org;user=phone>
>> ....
>> 
>> On 4/6/21 5:43 AM, Christer Holmberg wrote:
>> > Hi,
>> > 
>> > %2A is not the ASCII format of *, it is the escaped (see RFC 3261).
>> > 
>> > And, the syntax allows both * and #, so no need to escape (in fact, it is not even possible to escape in this case):
>> > 
>> > tn-spec = 1*tn-char
>> > tn-char = "#" / "*" / DIGIT
>> > 
>> > Also, note that RFC 8224 does not define the syntax of the To header field - that is done in RFC 3261. The telephone number described in Section 8.3 of RFC 8224 will be included in the PASSPort (RFC 8225).
>> > 
>> > Regards,
>> > 
>> > Christer
>> > 
>> > From: stir <stir-bounces@ietf.org <mailto:stir-bounces@ietf.org>> On Behalf Of Cullen Jennings
>> > Sent: tiistai 6. huhtikuuta 2021 15.30
>> > To: Zerr, Brad <BZerr@tnsi.com <mailto:BZerr@tnsi.com>>; IETF STIR Mail List <stir@ietf.org <mailto:stir@ietf.org>>
>> > Cc: chris-ietf@chriswendt.net <mailto:chris-ietf@chriswendt.net>; Eric Rescorla <ekr@rtfm.com <mailto:ekr@rtfm.com>>; Jon Peterson <jon.peterson@neustar.biz <mailto:jon.peterson@neustar.biz>>; Toy, Arthur <atoy@tnsi.com <mailto:atoy@tnsi.com>>
>> > Subject: Re: [stir] RFC 8224
>> > 
>> > 
>> > Adding to STIR mailing list …
>> > 
>> > 
>> > On Apr 5, 2021, at 9:19 AM, Zerr, Brad <BZerr@tnsi.com<mailto:BZerr@tnsi.com <mailto:BZerr@tnsi.com%3cmailto:BZerr@tnsi.com>>> wrote:
>> > 
>> > Good Morning.
>> > 
>> > This may not be the correct process, so let me know if I should ask this in a different forum.
>> > 
>> > I had a question regarding section 8.3 when it comes to * and # handling. Is this stating that when a * or # proceeds a digit string (i.e. *55), it should be in ASCI Format for the * (i.e. %2A)
>> > 
>> > <image001.png>
>> > 
>> > So Instead of this:
>> > 
>> > To: sip:*55;phone-context=ims.mnc420.mcc312.3gppnetwork.org@ims.mnc420.mcc312.3gppnetwork.org;user=phone <sip:*55;phone-context=ims.mnc420.mcc312.3gppnetwork.org@ims.mnc420.mcc312.3gppnetwork.org;user=phone>
>> > 
>> > It should be this
>> > 
>> > To: sip:%2A55;phone-context=ims.mnc420.mcc312.3gppnetwork.org@ims.mnc420.mcc312.3gppnetwork.org;user=phone <sip:%2A55;phone-context=ims.mnc420.mcc312.3gppnetwork.org@ims.mnc420.mcc312.3gppnetwork.org;user=phone>
>> > 
>> > 
>> > 
>> 
>> 
>> -- 
>> Marc Petit-Huguenin
>> Email: marc@petit-huguenin.org <mailto:marc@petit-huguenin.org>
>> Blog: https://protect2.fireeye.com/v1/url?k=980fc57b-c794fc4a-980f85e0-86e2237f51fb-d778e82319b4f5fa&q=1&e=032f1e9f-0aed-459c-b48f-5a5bb8a74467&u=https%3A%2F%2Fmarc.petit-huguenin.org%2F <https://protect2.fireeye.com/v1/url?k=980fc57b-c794fc4a-980f85e0-86e2237f51fb-d778e82319b4f5fa&q=1&e=032f1e9f-0aed-459c-b48f-5a5bb8a74467&u=https%3A%2F%2Fmarc.petit-huguenin.org%2F>
>> Profile: https://www.linkedin.com/in/petithug <https://www.linkedin.com/in/petithug>
>>  
>> 
>> This e-mail message is for the sole use of the intended recipient(s) and may
>> contain confidential and privileged information of Transaction Network Services.
>> Any unauthorized reviews, use, disclosure or distribution is prohibited. If you are not
>> the intended recipient, please contact the sender by reply e-mail and destroy all copies
>> of the original message.
>> 
>> 
>> This email has been scanned for email related threats and delivered safely by Mimecast.
>> For more information please visit http://www.mimecast.com <https://protect2.fireeye.com/v1/url?k=637df9a8-3ce6c0ad-637db933-86959e472243-f3817145c048b8e8&q=1&e=c8cf1527-7ed0-445d-a2d9-6e029fd3a549&u=http%3A%2F%2Fwww.mimecast.com%2F>
> _______________________________________________
> stir mailing list
> stir@ietf.org
> https://www.ietf.org/mailman/listinfo/stir