IETF Logo Mail Archive

Re: [stir] Roman Danyliw's Discuss on draft-ietf-stir-passport-rcd-23: (with DISCUSS and COMMENT)

"DOLLY, MARTIN C" <md3135@att.com> Tue, 07 March 2023 07:33 UTC

Return-Path: <md3135@att.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CC03C15154A; Mon, 6 Mar 2023 23:33:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Level:
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=att.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YVG9jP5GQ0_d; Mon, 6 Mar 2023 23:33:09 -0800 (PST)
Received: from mx0a-00191d01.pphosted.com (mx0a-00191d01.pphosted.com [67.231.149.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E51CBC15152F; Mon, 6 Mar 2023 23:33:08 -0800 (PST)
Received: from pps.filterd (m0288874.ppops.net [127.0.0.1]) by m0288874.ppops.net-00191d01. (8.17.1.5/8.17.1.5) with ESMTP id 3272q0x8018454; Tue, 7 Mar 2023 02:33:04 -0500
Received: from alpi154.enaf.aldc.att.com (sbcsmtp6.sbc.com [144.160.229.23]) by m0288874.ppops.net-00191d01. (PPS) with ESMTPS id 3p5mw10bcx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 07 Mar 2023 02:33:03 -0500
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 3277X297011813; Tue, 7 Mar 2023 02:33:02 -0500
Received: from zlp30486.vci.att.com (zlp30486.vci.att.com [135.47.91.177]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 3277WujY011754 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 7 Mar 2023 02:32:57 -0500
Received: from zlp30486.vci.att.com (zlp30486.vci.att.com [127.0.0.1]) by zlp30486.vci.att.com (Service) with ESMTP id C53D94091915; Tue, 7 Mar 2023 07:32:56 +0000 (GMT)
Received: from GAALPA1MSGEX1CF.ITServices.sbc.com (unknown [135.50.89.113]) by zlp30486.vci.att.com (Service) with ESMTP id 892E34000833; Tue, 7 Mar 2023 07:32:56 +0000 (GMT)
Received: from GAALPA1MSGEX1CF.ITServices.sbc.com (135.50.89.113) by GAALPA1MSGEX1CF.ITServices.sbc.com (135.50.89.113) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16; Tue, 7 Mar 2023 02:32:44 -0500
Received: from GAALPA1MSGETA03.tmg.ad.att.com (144.160.249.125) by GAALPA1MSGEX1CF.ITServices.sbc.com (135.50.89.113) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16 via Frontend Transport; Tue, 7 Mar 2023 02:32:44 -0500
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.173) by edgeal.exch.att.com (144.160.249.125) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.16; Tue, 7 Mar 2023 02:32:43 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IrfmQLuXPfO+AnvxasVUAQECgmagAP/DIibOepgrAHUVM/m5cZ010ZhhLQu2eWONGzymLow1BowePyDs/RG1urkxz8azOYy8Tlw998cJKlq9ZLcqI4dtsZsW72MAR4S1AkJEGx7siIahKvhtEGZ9+QKlcIl1DBoGSyZWhzrtv1o4mFiSZNM3TdHrgIRhMB1bFkKKQgtfze2yK5AreEKIag0DDpKnZ46WEHIcn2ZA6ackjmTbqhMymBcmS3Rq1nk3QlVA+Bo6QrnqLnu7xVSx4+GX4F9AKd4Bk93RGtfgXE70qZdUVbHGoaSm1zAJ4lVX4zBADA1ltioMLM3e3WnI8g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SdrFBePXtkFOJ5mstFooqOfXjMKxWM7K0n5SLRItv3g=; b=FCYn/Ar6B16Wmzx6eubmlb9wrDBP15x16+imAEsJMmcV45PwJyxzvjYpIHg6BF27fahOtDF0zAz0Qaz0X5uY77gApIMj36E6ZMNOLbNCAU+6a3vLY6/LIxVMZloBHONvwPU5s3zD/sMak387NYzg32VXpB7WAvCjb8W+y9udGYBq1/mfjE1VXM89/Nfrh8pQSVKtcOmftu0EC+cW/dM1AQLWmk/EYry8e4R+TrwAnN7nAIfbRwbB2LEQiynScpkefT74Q7g0ulMIX5y2DC1k1k9eNl80Hnnp90GPrjgXZZ9w8oK+3xlVND6dSpZ2rBizOZRhx8XJln3XRLbtWi+KCw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=att.com; dmarc=pass action=none header.from=att.com; dkim=pass header.d=att.