IETF Logo Mail Archive

[stir] Malformed PASSporTs

Jack Rickard <jack.rickard@microsoft.com> Fri, 14 January 2022 16:28 UTC

Return-Path: <jack.rickard@microsoft.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3590A3A28D2 for <stir@ietfa.amsl.com>; Fri, 14 Jan 2022 08:28:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.677
X-Spam-Level:
X-Spam-Status: No, score=-2.677 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6M6PVuDpElJL for <stir@ietfa.amsl.com>; Fri, 14 Jan 2022 08:28:40 -0800 (PST)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2100.outbound.protection.outlook.com [40.107.21.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08C3D3A28CE for <stir@ietf.org>; Fri, 14 Jan 2022 08:28:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VMYJH0kzE0GwviJo3PSlIK/puAQKF2pELSwzvO9k5EaVfGgWeGkvQALWuIh3x57oEFx+BuVoKrAsPYqQ99sZkc4YruAkZ/QNHST+nS549GGeIhzs3KJtkRKw+2rxx64zCyf9SIOCcMm3shMz/QLHsPqKkQ7RLLoFH56tbLzo1xx1LlWBkeMwXQSCjzjb3RPCX+RtzVIGPC/WcaP0nbiS8S2jnM6NyWU5sfdpQNMJ/vsclG16O0q6+4zkoOhhnnf/eVy9RQz6I8P2ADEvGhDLBDJRnLg/3/AI9yAmMlHaVtt+oqHS+hiRxc79RL/EtbzohmbBoGFeZBmT+j2c8Oycsw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CgD3OTk3lxb0E26GMZwr6d5m1I/6s4KKe7I41GdrkAw=; b=WWOOa0CA/fhZibdk5dbQMC97nJNrVTdMpOkS+clfXiaurOcFTt27CNaLOv7HDuFj7xXTsxtE+VJqGs/rfMe014IsB+hYwbea+1c6QggNOKIKfihMB0t+5KombyrEFWDxN45krNv8V0LQgRAlLiQ00W+hzibz2y5FszvnUVmdHUFmmSVW/D4AFU9Qejkj9uOy0A48rGDes8OW1a4665GcKgSQP4SHlGLspoGglMCDcVzDWKlgVR2SolWKit1/l7i0B34TwMeiMQ9s/YP+a0UXseevvh0rz0dbPXivbyWl9pDlSvn4BIfQr68A60Eaf2M4DxIhy5g1B1b7hA4fO798Tw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CgD3OTk3lxb0E26GMZwr6d5m1I/6s4KKe7I41GdrkAw=; b=GnjqNaHOuASxxmPOa3iXiZ7DFyRJzTIc9VJzVBq3ed8o1sLdgehGALYWz8gX0z1jAOE+6lw4g0nkEz7J922CR3CadyZ0kRx7MQEDSqWSC0yATFIUCF27OBMQum0SUBJ3E4+MvJDB7/eWMxnMqza00tIpuW1/yM7XU3lKpZBKpJ4=
Received: from AM5PR83MB0355.EURPRD83.prod.outlook.com (2603:10a6:206:25::24) by VI1PR83MB0448.EURPRD83.prod.outlook.com (2603:10a6:800:193::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4909.1; Fri, 14 Jan 2022 16:28:36 +0000
Received: from AM5PR83MB0355.EURPRD83.prod.outlook.com ([fe80::9543:909f:b33:dc64]) by AM5PR83MB0355.EURPRD83.prod.outlook.com ([fe80::9543:909f:b33:dc64%5]) with mapi id 15.20.4930.000; Fri, 14 Jan 2022 16:28:36 +0000
From: Jack Rickard <jack.rickard@microsoft.com>
To: IETF STIR Mail List <stir@ietf.org>
Thread-Topic: Malformed PASSporTs
Thread-Index: AdfmsAJyqz0I5fPwSbalNkg0vQt0iA==
Date: Fri, 14 Jan 2022 16:28:18 +0000
Deferred-Delivery: Fri, 14 Jan 2022 16:27:42 +0000
Message-ID: <AM5PR83MB0355609D1C09E94888C034E088549@AM5PR83MB0355.EURPRD83.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=5bebbbee-bbe3-46f7-b2e4-defa96affa7f; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2021-12-01T12:35:48Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a102cf32-4991-4abd-e1cf-08d9d77aea23
x-ms-traffictypediagnostic: VI1PR83MB0448:EE_
x-ms-exchange-atpmessageproperties: SA|SL
x-microsoft-antispam-prvs: <VI1PR83MB04484B9869132B2C40F60D5B88549@VI1PR83MB0448.EURPRD83.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: y2Nc9Av61VfJqNvGPDIdaS1LIJZd8N1eDUuB95pKOhtZEd+TuumsAAmmtTOW0PBVBcQWFe5sVmt5jipshHuSnaA/xM++cCm2IdCL5SDRpch86SF6xJm0jpujR4ptsC217mN2jOns8D0spfjt1pt97G5ljvHTPVD3Oky6BACkLc5SnltGG2NnnfqBo+8HJn1KDAXTVFLZx4bdvLRr2vIiEqHrpchs/conV7zodBUxHCka+QZ/1eJTcHT4Jd1UUdLMW1iFp/6JSAiPvL40v4AZD+GQpyxmCyiPs0qI2vjiNki6Pvfo7Jhxr1HeQC3INe6m0dm0pD6yjiu98n7rxchrZyBIIW3kVugGH8XNhWzYUePpdZKFuzeouZAToxdEmDRcWq/xBNL2RSYPBrVbS0kfYTQMDXHRP9QsJG+mTvnfRh6+rGcb3TgspyxiSYppVhaoUPlsm6Je8RfeO0W9jZNgZxJfPFLvzWHw2I5jqMUT8bMr3ULnzx+kqmr/w7a3p6FeqCLoD+hHPKiG2tda9S60/ckZDFqxPcf0yl0jbTyGcMZ8a932LAM+h63JXZPbU9PMulO5rGXheVeIuFH8Pn1ADt4orgzMO0IGHUCLrqbZ0WBpx5kwg/pwCxJH7411PAPzr/HWAaADiUTTqkwJo+NzOCJAbCO4J5ec70ws9H32z0cEHscVKT4k7mkPF7bhi8rmq0ZDvWUyF+/76TY3yFwK5FqHDTA3Z55LXujbIkMJAPl8MGSd1lcRE5rSFaoK5/GJ
