IETF Logo Mail Archive

Re: [stir] I-D Action: draft-ietf-stir-passport-rcd-15.txt

Chris Wendt <chris-ietf@chriswendt.net> Tue, 19 April 2022 21:10 UTC

Return-Path: <chris-ietf@chriswendt.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B2D93A1712 for <stir@ietfa.amsl.com>; Tue, 19 Apr 2022 14:10:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.906
X-Spam-Level:
X-Spam-Status: No, score=-6.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=chriswendt-net.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cVaIylgLt9v3 for <stir@ietfa.amsl.com>; Tue, 19 Apr 2022 14:10:09 -0700 (PDT)
Received: from mail-qt1-x831.google.com (mail-qt1-x831.google.com [IPv6:2607:f8b0:4864:20::831]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEDBE3A16F1 for <stir@ietf.org>; Tue, 19 Apr 2022 14:10:08 -0700 (PDT)
Received: by mail-qt1-x831.google.com with SMTP id o18so13220985qtk.7 for <stir@ietf.org>; Tue, 19 Apr 2022 14:10:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chriswendt-net.20210112.gappssmtp.com; s=20210112; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=0IbYO+y+5ebGR9Hc1C3TknyeLeCDbXExALANJGZZviM=; b=3UOuCYD8RXJqlZNsym8JqtnE7NiKUlsbZDj33Cwj476zSkPDE0SjbJ+l8w1enQnNPs uO3H2yeO1jhkwc8YKcOEFbSrRFDgSmAXoTQWvhguH6tplRxsgP0+mOhq71spoiWrfg/1 6jgyqiYDNnvdGW6DHWcABZxf4R17x5gyjI2Xm5wr/qaGRQMcugIlAHAL/YyHM297GJdq R9zXw0KMFxrrLiUC59JDzfklWiF8PJtwp7rwhr1lerV+OrJrS2pL72EXqmSgBIlQoScy fX7WkbrjOfeE8dRWhGZSEUy0QBz8UYXPXB/objnSAwCir0ymHOi05cHAuCuAsDfm1or3 a9PQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=0IbYO+y+5ebGR9Hc1C3TknyeLeCDbXExALANJGZZviM=; b=qpUgy4sqQEG2xXqPKFuxpB6lIu0F/3HKvwcAmKy82qgleeBzcVYsEMOWcJnuptvIyZ ow/UtNnd8rk30CM1NlWFAced9e88wnKtN5wNVNJF1ir2mfCG774htHhLYmnK/raP1rCX Nb27L/PmDF2ZJ1EiZtOHFd6wKZsIP5DGLd9wMhP+ZOnKZsh1XACuSpHNKYRJOlXFj57K 45TLdcZllOZXxTvY6bTVIWnv1ZiJpkGh33z1gRKg/yPeZ7QfVqCSR/Kx57nFlqXFy364 zB/LLYR72yuhEdCNjnqBvjs6qa5FawUmNBeM7fKX6VfsL9VOcniTRoeHm+7U6/bTTXAn Qi7A==
X-Gm-Message-State: AOAM533We+AAPyrw3g5Lx9pLWiPCEBpO5u4DDx8cp5JhKMkrKrAhf6Cp 2bckJAXY0E5AgFvOJTnwlzVmrg==
X-Google-Smtp-Source: ABdhPJw+O6kY2DiJo/Yy0ek0pVRAZdn90kn8TEoBpPofkSirohr152xsprLmWbPrb1/tlZx+05UJgA==
X-Received: by 2002:a05:622a:1b9f:b0:2f1:d6c5:10ec with SMTP id bp31-20020a05622a1b9f00b002f1d6c510ecmr11825925qtb.44.1650402607429; Tue, 19 Apr 2022 14:10:07 -0700 (PDT)
Received: from smtpclient.apple (c-69-242-46-71.hsd1.pa.comcast.net. [69.242.46.71]) by smtp.gmail.com with ESMTPSA id t67-20020ae9df46000000b006809a144ac1sm534746qkf.99.2022.04.19.14.10.06 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 19 Apr 2022 14:10:06 -0700 (PDT)
From: Chris Wendt <chris-ietf@chriswendt.net>
Message-Id: <8F5B0A8A-371F-4365-AD93-A13B9261863A@chriswendt.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_8C3E5C09-C301-457F-B54A-8EA09FB89AB2"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.80.82.1.1\))
Date: Tue, 19 Apr 2022 17:10:06 -0400
In-Reply-To: <9E00832E-B7EE-4468-8D67-E372A17ECE59@nostrum.com>
Cc: Jack Rickard <jack.rickard@microsoft.com>, IETF STIR Mail List <stir@ietf.org>
To: Ben Campbell <ben@nostrum.com>
References: <AM5PR83MB0355EEAD40D7BDAD596EB9B5880A9@AM5PR83MB0355.EURPRD83.prod.outlook.com> <D6282D32-1187-47A2-B1CD-CF5E269A96D3@chriswendt.net> <54F4C471-CCD8-45C7-9109-A6D148C12A38@nostrum.com> <FC39A7EC-40D8-4D1B-812A-33D6A95C42B3@chriswendt.net> <9E00832E-B7EE-4468-8D67-E372A17ECE59@nostrum.com>
X-Mailer: Apple Mail (2.3696.80.82.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/icc4S5e-7aOLpVhLau39E9uUYc4>
Subject: Re: [stir] I-D Action: draft-ietf-stir-passport-rcd-15.txt
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Apr 2022 21:10:14 -0000

Yes, scope should be SPC, but if RCD is associated with TN, i think it has to be signed in that context.

