[stir] rfc4474bis and passport revisions

"Peterson, Jon" <jon.peterson@neustar.biz> Thu, 09 February 2017 22:37 UTC

Return-Path: <prvs=7213f6e5af=jon.peterson@neustar.biz>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id D4A0F1295D2 for <stir@ietfa.amsl.com>; Thu, 9 Feb 2017 14:37:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=neustar.biz
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id ztu6Fxv0-hyW for <stir@ietfa.amsl.com>; Thu, 9 Feb 2017 14:37:31 -0800 (PST)
Received: from mx0b-0018ba01.pphosted.com (mx0a-0018ba01.pphosted.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E72C11294D4 for <stir@ietf.org>; Thu, 9 Feb 2017 14:37:31 -0800 (PST)
Received: from pps.filterd (m0078666.ppops.net []) by mx0a-0018ba01.pphosted.com ( with SMTP id v19MYThA023043 for <stir@ietf.org>; Thu, 9 Feb 2017 17:37:31 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=neustar.biz; h=from : to : subject : date : message-id : content-type : mime-version; s=neustar-biz; bh=57zsPjM3lQ+dEKM9f4MgrrPYbSfKiz7DV+/u5MADmS0=; b=13moNSVUV2DDod0RcpxrfliZm/8Hu5gI4wkkWnpVYaWqFsEEOgFC7huzV3nBqLzSLJF3 Q51UrOcvcpsh1gwhHTcMDK266AuwU6clCUdHhnU40PD2298JNwtAmOt2A4BwcFYf/tzz 7SqmwPsge/drlhFTCpPRZXn7gginKu0DQx5CSkHEGG1DQ/eshI4yhp4FVw/EvIwtTITK lHWfMPXS0d7Ph21xN7PJRS+xLrLdl/Y5/afaxvwREK8WeZB8fAoFRFjRgJmH2xGdoKTN McqkvmZ8A2t94SYNUZje2sdEABhD63vf8Dp48zz3h+MGazTHuL7k0CEUB2fgZoge8drq gg==
Received: from stntexhc10.cis.neustar.com ([]) by mx0a-0018ba01.pphosted.com with ESMTP id 28dbxvbke7-1 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT) for <stir@ietf.org>; Thu, 09 Feb 2017 17:37:31 -0500
Received: from STNTEXMB10.cis.neustar.com ([]) by stntexhc10.cis.neustar.com ([]) with mapi id 14.03.0279.002; Thu, 9 Feb 2017 17:37:30 -0500
From: "Peterson, Jon" <jon.peterson@neustar.biz>
To: "stir@ietf.org" <stir@ietf.org>
Thread-Topic: rfc4474bis and passport revisions
Thread-Index: AQHSgyUYRmMBH3HXc0u2n2E0NGquYQ==
Date: Thu, 09 Feb 2017 22:37:29 +0000
Message-ID: <D4C25955.1D67E9%jon.peterson@neustar.biz>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_D4C259551D67E9jonpetersonneustarbiz_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-02-09_14:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1612050000 definitions=main-1702090203
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/jA1MAeUjIJ2dkDC1Z_O_U9fmq3E>
Subject: [stir] rfc4474bis and passport revisions
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Feb 2017 22:37:33 -0000

In response to the IESG review, the GEN-ART review, and a few miscellaneous reports from others, Chris and I have put out new versions of the core specs. A couple of key points to call out here for the working group, to make sure everyone is okay with these:

In RFC4474bis, there is now some new text specific to handling the repair and resubmission of SIP requests with an Identity header when the authentication service is implemented in an intermediary, especially one that behaves like a RFC3261-compliant proxy server. This new text give more detail on sequential forking by referencing the appropriate RFCs, and notes that in some cases, the verification service may have to do some special transaction handling to accommodate this (see Section 6.2.3).

We patched a number of other smaller things in RFC4474bis, especially thanks to Vijay's thorough GEN-ART review and the watchful eyes of our ADs. The text about reason phrases in Identity-specific responses is now a bit softer, and hopefully dates and so on are better. Rather than deleting the IANA registries that we're no longer using due to changes from RFC4474, we've just closed them.

In PASSporT, we have restricted claim names to ASCII: this seems kind of like a no-brainer, and it's not like people are registering non-ASCII claims for HWT already, but this restriction makes life easier to the JWT Claims Constraint field in the stir-certs document (which will be getting its own rev soon).  We also added some text about deterministic ECSDA at the advice of our security folks.

Please do take a look at these and let us know if there's more here to discuss.

Jon Peterson
Neustar, Inc.