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM5PR83MB0355.EURPRD83.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(10290500003)(55016003)(82960400001)(66476007)(9686003)(52536014)(66446008)(66946007)(2906002)(8990500004)(8676002)(316002)(8936002)(76116006)(86362001)(26005)(83380400001)(33656002)(64756008)(7116003)(66556008)(44832011)(5660300002)(38070700005)(6666004)(122000001)(508600001)(71200400001)(7696005)(6506007)(6916009)(186003)(82950400001)(99936003)(3480700007)(38100700002)(20210929001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: /sfrufGhwGvUnZhRHsuBu/jJ+7XZDXwXcG6agzks9nnIaBGNChMqyq+xiXeeiVzBu4u1QX5wj7V04fqyxkrHnkyjdJnpODwA6yW3XAhGj77zulu/r8/AsChfBts+xCHW8avL1N5Qep+vo6+veAO2wjXOFxNkfstv0m2HY+OLdZgXXglnoDMIaFGgnY0LLOqDp7ON5uPLFirLloZNOakCrpOqk73m1DsjoStzRm6YnCGUrtrmT+rFFcC8+q0JVeWr9TekqpRDw0WV8zyxLvsaXTlVucvVcHOXD/xzmhiic4CoC4riOhjRZl9FB4hnupCx5OKxWoDMGzews17J+WiZtilnk00bZEUSPIZgJRrmIWmPqoa0G5r99hBwUsLiPuxymoOZfQC31xoLd6ajzxSbwEqKTgL5nnGala7LMiGo2HrYHP8haw9hkIJLrOZqwB72NNq2bJ88glT5d6NMfblkv97QaHoVfcDXQTEiqGzRUsNYEOGTb6l37MOhDgiHpr4m1eKpb5OJv04njdq8FIgzwbLKU9FfAGCc9tty2+ZmDxclRgvWQ7l5oNmiwaS9LGKA6I87XmYCm2jH1gqx6k5BFMB7TKcmxThEAmaUJOeMhnJhncBhlCSn++UXm5iX2yNC8H/H04kOGIXxdM604Nw6dltGOIV8R0c7iTl8+UOa3QW7KtTzRn/vbNOKuaJsSxN+dYOroK2mG/UkdLwk7hb1LKUT9dMRgs5sLxCgNzbv9Qdh78ShMXPeaP9WETTRw0N+3RfvbCi/j2WfhOWjNyhUpk/Cc+ra5qwxsGD4sTX4x4IodnFYwYOnGTOQIKXPj11MizEETDL8/7q+Lo8svdieLt9rulywvI6H3GRoOxqQb90uD4YHmTpliTsPwBWPcUZV5NKryhgiSGHtWHvEb2YVPMCi+Docsa5sk3qoiVWuqdWybDMULDWhyCgb5pUqsAa6v91OuxF/meRlWyEKc78f73m5uN+8wO4tn76/w7nYFG8lSNziv0Uu5ikJbTcoN6Anl3fEDIbx2cm+9bO+qCu3fXmtWEW8qJCDmysji5h3jZxsuTElotyU8xMkktGFLCk/cZJuEeJVppEBH4YFyvqBrlaBQ0OTSG29a2ALbX8NJXOp2ZthnN0hrEl2hanHiNYGJhWrrVa2gvTGm9y1XAmD/2W2TtlPBhtnkABz29zBXHHPfjnlyyFS9S3Y2e2bxjujlLoxsC7Rgy8nP8I3gZdSGzAzWJCN+0o2r2TNXYRVo0tl1F4AWGNJIg7BHiIWsUdnMumLo2uimHmkYB6YfHuVhBQc6Ph2I0gzHLePcLjMr4m1Y9aK28PNifjFAeG5tnK/S7LN1finkXfViAjoY97MnFXVTmshXvbUl6SUe6BS0lBH5A97TceU7Y43hvX4cvhy1wrMxr9B0+IvMxm5LHQwSIQTLjeax+VJJ3tmYUJOTmw4Q8Xu5+/8G/ap+lHn4XQhaisk+y2VTS/s7GXqpG291oVTpiLlSVvLQQK2p1P1VNLuddzynU8c3L+w6wkyfnQTC7xBM7nf8QrsqcL1h2RRtih1WXzrt/dxfZYKWH2ykk8ajzfF8K7aVTW3ymDPG4wPuMtdfPc3SHaQ+YMnDZasBw==
Content-Type: multipart/related; boundary="_004_AM5PR83MB0355609D1C09E94888C034E088549AM5PR83MB0355EURP_"; type="multipart/alternative"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM5PR83MB0355.EURPRD83.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a102cf32-4991-4abd-e1cf-08d9d77aea23
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jan 2022 16:28:36.2238 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: FiTAoHG5/I6Er1p8Wozujse8w7dc5NtC+qYcI1Fe49j5dIrf4jW0+b+ogbrNoGciR4s4bmxjljTGJibVI+vSMGFrqrmJIqxJibONdjCEdNI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR83MB0448
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/hodgKYv0s1WQrNgSP1LUPz6EE2M>
Subject: [stir] Malformed PASSporTs
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jan 2022 16:28:42 -0000