> On Apr 19, 2022, at 5:02 PM, Ben Campbell <ben@nostrum.com> wrote:
> 
> I agree this is not about delegate certs for A attestation. I think you are arguing that, if an OSP signs RCD, they can’t use their SHAKEN certificate.  I’m missing the “why” part. What sort of certificate do you think an OSP that does it’s own RCD vetting should use? Keeping in mind that, at least for the STI usage, delegate certificate scope is also tied to a service provider SPC.
> 
> Thanks!
> 
> Ben.
> 
> 
>> On Apr 19, 2022, at 3:38 PM, Chris Wendt <chris-ietf@chriswendt.net <mailto:chris-ietf@chriswendt.net>> wrote:
>> 
>> Hi Ben,
>> 
>> Something that has become clearer to me, and i think i’m not the only one saying it, is that for RCD vs shaken, and this is not about delegate certificates used for “A” attestation, this is for RCD being received at the TSP, the RCD information needs to be signed by a party that the TSP can trust. Whether that is 3rd party service, or delegate certificate that has constraints by the vetting party, or whatever the model, even if it is an OSP that is signing the information, the bar has to be consistent for RCD information, and the bar needs to be high.
>> 
>> Whether you are the biggest OSP in the world, or the smallest, we can’t rely on SPC level “shaken” signing model to trust RCD data.  So, this is what i’m trying to get to.
>> 
>> -Chris
>> 
>>> On Apr 19, 2022, at 3:22 PM, Ben Campbell <ben@nostrum.com <mailto:ben@nostrum.com>> wrote:
>>> 
>>> 
>>> 
>>>> On Apr 19, 2022, at 1:33 PM, Chris Wendt <chris-ietf@chriswendt.net <mailto:chris-ietf@chriswendt.net>> wrote:
>>>> 
>>>>> 
>>>>> 
>>>>> Section 15
>>>>> The second paragraph seems to be suggesting that only certificates containing JWTClaimsConstraints should be trusted to add rcd information (without some other trust relationship), but I don't understand why this is the case? Surely, you either trust the entity that added the RCD information or you don't, why should extra constraints on the certificate have any impact on that? I expected this section to say something like "The verifier must validate that the signer is trusted to provide Rich Call Data, in addition to having authority over the originating address".
>>>>> 
>>>>> This also raises the question of whether an RCD passport authenticates the originator like a base passport? I don't think there's any text to suggest that it doesn't, but that would prevent intermediaries who have no authenticated relationship with the originator from adding RCD information.
>>>> 
>>>> An intermediary can add an RCD PASSporT.  Authenticated relationships are a “shaken” concept not an “rcd” concept, RCD information should be vetted and signed by a party the destination can trust did that validation specific to RCD for a given telephone number(s).  This is the key to what i am trying to clarify.  How can i have an SPC level “shaken” certificate for RCD information with integrity, it makes no sense.  
>>>> I didn’t remove the ability to put “rcd” infomation in other PASSporTs, but it’s not something i think we should be recommending for mainstream cases.
>>>> 
>>> 
>>> I have to disagree here. I think it’s perfectly reasonable that an OSP could properly vet RCD information and that a relying party could trust its SHAKEN-credential signature over the RCD claims. I don’t see why that is harder to believe than to believe that the issuer of a delegate cert could properly vet RCD values to create claim constraints in the certificate. In both cases, the relying party must decide who to trust.
>>> 
>>> I think this really comes down to two cases of authority (and liability)
>>> 1) RCD signed with a delegate-cert with JWTClaimConstraints -- The certificate issuer is the RCD on the hook for vetting RCD
>>> 2) RCD signed with a cert with no JWTClaimConstraints (e.g. SHAKEN cert): The passport signer is on the hook for vetting RCD.
>>> 
>>> For case 2, I don’t expect anyone to trust the signature of a typical caller that signs its own calls. But I think it highly likely people will trust an established OSP. Especially if they already trust that OSP to attest to the calling-number validity.
>>> 
>>> Don’t get me wrong, I like the delegate-cert with claim constraints models better. But I fully expect that some OSPs will prefer to put RCD claims in SHAKEN passport. (I also expect some won’t).
>>> 
>>> Ben.
>>> 
>> 
>

v2.23.0 | Report a Bug | By Email