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=att.onmicrosoft.com; s=selector2-att-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SdrFBePXtkFOJ5mstFooqOfXjMKxWM7K0n5SLRItv3g=; b=io3Nlq/RYDDJw6PlTc4XRJc56yuihx0j01SrmQ8JtGBv3YZUQQJWo+ypAW/jcmkqIu28u/2ySG76w64Thud+CPN5NRowa2bFWVu6/il2ZMOtryZtpyku0e/21i5zWyYlldJNc6OtzT6e/ofSzP2N/YWE9yQkAqeIEvO0IMI9X3E=
Received: from BN0PR02MB8080.namprd02.prod.outlook.com (2603:10b6:408:16f::21) by SJ0PR02MB8513.namprd02.prod.outlook.com (2603:10b6:a03:3f2::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6156.28; Tue, 7 Mar 2023 07:32:42 +0000
Received: from BN0PR02MB8080.namprd02.prod.outlook.com ([fe80::3e4c:6250:88b4:1be]) by BN0PR02MB8080.namprd02.prod.outlook.com ([fe80::3e4c:6250:88b4:1be%8]) with mapi id 15.20.6156.028; Tue, 7 Mar 2023 07:32:41 +0000
From: "DOLLY, MARTIN C" <md3135@att.com>
To: Chris Wendt <chris-ietf@chriswendt.net>, Ben Campbell <ben@nostrum.com>
CC: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>, "draft-ietf-stir-passport-rcd@ietf.org" <draft-ietf-stir-passport-rcd@ietf.org>, STIR Chairs <stir-chairs@ietf.org>, IETF STIR Mail List <stir@ietf.org>, Russ Housley <housley@vigilsec.com>
Thread-Topic: [stir] Roman Danyliw's Discuss on draft-ietf-stir-passport-rcd-23: (with DISCUSS and COMMENT)
Thread-Index: AQHZBGMcZ/pb2lX3M06K/n1u1LP8Za7mxzWAgAHVNwCABEIAAIACprsA
Date: Tue, 07 Mar 2023 07:32:41 +0000
Message-ID: <BN0PR02MB8080ECB89AC1239A966073ABD9B79@BN0PR02MB8080.namprd02.prod.outlook.com>
References: <166977514888.24379.6431023985333578193@ietfa.amsl.com> <B1A2B8C8-C478-4D67-86D1-5326E0206316@chriswendt.net> <9C71358E-DB39-40FC-BA18-734175B6BEA3@nostrum.com> <A78C373B-82DF-4504-ACC3-240F35291671@chriswendt.net>
In-Reply-To: <A78C373B-82DF-4504-ACC3-240F35291671@chriswendt.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN0PR02MB8080:EE_|SJ0PR02MB8513:EE_
x-ms-office365-filtering-correlation-id: 66bf17ea-2b87-4b54-92f0-08db1ede2293
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: y5Jx9SAxSaPMIjdhgOwcDjLXrLcsLN8SsnCuO/DMcMLdIXQDuYzA3proIpFW7CE0gsyZUlR7lhmaU3t4A6yDDmq8iUilTj7Q2Jzm4jN83VwGSrrD7y05Vd75gr8zQzUtxF/s1/RGTsZcOEtWiMG/aR9uLqjBywiinfhkdjH6KqLxqBD9ptUEuka6CfKSo1jfawcoSViHk0MRWkBGcxcOEz4sZ3f+9stkaBljcfO8+qnpbD4JXxc8n7/Z5u4t8EyV0PmIz41BZgGFh2jdF6Jds0qiDR0nlnZZF9CQfzAkh60D8YrgF6ykb7UUkTFJeTNpKCZpXpsPIWq14Drku1X3HLAi7t/m9zRD+ZuPzr7ScvjaZNojuI0k295hjtSGJd5PnZPxSfBkXTiAyIoiDw2mNtxUT3Ckd0eGUQqItnbR8GNlz0tqUzmsnGwBxQ8nGLoBkYU4beotLss8UXZf0z4FWGDcQ5R4ij+6nhz/w3bE/+bGFS+7XQrzAvAQdqGXqpmBL37rRhsvJRiKHlkW3vyCLvzs2iwcvtRaOrnQgugsUTiw411xoJkVHRCB5hnIbAnQ/jdP6ihvyiVx2f/DndRNjYOGCAdjTk3pPr5nKPkdPdFiEDvAQ6RvpBenXdgToTKG9BcJLVA+vhZCB2X1JFd9PqrJHb3n7coGwZqCIhD04kw6Jtpnbog8loMJYKOL4jvOGFjSxVCL/lxbSb6libtzew==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN0PR02MB8080.