Hi all,

What's the intended behaviour of a verification service when it encounters a PASSporT with badly formed claims, but is otherwise valid?

There's a progression of possibilities here which range from being able to do nothing to being entirely ignorable. I'm worried there are interop or security issues I haven't thought of with being maximally permissive.


  1.  Fundamental field totally invalid

"orig": [2]

It's impossible to validate this passport no matter how lenient you are as there's no way to verify this against the From header.

  1.  Fundamental field partially invalid

"dest": { "tn": ["12345556789"], "uri": 6 }

Theoretically you could validate this passport if the INVITE was to 12345556789, however processing this would be awkward, and for the sake of the ecosystem it may be better to reject it.

  1.  Extra field invalid

"ppt": "rph", "rph": "invalid"

This is not a useable RPH passport but could degrade to a base passport and provide some authority. RPH may be a bad example because I'm not sure it's meant to attest to the caller, however if the ppt field was malformed you wouldn't know that...

  1.  Optional field invalid

"ppt": "shaken", "rcd": {}

The field isn't mandatory, nor is it the primary focus of this passport. Ignoring the "rcd" field would do very little harm, bar allowing dodgy implementations to proliferate.

  1.  Unnecessary non-STIR field invalid

"aud": 6

I doubt many STIR implementations even check if non-STIR fields exist, let alone whether they have the right type. Completely ignoring this feels like the right thing to do, however rejecting it would also be reasonable, if everyone agreed.

Although, not checking this specific field is in violation of the JWT standard, so maybe this should be rejected?

  1.  Completely unexpected field

"foo": "bar"

AS this is JSON I'm pretty sure this should be accepted and ignored.

I haven't been able to find much in the standards addressing this, so I'm interested to know your opinions. I've been unable to come to much of an opinion myself, being permissive feels sensible, but could have negative effects on the ecosystem and generally raises more questions than answers. Being draconian is probably simplest, but could cause interop problems, especially as things change.

Thanks,
Jack Rickard
he/him
Software Engineer
jack.rickard@microsoft.com<mailto:jack.rickard@microsoft.com>

[Microsoft Logo]

v2.23.0 | Report a Bug | By Email