Re: [stir] Alexey Melnikov's Discuss on draft-ietf-stir-certificates-11: (with DISCUSS and COMMENT)

Dave Crocker <> Thu, 03 November 2016 21:11 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 20D96129AB0; Thu, 3 Nov 2016 14:11:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id gQmmZVyxKldc; Thu, 3 Nov 2016 14:11:37 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400e:c00::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3C55D129AAD; Thu, 3 Nov 2016 14:11:37 -0700 (PDT)
Received: by with SMTP id d2so37806055pfd.0; Thu, 03 Nov 2016 14:11:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=from:subject:to:references:cc:reply-to:organization:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=IlI9Jr/EBZ8tBwYN5LzQWZ+9pY2b4JcExu4Ex1omStc=; b=HrLpd7dLsTb+j2aq3ELPu0zkbjBPnygWephBqX25XJ85PzQacA7V/OiwyboLY7Elnv PzjHUySafAmobsfZ5jL9z4jXKbsJ6+KxOMI1JfDWgCgI3AmpScrY1hOelpzsHpBs6woG ERDpHr+tdWjJFbsmr81rSry8Os2dMATgO7F4Fdjz4Fu0szOqPa7OnZTzIqhMGfDKZppd 5e2t2hx7nXwRkDhY1yGBvSJpbyTQ5AWTLjy4Pto1ruF5ODUAiP0HdFcvOhBlF1Y8nn4R AHqVe97+KwebbbUTEBm4RU30BS2KmtqDEprCdttgllfMNqX/dIE9niKrDtKpwP+GTzin XERg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:from:subject:to:references:cc:reply-to :organization:message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=IlI9Jr/EBZ8tBwYN5LzQWZ+9pY2b4JcExu4Ex1omStc=; b=UaWSR+tjz6g1zNeMyfe1VVI9vJ4llX2XjQni6bfPeO2SzjzBRTNqYNjpbibB5pAJIp KogRARYCiJoQArxDsBi/oee8g4Czn2RWst1nUmk0Mptn9kylhH0x9ZJPhQZcVzzOb344 uxs2fFpQv9xbDuXDo8u1PBiL/raQQPj9RRSrnD94iSvX1GuKeja+GNVIH25L1WFFGkwi 8Rlcn+qSlPS2Zwvyz6Q/BOH0hRH4z5nrKCx3We2hm2yBIYMIE1W9vYIJJTwEvim4UK4k +Kj3xuqW4bP06vlbnj3O5CXlXBGk8pieXkYMRab/IwGtECtt363zfMIN+9WoXmfFVqHe Ppbg==
X-Gm-Message-State: ABUngvdhUyM+yQ3hLldhuis6U53mDXNahrFHuskhLhj1Meclnb4Y3EMDKj/FmSuq5H8Q9w==
X-Received: by with SMTP id e65mr20003472pfc.174.1478207496763; Thu, 03 Nov 2016 14:11:36 -0700 (PDT)
Received: from ?IPv6:2620:10d:c082:101d:7c6a:3d30:6c90:c902? ([2620:10d:c090:200::7:1055]) by with ESMTPSA id p20sm14796803pfi.78.2016. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 03 Nov 2016 14:11:36 -0700 (PDT)
From: Dave Crocker <>
X-Google-Original-From: Dave Crocker <>
To: Alissa Cooper <>
References: <> <> <> <> <> <> <>
Organization: Brandenburg InternetWorking
Message-ID: <>
Date: Thu, 03 Nov 2016 14:11:31 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <>
Cc: Alexey Melnikov <>, Russ Housley <>, IETF STIR Mail List <>, IESG <>,,, Robert Sparks <>
Subject: Re: [stir] Alexey Melnikov's Discuss on draft-ietf-stir-certificates-11: (with DISCUSS and COMMENT)
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 03 Nov 2016 21:11:39 -0000

On 11/3/2016 12:22 PM, Alissa Cooper wrote:
>> What has been defined and what you describe is quite a complex
>> system.
> I think the existing system of relationships and network paths that
> comprise the phone system is the root of the complexity here; the
> challenge for STIR has been to provide building blocks with enough
> flexibility to help address the requirements in RFC 7340 across a
> variety of different deployment scenarios and use cases.


I've heard that being said, but in fact the phone system's design is 
almost completely irrelevant to the specifics of STIR.  STIR's actual 
task is almost identical to the job that DKIM does.

The only relevant detail from the world of telephony is the existence of 
call centers that must be able to generate calls that appear to be from 
a call center customer.

This is identical to being able to have an email From: address contain a 
value that differs from the domain name associated with the email 
operator being used.


   Dave Crocker
   Brandenburg InternetWorking


   Dave Crocker
   Brandenburg InternetWorking