IETF Logo Mail Archive

[stir] Review of draft-ietf-stir-rph-emergency-services

Jack Rickard <Jack.Rickard@metaswitch.com> Fri, 14 August 2020 17:21 UTC

Return-Path: <Jack.Rickard@metaswitch.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11A9C3A118F; Fri, 14 Aug 2020 10:21:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=metaswitch.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hnZkg-w31icR; Fri, 14 Aug 2020 10:21:53 -0700 (PDT)
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (mail-eopbgr700107.outbound.protection.outlook.com [40.107.70.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 102A23A11A0; Fri, 14 Aug 2020 10:21:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=R6LEJpcUqIm6ELHH3isK5RW+3aDsfLKENepsEorG0LO2VcxrpK905IxsGXJTn78SPFaJ0SOZs/Kj7u/ZkOTftwij8Zqvrr29Ib6eWDZj0KmprKWd2BfV7lLse8WObXzbqajsGsftIi4iDaRPiWUU8x6S2IqwncKrCsb7IM78tp4DxMDx+i94XFz6EUgLwWr1Yy23ROHR1BeKLZ1mStyB4IqLxmWWvAuKbfS10YcjqfRIM+5qy/QBgW0LOi8dW5mOdbf+YDNi/5sCseNKMaYjLW0BpLNnbVpt10BlUKcJS7fxM+egGxUggYbvFw6YaQiDwQ9F7vPlbtuXhAFJilP8/w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8y50RBThEYTzNoGpXAlS6/fNPAYzDviuuh79bI+QbwI=; b=V79+hmnt4l81Efln7YOxY4o+Ue9MNKVwDnzelDe+DJolRKJjA3+IZEic4Ae2zx9qglIGSjq8UMM/WsB6m6Fz05Fk7iO8i56k+l/HaXnKo1AeDecfyRdOiHj6aIFmV9hdd4TD/ctXxV9fz8RLpW+w4D1P5cFeAmPHhJmRM+AlaJYjuvxZ2F1j4c3E+Bmb/DBPTCcbyBJRWSD93HK1ZJQTvmBYGY6yWLsqnSW4E2BAFjGN6r+B+8g7YFCIzxV2LDPobsB/dTi387dbcJlmKg5NOBkF40Li5lp/uDWJ/RWWTDawobY5o9Q0qxB0cl/FmwzGN4nrvoKkhl+Lpnv/MUDDLg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=metaswitch.com; dmarc=pass action=none header.from=metaswitch.com; dkim=pass header.d=metaswitch.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=metaswitch.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8y50RBThEYTzNoGpXAlS6/fNPAYzDviuuh79bI+QbwI=; b=r3tJf3Kj5c0kXAsmhmRzmaJl3LIbxVnSCjTeTyHe22ePl8dbbr/Mmq5JLomveLWr9rmKiCYiJIbFR8HB/zuht98IHQHoW4lrFdSr3GvSVVtYdtz9nhDRNqhUOc6LcjZwxNBvDA+KG1+HW9SVWdW8RpheMyFpOMNVFAj/H97nki0=
Received: from BYAPR02MB5189.namprd02.prod.outlook.com (2603:10b6:a03:62::29) by BYAPR02MB4711.namprd02.prod.outlook.com (2603:10b6:a03:49::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3283.20; Fri, 14 Aug 2020 17:21:40 +0000
Received: from BYAPR02MB5189.namprd02.prod.outlook.com ([fe80::d4d5:e9b6:c079:2718]) by BYAPR02MB5189.namprd02.prod.outlook.com ([fe80::d4d5:e9b6:c079:2718%7]) with mapi id 15.20.3261.026; Fri, 14 Aug 2020 17:21:40 +0000
From: Jack Rickard <Jack.Rickard@metaswitch.com>
To: "draft-ietf-stir-rph-emergency-services@ietf.org" <draft-ietf-stir-rph-emergency-services@ietf.org>, "stir@ietf.org" <stir@ietf.org>
Thread-Topic: Review of draft-ietf-stir-rph-emergency-services
Thread-Index: AdZrPXk4d/f2kRt0QXimDVa1DUwOuw==
Date: Fri, 14 Aug 2020 17:21:39 +0000