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(4636009)(39860400002)(396003)(136003)(376002)(366004)(346002)(451199018)(82960400001)(38100700002)(86362001)(38070700005)(4326008)(33656002)(8676002)(2906002)(5660300002)(76116006)(66476007)(8936002)(122000001)(64756008)(66946007)(66446008)(41300700001)(66556008)(52536014)(71200400001)(53546011)(186003)(26005)(9686003)(83380400001)(6506007)(55016003)(82202003)(316002)(478600001)(7696005)(966005)(110136005)(54906003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: F/9bTNZ5umGtBNEGvNU+2XCpz2pcu650/RafnKb3Yi+y5XDmHQKUo4IEqqMgNvLmfy3rFrmzzO+xtGPc9Wacht23ItG6rLA0jN9yMHduZMpHTtEXlro3S8gehL7tOA+yLziDWlF/chVeLzTxR7aP24Qr6aOk4JRQUtjl7Fd9ihcjXgOJ/Odr9ZZHriVlk2iLkkjSGLc5TlGuXG6HNM25wqR8PYpkorPFaoYcC0hxJaC/LO5SSuslZ8Uy8J/CMOSepHb3MeJvFyj7/hUW+sg8qU+feOm2Rfp2Jl64TdamMet/dXXp8oh3WB/+zEdkiQvVM4WaESBmjUuD2m3X7zLg9EaiJqBpHtWkrfDoyEOs8BndCS3jGbZ5bvQoV1+QPtFSg4EBr79tG6gyPLSQrUSMFNWcqRsYk0WaLIz8I8a1WNW1uW4bf30IGqi/mpyuYvcnKGCOKzhQCMdPL10FUgywrzaEsfF7qwOiOI1kH/NC+F04mTYu9J0Shjk/xoAztqM9Y9IcwX9OzgN5Xvlm4OSWUcV/dIAUGaaZ5M+ypsuU10cTkY22RXwcUeS1njZEB7nZctj2HLMMTosb8/vBbg27lfBtUwY0gtsgDjKU5ZSPsrFuNxqXszmfGAn+J6dUmTee7eEjXmxPxklWRDpHF+i+Z8xL0yMD+rSBw2vXiBeLoU+Sb5o6JcchcFu0BbwYolcgrPNKL1GUNs3cQHBMfyEVV00hFXwrxfFufkUzfrCIQQYShtzHkjb1yxtK+79cRJ0kTtoJr44n8FA3aKDEYGgmzQB5HS/HejgoaOGD7oryh08X5V9uLw/E3zPiKwGrLZeLU/rK0+UtsKlVOHnTPe6P0K0C2Qgq1c3sWfQGSUh5krKdhkyGtuGHVBX+q46akKF0n5qMFhY2fhWZCv/+ouNUzq8cm7p0ZybwpSwUo367dwcLpUHqrlNtVzeoBPp44QSK903OheLdsAldcHk9ecbZDpu2gbMbfb/adSdq3EA7LXjPQ9DN+Yj8ttTn5AN6aSgov+alRZ8z+bvCH75moou7vCZjQ+numD7+/umt9bt3cTerRU4YKw6CTvZIx0K1lQCW79A0gRzbpg1we/Yngtcr3bGa4oapKfkSGF+z/wVcGwH5LZtNAEsmPlH/m0/4eMCsOxdsn/LOy/fLLWjVPjSo5KGeBxFCu7w6r4wI2C1B7vsGiEdIFlWERwsfsVECueryEg7kA/w0a4c2PEd0NO7QRybn/H/SapTM1xKl6gky4zkLS4/BMRYDaerSV9At/LrgfI1hGtMUdZMw9BbZO+MK7AWLagwPs+SY4elmOB7GEYP/gt9uTyCj5d4FkM4pmAAcgI9zsNTfY3wnCLN7EqCeuFKz8z1CRi5SdcyRraY8/C0fUrWwMQvo1WA7mpKpy6IIcHuyS+AJlq1T7s4PvOGQAtMhWtrJQezKcxc20uxT8jv2cBI3qB30rOYAiU2RlGYFzZK8x6uVbOMaTVpqjhyB3Y2mzndHoePE0So8dRN60jfnx5rdeeUgaAde46LRnbW7YynWWCAbpjYGoOtT0KzHOx80tFSbZWpFBuLac6QPjMs=
Content-Type: multipart/alternative; boundary="_000_BN0PR02MB8080ECB89AC1239A966073ABD9B79BN0PR02MB8080namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0PR02MB8080.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 66bf17ea-2b87-4b54-92f0-08db1ede2293
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Mar 2023 07:32:41.4102 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: e741d71c-c6b6-47b0-803c-0f3b32b07556
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: GcLaF4CJvKS6XfPZRkqFR858fFno4edDxy2L6qr/87O/VL0Gi+ozR6aXMxhXT+2k
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR02MB8513
X-TM-SNTS-SMTP: 800486BC2852C6372D1788BFD4ED769FEF82C1983D6EC46E98960C49D34241812
X-Proofpoint-GUID: dUYdAFQ9CsBFLO-YFjTybl9E8npnXRf8
X-Proofpoint-ORIG-GUID: dUYdAFQ9CsBFLO-YFjTybl9E8npnXRf8
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-03-07_02,2023-03-06_01,2023-02-09_01
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 mlxscore=0 phishscore=0 bulkscore=0 adultscore=0 malwarescore=0 lowpriorityscore=0 suspectscore=0 clxscore=1011 mlxlogscore=999 priorityscore=1501 impostorscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2303070067
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/kZ06QEXoPMdtesVVXOKYahkx2yU>
Subject: Re: [stir] Roman Danyliw's Discuss on draft-ietf-stir-passport-rcd-23: (with DISCUSS and COMMENT)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Mar 2023 07:33:13 -0000

