Re: [stir] Benjamin Kaduk's No Objection on draft-ietf-stir-rph-emergency-services-06: (with COMMENT)
"Murray S. Kucherawy" <superuser@gmail.com> Thu, 25 February 2021 15:33 UTC
Return-Path: <superuser@gmail.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89A053A1B36; Thu, 25 Feb 2021 07:33:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LmFcUQViuG5q; Thu, 25 Feb 2021 07:33:16 -0800 (PST)
Received: from mail-ua1-x92c.google.com (mail-ua1-x92c.google.com [IPv6:2607:f8b0:4864:20::92c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C194F3A1B34; Thu, 25 Feb 2021 07:33:15 -0800 (PST)
Received: by mail-ua1-x92c.google.com with SMTP id 67so2025063uao.1; Thu, 25 Feb 2021 07:33:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=JU31a9Zwhl2oMekx/pXmLkBoyySn9OKYppA8vwrxefo=; b=DPlAb5P+3k2j1JiVHtoKie+XRmlCQUiRWmFzOPr63OkwWnGbpbqiWuID9kGFB9S67r iFfKJLM8Isw6aN9XSZAQNpt/6EQIFzULZIvuASE9uTOVjn6Jq249RiZIEjZpqlhkN+IE uV7/WKp1EaME/zwESKQfvSjCHD9WgFs+h/cSfBF6HXBdI7qF1EAXfbqG7SW+yK70t8X0 jxk8FfGk9fqjhf0plzxeIqD2VJ/YJIlA7wbzUY9lytrfiW3CmIMGBp4D+G0IGR+iz3xP jT71gra2JOZd9s6SML4VqpXvtwJ6LJhClbPdHZXTqI5RoX09k0yHyvmheydiJMmBpE/M 7csA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=JU31a9Zwhl2oMekx/pXmLkBoyySn9OKYppA8vwrxefo=; b=aF2BdfU/C5ZY7DmB5pveoNS7GtzgfT3BU+UDWCkpO+GGEXfj7jp8f7P2G/aTqXg5XJ JaNo0N5m2SYXudDlKabpfAtlp6Do83wMGt3/R5GIPfUr2om9Jsvn4io03zZESCWafeDx MurahRuHtsjLF1a52NQ3zT6nmuprDQxufXGUpEi2/K1wIlUrqQTs3WYEuYm1ifjKX6wf 3ZHWukitF2sIIoTjTxYcRZSZrrB+Fwh1e4umnmOEUVlnN/ZyPy+eoHg6gifvHBP1qfIb 2kor14NBs+PXLXM9+FeKqMqJttFLXXMtpFtOhQ7XTFlgJILXAHtUNiFjvMjDz36R+z3U OP2Q==
X-Gm-Message-State: AOAM533TyzdmUBi9Yz6H8AGsYALLM7SKlDj3vHtHR/uS9vPS5qEW9KgN YoAXqR6xH/rq5TQGl0eM8Kl5t74o8c9C5DYjupk=
X-Google-Smtp-Source: ABdhPJxP3rpBpZrWFzEbNFGzWgB36mXrSTFcwnnPTQhqtoe0ttJ+8jF4fpFxPmCCBngmMxSB8g9x/o3ftvXtrXe975k=
X-Received: by 2002:ab0:16d9:: with SMTP id g25mr2189572uaf.101.1614267192970; Thu, 25 Feb 2021 07:33:12 -0800 (PST)
MIME-Version: 1.0
References: <161411877418.24418.14783669140552916107@ietfa.amsl.com>
In-Reply-To: <161411877418.24418.14783669140552916107@ietfa.amsl.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Thu, 25 Feb 2021 07:33:01 -0800
Message-ID: <CAL0qLwatgyTaWKJRnf7cjXEfyg0BfpfyC1fuaJC4014-jbumkQ@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: The IESG <iesg@ietf.org>, IETF STIR Mail List <stir@ietf.org>, draft-ietf-stir-rph-emergency-services@ietf.org, Russ Housley <housley@vigilsec.com>, stir-chairs@ietf.org
Content-Type: multipart/alternative; boundary="0000000000009c376c05bc2ade0b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/kg_nZG8MMr-rkgNYKlVoL5B47fE>
Subject: Re: [stir] Benjamin Kaduk's No Objection on draft-ietf-stir-rph-emergency-services-06: (with COMMENT)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Feb 2021 15:33:18 -0000
Hi STIR, This document is approved, but please consider at least adding the suggested additional references Ben mentioned here. Let me know if you concur and would like to post a revision before we send it for publication. -MSK On Tue, Feb 23, 2021 at 2:20 PM Benjamin Kaduk via Datatracker < noreply@ietf.org> wrote: > Benjamin Kaduk has entered the following ballot position for > draft-ietf-stir-rph-emergency-services-06: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-stir-rph-emergency-services/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Section 3 > > Similar to the values allowed by [RFC8443] for the "auth" JSON object > key inside the "rph" claim, the string "esnet.x" with the appropriate > > (nit) I suggest s/allowed/defined/, since RFC 8443 assumes the auth > array will be extensible. > > Section 4 > > The following is an example of an "sph" claim for SIP 'Priority' > header field with the value "psap-callback": > > { > "orig":{"tn":"12155551213"}, > "dest":{"tn":["12155551212"]}, > "iat":1443208345, > "rph":{"auth":["esnet.0"]}, > "sph":"psap-callback" > > (nit) the listed "iat" value corresponds to a date in 2015. Should > something more current be used? > > Section 5 > > The order of the claim keys MUST follow the rules of [RFC8225] > Section 9; the claim keys MUST appear in lexicographic order. > > We probably want to clarify that this requirement is in force for the > deterministic JSON serialization used for signature generation (and > validation). Especially so since the immediately preceding example has > the claims in a different order... > > Section 9 > > Thanks to Kyle Rose for the secdir review! > Kyle called out the considerations from RFCs 8225 and 8443 as also being > relevant (and I agree); please reference those as well as RFC 8224. > > > >
- [stir] Benjamin Kaduk's No Objection on draft-iet… Benjamin Kaduk via Datatracker
- Re: [stir] Benjamin Kaduk's No Objection on draft… Murray S. Kucherawy