Message-ID: <BYAPR02MB51891E95480910389FE0FDC7F3400@BYAPR02MB5189.namprd02.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=metaswitch.com;
x-originating-ip: [84.92.33.46]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f1c14b5d-99c2-4f2d-f866-08d8407681d1
x-ms-traffictypediagnostic: BYAPR02MB4711:
x-ld-processed: 9d9e56eb-f613-4ddb-b27b-bfcdf14b2cdb,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <BYAPR02MB4711F632618323582825606FF3400@BYAPR02MB4711.namprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: UC32eoiiz1Y/MzuoRz/cTkGWmzRFFTW5RPBh7LnyGD5e/tvK5NTuRKtsSwjSeAS5KwX9ZfP5PpD/SkyTChI4wRl8iSeOxynta2E9CijWnELxfpYHLOHZP+7NoRctBd+zjw4GWV9C1lioK8X6Qe9LWHUCciUt6VTHcP5lkO49DnQw9WcYTAPI2EVwYPiSXxs6bQ0NjP9u+h/6rcVLQG4+S3W04P+M7AZ7qLA/UJDF0RtFZfVJ2h8cOTWvQRmoUmjzmiDMI5unupPRS8Q+kqarmbpJLg1c5lCy187vbamCMnzwJMV40JGnZXo4LrsLEgUWsIJV2bWGOxe9w68GO0XqAw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR02MB5189.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(346002)(376002)(366004)(136003)(39850400004)(6506007)(71200400001)(55016002)(9686003)(110136005)(83380400001)(316002)(8936002)(8676002)(450100002)(2906002)(7696005)(66446008)(186003)(66946007)(478600001)(33656002)(5660300002)(52536014)(26005)(86362001)(66556008)(66476007)(64756008)(76116006); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: Oi7I3ndaSFp8Q2g/TJGPEQB5QGFb2dQqg3dBrd76plkWJa0JUgSEHfLcKyxzcaSFbNGT7D67AN6N3YPmg2/5fL3YEW7XoY8BaVLLWDAd3CyoOGbYeB3Bs8XsfTqobMOtf99Z0jE+GohXgCqouG5eZ6XJ5zrxwH7pr2/IrLTD6D4UP5muKeQ5Ae5TuME+nLEP8hpph5n5ZmeWlgTtpZ0D/zYVrGRcfLU+wHo+8E7Zni9G+TmLVzA2Z/iirLFDsOch+/1A9nDV5ED/o73lbpS2byVddoftfvUYPsAieGU1gJJrG5xg/xVwfqlMNsihso8jUgt4dbda9wG54Oy2uAYFFimrihxAZdwknGIpq/M4RDj1iCBpUos69o9xB63PE/qoTyoRSn4EpoLyf2zprm622vMF2AI1Kpiw9FqC+TNqBOagNJEIzv9Gj6nLS58a5V/qhsRBKFCkLNkauZ4qJo5hEU2x+RKnbYmxdsmlr8msdJEBiRdZJMyxMBuG7T7I9DS+y5GxPmcM6I3/Z8POxQ3Kt2RWi7lVti+PY3TAnNdg6UwqaDIjb5McrlO2BrmsA2UdMVr31CTQva8GQTFBpKDhC61anIus0KaUWKk1d/0Zmw1orUOUfPJ2heNX1elj8xJEgazAnitYkr7Jr42Y0n7pUA==
Content-Type: multipart/alternative; boundary="_000_BYAPR02MB51891E95480910389FE0FDC7F3400BYAPR02MB5189namp_"
MIME-Version: 1.0
X-OriginatorOrg: metaswitch.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR02MB5189.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f1c14b5d-99c2-4f2d-f866-08d8407681d1
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Aug 2020 17:21:39.6717 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9d9e56eb-f613-4ddb-b27b-bfcdf14b2cdb
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: zSMGHxSJSOLoZwRti1YtICHXpgbDcJtr20hONz5qVj+HUzlNp7dbxqbismURg3Lshr/HIKSm6qjPi0QZInGx+g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR02MB4711
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/U3Q3PiL17and2b4HPkIG2o2l4jY>
Subject: [stir] Review of draft-ietf-stir-rph-emergency-services
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Aug 2020 17:21:55 -0000

