Re: [stir] Call For Adoption By STIR WG for draft-peterson-stir-messaging
Alex Bobotek <alex@bobotek.net> Tue, 24 November 2020 22:32 UTC
Return-Path: <alex@bobotek.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2A373A0E52 for <stir@ietfa.amsl.com>; Tue, 24 Nov 2020 14:32:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=bobotek-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FrfALoyxMevo for <stir@ietfa.amsl.com>; Tue, 24 Nov 2020 14:31:57 -0800 (PST)
Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F36B3A0D1E for <stir@ietf.org>; Tue, 24 Nov 2020 14:31:54 -0800 (PST)
Received: by mail-io1-xd2f.google.com with SMTP id i9so177192ioo.2 for <stir@ietf.org>; Tue, 24 Nov 2020 14:31:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bobotek-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WBxsth3ICvH16tcRWdV06ZXzWMX75gpTUFGB+Hrs1zE=; b=qJV1WaBwHBpGCZgZiF+Q/iWbQ05BDECGizJlbAI86JP5AtHhbfsehb6cmi/b4tWGs7 l5WqEuGCAeZX9lkJCUMVg6N1Om3LlPfSnviNd0A+gS9xO/QiaTlnkY7irjy6K46SrUGh m+li07qh40gypkvaQhXtq4ADCyGqeAZAUqlbpbbCfB87pPvKgzYX18XhgxR/GR0Ox8Qv VMyoVbzbpa5nZsw+TTGPbB7CXtk8Re+5kNk3ByzaK61yDXtj1JeGP0i8WcNfKvyuAYmX kwM3XQa7ZiKhABa0Jc9uvCa/lar4If2EMQRlz4okBPSTZ/bgPbO3a108e1FGIKx5+j2Z klvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WBxsth3ICvH16tcRWdV06ZXzWMX75gpTUFGB+Hrs1zE=; b=oUi9+9t+bMu+5CJ3a573et9W1LPcpmO1lTVDFbLS1vLh3oxNFjMetu3TRm8drII3tc 33HR7SmE4Bs1/jugPO0j2EVHIhZTuDexOPpV/geXCK6aQXKOw4ticATzvY6atIdliyR1 HK5oYfw4urNXeTNAVlUdD664xp98rd5364nTZbGZLK2FqfdLYONgg187EX0bwkeH0WNV C6xgXImXN1eC26+/rrlTEa7Dq007meo6gMrlSaLJcKQG8yhakBu0xFlc5KdaP3JqAWH6 ZWSKRFxaLK6CumNLJ8RgvjcKnII7CSVBiqG39kLsN1KE1Ducr1yevg6ExGC+2prarvGL 1mkA==
X-Gm-Message-State: AOAM532TevY/H/dYvLNQTyEZR6MXONA75Duht8Rj2g0icAxnS7sLyKHT l8FU4ROyxehPbiWeAP4+FrQf3yTzs6USvSD5bdG++g==
X-Google-Smtp-Source: ABdhPJz7pTGi1Dj3BjFUCNWACJDtg+oSWoSPUDGBN1PRSWM3VEQ0WNKWNTaaedVSEkqxXQ+dbZ4t+g0QY/bA85pq1j0=
X-Received: by 2002:a6b:6f08:: with SMTP id k8mr402865ioc.82.1606257113938; Tue, 24 Nov 2020 14:31:53 -0800 (PST)
MIME-Version: 1.0
References: <160590479490.18647.1186219521969157687@ietfa.amsl.com> <0F22BD6C-AE78-4456-8C28-34FEAA3440A7@vigilsec.com>
In-Reply-To: <0F22BD6C-AE78-4456-8C28-34FEAA3440A7@vigilsec.com>
From: Alex Bobotek <alex@bobotek.net>
Date: Tue, 24 Nov 2020 14:31:42 -0800
Message-ID: <CADNy5umBXoVq7GNf54vkCZXq6CE0im9G_+Ur=d0OKUzwFUJnxQ@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: IETF STIR Mail List <stir@ietf.org>, draft-peterson-stir-messaging@ietf.org
Content-Type: multipart/alternative; boundary="000000000000b1d61805b4e1e04d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/i1KK_xBii-ZAffOAZbaX8IuIrHI>
Subject: Re: [stir] Call For Adoption By STIR WG for draft-peterson-stir-messaging
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Nov 2020 22:32:02 -0000
A few comments on the draft as well as emergency services use cases:
The best fit for STIR in text messaging is clearly SIP-based messaging
(e.g., GSMA RCS). Here there are a number of factors to consider:
* Verification of all RCS conversation participants would likely be
necessary, not just the party that initiates the conversation via SIP.
* In text messaging, spoofing has not been a major issue (especially in
North America) due to the lighter regulation and industry decisions
to ban spoofing (e.g., even where legitimate in voice) and
vigorously enforce this ban. Also, text messaging is generally routed more
directly from originating to destination networks. The regulatory
differences might also favor different or even no governance, so
self-signed certificates might be the way to go.
* Some features of GSMA's RCS Uniform Profile 2.X (e.g., MaaP's) might be
leveraged alone or in conjunction with STIR to support authenticated
emergency messaging use cases. IMHO, some exploration of and/or liaison
with GSMA would be appropriate. The potential for orchestrated emergency
voice, video and messaging is also interesting.
Intercarrier MMS, where MMS authentication may be most beneficial,
typically occurs using MM4 often passing through commercial MTAs. Most of
this traffic passes deterministically through authenticated paths. As MM4
is based on SMTP, SMTP sender authentication as well as DMARC might be
leveraged if needed.
In SMPP, sender spoofing is many orders of magnitude below that of voice
spoofing, at least in North America. Additionally, it's difficult to
expect that SMPP-based infrastructure (like much of the older voice
infrastructure) would be upgraded, especially given the sparsity of sender
spoofing. Here also there are already some mechanisms such as sender
registration and message class tags that might be leveraged.
Comments on the Internet Draft:
1. The introductory paragraph might be updated to reflect the
significantly less-severe spoofing issue in text messaging. Here's a cut
at such language:
“Similar impersonation is occasionally to infrequently, depending largely
on political boundaries and their regulatory constraints on text messaging,
leveraged by bad actors in the text messaging space.”
2. The emergency use case might be added.
Regards,
Alex
On Fri, Nov 20, 2020 at 12:47 PM Russ Housley <housley@vigilsec.com> wrote:
> At the final session of IETF 109, the STIR WG expressed interest in
> adopting draft-peterson-stir-messaging. Please indicate by 7 December 2020
> whether you support adoption of this Internet-Draft by the STIR WG.
>
>
> > On Nov 20, 2020, at 3:39 PM, IETF Secretariat <
> ietf-secretariat-reply@ietf.org> wrote:
> >
> > The STIR WG has placed draft-peterson-stir-messaging in state
> > Call For Adoption By WG Issued (entered by Russ Housley)
> >
> > The document is available at
> > https://datatracker.ietf.org/doc/draft-peterson-stir-messaging/
>
> _______________________________________________
> stir mailing list
> stir@ietf.org
> https://www.ietf.org/mailman/listinfo/stir
>
- [stir] The STIR WG has placed draft-peterson-stir… IETF Secretariat
- [stir] Call For Adoption By STIR WG for draft-pet… Russ Housley
- Re: [stir] Call For Adoption By STIR WG for draft… Ben Campbell
- Re: [stir] Call For Adoption By STIR WG for draft… Brian Rosen
- Re: [stir] Call For Adoption By STIR WG for draft… Alex Bobotek