IETF Logo Mail Archive

Re: [stir] Getting PASSPORT Published

Chris Wendt <chris-ietf@chriswendt.net> Sat, 23 February 2019 16:19 UTC

Return-Path: <chris-ietf@chriswendt.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16C9012426A for <stir@ietfa.amsl.com>; Sat, 23 Feb 2019 08:19:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=chriswendt-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o9ecS4dd2vBu for <stir@ietfa.amsl.com>; Sat, 23 Feb 2019 08:19:51 -0800 (PST)
Received: from mail-qt1-x843.google.com (mail-qt1-x843.google.com [IPv6:2607:f8b0:4864:20::843]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CADCC12958B for <stir@ietf.org>; Sat, 23 Feb 2019 08:19:50 -0800 (PST)
Received: by mail-qt1-x843.google.com with SMTP id s1so6019316qte.5 for <stir@ietf.org>; Sat, 23 Feb 2019 08:19:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chriswendt-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=E44sGHbZ+WDOfEFAij88qM1oNjPK1gzv9HectMocNPs=; b=0dqZs2A2k3aECCfiUX5/9UPOn8l7OjYCyW8odS+fAxViPyrFDqlcb48XHc4SXzJ9ss TOyIcHsjgioIOZSJTsz4ZaBxPqbBzhDesE3HqCw1ucWFqvrcXhu2D3bEHLw7Dt+IhC6B dd83hp67j5Zrh4o5OFRz1VuGAHTvABkj1/u444vmuDAW+RMVZjFw/0t9QhMKv4S5FNGk dl0ZcLtOMOJrxzDC8XsGKSNk/uv6j/4A6+K2TKf1FZ2328dO8bjMv2vaIsg1Ur7LFeja EQiFDvGPAe7ePNTLlS1fLoXKWcMEv9MF5bEnpwhOkAhKoi+GbKlxOOjFmdH/5NGtvjDj +Olw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=E44sGHbZ+WDOfEFAij88qM1oNjPK1gzv9HectMocNPs=; b=oXsY0jy3EhjHiXxM0eqWSq1/vTu+1KWpfsz/fNL12ngFVwA2v+N3RCqkTJZBIgNhP7 CSyJE8b2wRrQBp7GYmXmRU4ik7Pm9WPpuS1ozHJwYlFq/ogs6hXWdfibvsk9Y5BwMExo VFq3rol9q3MyYhBNUlCnSjkk8D8kIhrCl7qQAW9ZaZukJHR5NiJ8BzU9Gqjn4ZMcWk8C RmHBgSCzIkcCuGNGf/yQxrH8gAeitC7uCB0jP1SkXQA98kXv1n1KzIRXI1WOOroKOBE3 lhAuod1CmuBqJ67iGtoOUtmT3A0HL+a65PnoO4Zq3Gze1nPhh1FOuvr9bFLtIfzsedvu nalA==
X-Gm-Message-State: AHQUAubVIb4QDB04b40h6LiEj0tVkudfUWoTbTHp6DheOex2cFfqrhEO NSZDrNgAhlLAVjcEsj5crYYb3Q==
X-Google-Smtp-Source: AHgI3IZKTv780DBUbvnDCu0QeOBD4LZ5zuShn68FcJ8BF1exhf23wZEhnSN2tKDtcEB6Z9EYD3TDhQ==
X-Received: by 2002:aed:21e2:: with SMTP id m31mr7527547qtc.44.1550938789802; Sat, 23 Feb 2019 08:19:49 -0800 (PST)
Received: from [192.168.201.245] (static-71-185-213-146.phlapa.fios.verizon.net. [71.185.213.146]) by smtp.gmail.com with ESMTPSA id j6sm2511577qte.29.2019.02.23.08.19.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 23 Feb 2019 08:19:49 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
From: Chris Wendt <chris-ietf@chriswendt.net>
In-Reply-To: <0f0c0664-e72f-b85b-1277-45e901e7c5c6@nostrum.com>
Date: Sat, 23 Feb 2019 11:19:47 -0500
Cc: "Peterson, Jon" <jon.peterson=40team.neustar@dmarc.ietf.org>, "draft-ietf-stir-passport-shaken.all@tools.ietf.org" <draft-ietf-stir-passport-shaken.all@tools.ietf.org>, "stir@ietf.org" <stir@ietf.org>, Eric Rescorla <ekr@rtfm.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <D1E27738-F0F5-4222-88C7-B2DA4F252AD1@chriswendt.net>
References: <17d7e50b-5012-74ec-d1a5-9c8b80d60f4e@nostrum.com> <3F73548D-63E9-4935-A27C-0BD7A9E89CA8@team.neustar> <0f0c0664-e72f-b85b-1277-45e901e7c5c6@nostrum.com>
To: Adam Roach <adam@nostrum.com>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/kv2E6ztNcQ-JcRE0lJ0Y9EHP3bQ>
Subject: Re: [stir] Getting PASSPORT Published
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Feb 2019 16:19:54 -0000