KISS

From: stir <stir-bounces@ietf.org> On Behalf Of Chris Wendt
Sent: Sunday, March 5, 2023 10:03 AM
To: Ben Campbell <ben@nostrum.com>
Cc: Roman Danyliw <rdd@cert.org>; The IESG <iesg@ietf.org>; draft-ietf-stir-passport-rcd@ietf.org; STIR Chairs <stir-chairs@ietf.org>; IETF STIR Mail List <stir@ietf.org>; Russ Housley <housley@vigilsec.com>
Subject: Re: [stir] Roman Danyliw's Discuss on draft-ietf-stir-passport-rcd-23: (with DISCUSS and COMMENT)

Hi Ben,

Yes, thanks for catching that, perhaps HTTPS or CID is best path.  Curious for other opinions.

-Chris


On Mar 2, 2023, at 5:01 PM, Ben Campbell <ben@nostrum.com> wrote:

(No hats)

I have a context related comment on one item:

Thanks!

Ben.


On Mar 1, 2023, at 12:02 PM, Chris Wendt <chris-ietf@chriswendt.net> wrote:

[…]




** 5.*. Inconsistent requirements for URIs

-- icn: appears to be any URI per Section 5.1.3.  This would make gopher://,
ftp://, https:// all equally valid.  These have different security
characteristics.

-- jcd: per Section 5.1.4 “is intended to directly match the Call-Info header
field value defined in [I-D.ietf-sipcore-callinfo-rcd].” Section 4 of that
document says it “MUST define the use HTTPS or a transport that can validate
the integrity of the source of the resource as well as the transport channel
through which the resource is retrieved”.

-- jcl: is an HTTPS URL (per Section 5.1.5)

Why are these different?  Support different levels of transport security?

You are correct, i fixed “icn” to specifically be an HTTPS URL vs generic URI.  jcd is not a URI, it’s a directly included JSON jcard object in the “rcd" claim.


IIRC, a previous version did specify HTTPS URLs for “icn”, but we discussed the possibility that an icon could be imbedded in a body part of the SIP request and be referenced with a “cid” URL. I suppose that if that is true for “icn”, it is probably also true for “jcl”.

That being said, I am not aware of anyone actually doing that (yet) will not object if we think it is better to limit it to HTTPS. (Or as a compromise,  say it MUST be either HTTPS or CID?)



[…]

v2.23.0 | Report a Bug | By Email