I have reviewed draft-ietf-stir-rph-emergency-services-02 and have some concerns and questions. I don't believe this spec is implementable in its current form.

Thanks,
Jack

Why are "ESorig" and "EScallback" distinct?
They seem to serve a very similar purpose with the only difference being whether orig or dest should be the emergency services. I don't believe there's any check that can be done to validate:
   When using "ESorig" as the "rph" assertion value, the "orig" claim of
   the PASSporT MUST represent the calling party number that initiates
   the call to emergency services.
This (and the equivalent statement for EScallback) don't seem possible to me to check (barring the standard orig/dest checking).
This would make the check "at least one of the parties should be the emergency services" enough to validate that this was a reasonable call.


Why have them at all rather than just using auth?
This is very possibly an issue with my understanding, but I'm not clear on why "ESorig" and "EScallback" even need to exist. "esnet.0" etc. are SIP Resource Priority headers, so should be included in the "auth" field anyway by the RPH spec. This spec appears to apply extra constraints (that a one of the callers must be the emergency services) for the "esnet" namespace but it's not clear why entirely separate claims are needed.

In a similar vein, what should a verifier do if it receives a call containing an invalid "ESorig" or "EScallback" value or the passport is invalid/untrusted, I'm assuming the behaviour is the same as for auth but this isn't clear. Although stripping the fact that this is an emergency call is potentially dangerous.


Specify the type of the "ESorig" and "EScallback" claims.
This specification currently doesn't specify the type of the new fields, there are only examples and this isn't enough. It looks like they both follow the same scheme as the rph "auth" claim, however "esnet,x" doesn't quite fit into that due to the comma and that x isn't a valid priority value.


Why is sph limited to psap-callback? What should the verifier do if it isn't that? What should it do if it is?
I'm not entirely clear on the purpose of the sph claim, however, it seems odd that it doesn't cover the full range of possible values for the SIP Priority Header. Is there a reason that it doesn't cover the "non-urgent", "normal", "urgent", or "emergency" values?
There is also no verifier behaviour defined here, should the verifier remove the Priority header if it receives an invite with no passports signing for it? That seems dangerous to me but would be consistent with rph. Alternatively, what should the verifier do if it receives an invite with a valid passport claiming sph but with no Priority header should it add it in? I'm not sure the spec needs to be too prescriptive here, however some mention of verifier behaviour and the associated security considerations would be useful.


Should the spec be stronger about the compact form?
Section 3 currently states

   The use of the compact form of PASSporT is not specified in this

   document.
However, a compact-form passport following this spec would be hard to verify as it introduces multiple possible rph variants, I think this spec could go further and say you shouldn't/mustn't.


What is the requirement of these new parameters.
As I understand it, the passport spec allows you to create a passport containing whatever JWT fields you want and verifiers should just ignore any fields they don't understand. Unless the "ppt" claim is set, which indicates that verifiers should discard it if they don't recognise that passport type. As this spec adds additional fields to an existing passport type it isn't immediately clear what the behaviour should be. Specifically, is an rph passport containing only "rph.ESorig" valid now (where it wouldn't be before because auth isn't present), is an rph passport containing no rph and only sph valid, and what does a non-rph passport with sph or ESorig set mean?

v2.23.0 | Report a Bug | By Email