Hi Jon,

Thanks, this aligns very similarly with the response i provided in early January on what i now am realizing was only the stir authors and working group chair lists. 

origID will only likely provide information about a particular trunk or network element a customer might be associated with, but we are already exposing orig and dest, as well as OCN association in the certificate, so origID would be the last thing on that list i would want to correlate calls with to expose privacy information.

-Chris

> On Feb 22, 2019, at 2:32 PM, Adam Roach <adam@nostrum.com> wrote:
> 
> Copying EKR, as I'm not sure he reads the STIR list regularly.
> 
> /a
> 
> On 2/22/19 1:22 PM, Peterson, Jon wrote:
>> I think the proposed privacy text is fine.
>> 
>> In terms of whether this should be Info or PS, I think we're expecting that there will be a substantial amount of SHAKEN deployment out there before the end of this year. We wanted this documented here in the IETF because we wanted to make sure those PASSporT elements would be commonly understood by elements that receive them.
>> 
>> Should privacy concerns prevent this from being something that gets the blessing of IETF consensus? On balance, I don't think they should. Practically speaking, these orig IDs are not the main PII worry here - the originating number, the thing STIR exists to attest, is far more revealing than an orig ID, which is in practice used something a bit more like a trunk group identifier. Carriers have the proper incentives to make sure that those orig IDs are not externally linkable. But if the worry here is that targeted or mass collection of orig ID can tell us something more interesting about the people placing communications than the calling party number, it's hard for me to see how that would be true. And even if it were, the text (especially the new version) is already telling people to keep this UUIDs opaque.
>> 
>> Jon Peterson
>> Neustar, Inc.
>> 
>> On 2/21/19, 2:24 PM, "stir on behalf of Adam Roach" <stir-bounces@ietf.org on behalf of adam@nostrum.com> wrote:
>> 
>>     [as area director]
>>          tl;dr: I'd like to propose publishing SHAKEN as Informational instead of
>>     Standards Track, and tweaking the Privacy Considerations section.
>>     Details below.
>>               The draft-ietf-stir-passport-shaken document still has a DISCUSS
>>     remaining on it from IESG evaluation:
>>          > I would like to discuss the privacy properties of origids. As I read
>>     > this text, it does not actually require them to be unlinkable or that
>>     > it not be possible to determine whether two ids represent the same
>>     > person behind the origid generator, and I believe it should do so.
>>     > Practically implementing that may require an ID that is longer than a
>>     > UUID.
>>               While it's true that this behavior is defined in the ATIS document,
>>     publication of an IETF Proposed Standard carries with it the explicit
>>     indication that the IETF as a whole (including the IESG during their
>>     evaluation) thinks the approach being described is a Good Idea. In this
>>     particular case, the fact that the underlying mechanism does not
>>     inherently provide unlinkability for the underlying identifiers has been
>>     identified as problematic.
>>          At the same time, I'll note that the primary reason for this document to
>>     exist is to populate two IANA registries. Both of these registries are
>>     "Specification Required," which doesn't require the publication of a
>>     Standards Track document.
>>          An acceptable path to address this situation would be to instead publish
>>     draft-ietf-stir-passport-shaken as Informational, and to tighten up the
>>     privacy considerations slightly. I believe this could be achieved with a
>>     small change to the final sentence of section 10; we would replace:
>>          >    If the operator of an element is concerned about the
>>     >    correlation of 'origid' values, the element could be configured to
>>     >    use a unique 'origid' value per call in such a way that the operator
>>     >    can associate those 'origid' values to the correct element when doing
>>     >    lookups in their backend systems.
>>          With:
>>          >    Absent a compelling reason not to do so, operators should configure
>>     > their
>>     >    network elements to use a unique and externally unlinkable 'origid'
>>     > value
>>     >    per call in such a way that the operator can associate those 'origid'
>>     >    values to the correct element when doing lookups in their backend
>>     > systems.
>>               Does this sound like a reasonable path forward?
>>          /a
>>          _______________________________________________
>>     stir mailing list
>>     stir@ietf.org
>>     https://www.ietf.org/mailman/listinfo/stir
>>     
>> _______________________________________________
>> stir mailing list
>> stir@ietf.org
>> https://www.ietf.org/mailman/listinfo/stir
> 
>

v2.23.0 | Report a Bug | By Email