[stir] Ben Campbell's Discuss on draft-ietf-stir-rph-03: (with DISCUSS and COMMENT)
Ben Campbell <ben@nostrum.com> Tue, 17 April 2018 02:27 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: stir@ietf.org
Delivered-To: stir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 8993012D86C; Mon, 16 Apr 2018 19:27:09 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Ben Campbell <ben@nostrum.com>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-stir-rph@ietf.org, Russ Housley <rhousley@vigilsec.com>, stir-chairs@ietf.org, rhousley@vigilsec.com, stir@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.78.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <152393202955.26114.3853075658304497317.idtracker@ietfa.amsl.com>
Date: Mon, 16 Apr 2018 19:27:09 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/lqyHmPeyLZX0LY3aHmnATvxwzOQ>
Subject: [stir] Ben Campbell's Discuss on draft-ietf-stir-rph-03: (with DISCUSS and COMMENT)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Apr 2018 02:27:10 -0000
Ben Campbell has entered the following ballot position for draft-ietf-stir-rph-03: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-stir-rph/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Thanks for this work. I plan to ballot "yes", but I have a couple of points I think need to be discussed first. §4.2: " If the signature validation fails, the verification service should infer that the calling party is not authorized for ’Resource-Priority’ as indicated in the claim. In such cases, the priority treatment for the associated communication service is handled as per the local policy." I suspect there will be deployments where the node making these local policy decisions is downstream from the verifier. How do they know RPH verification failed? Should the verifier strip resource priority header fields for which validation failed? §7.2: o The verification of the signature MUST include means of verifying that the signer is authoritative for the signed content of the resource priority namespace in the PASSporT." I gather the intent is to leave that means to local policy, or to be specified elsewhere. I think that's a problem from an interoperability standpoint. The verifier needs a way to know whether the authorizer is authoritative for the RPH. If we want authorizers and verifiers from different vendors to be able to interoperate, it seems like at least some mechanism needs to be standardized and possibly MTI. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- General: It's probably worth updating the references to 4474bis and passport to their respective RFCs. §3, 4th paragraph: The imbedding of ABNF in the middle of a paragraph is difficult to read. It would be helpful to separate that from the surrounding text in the conventional fashion. §3, 5th paragraph and throughout: The repeated use of "r-value ="namespace "." priority value" is hard to read. Please consider giving that parameter construct a name, and using the name throughout. §3, 7th paragraph: "The authority MUST use its credentials (i.e., CERT)" Does "CERT" mean "Certificate"? I assume it's not "Computer Emergency Response Team". §4.1 : A SIP authentication service typically will derive the value of "rph" from the ’Resource-Priority’ header field based on policy associated with service specific use of the "namespace "." priority value" for r-values based on [RFC4412].: "Typically" usually implies "Most but not all of the time". Is that the intent? §4.2, last paragraph: Am I correct to guess that this is talking about valid claims?
- [stir] Ben Campbell's Discuss on draft-ietf-stir-… Ben Campbell
- Re: [stir] Ben Campbell's Discuss on draft-ietf-s… Subir Das
- Re: [stir] Ben Campbell's Discuss on draft-ietf-s… Ben Campbell
- Re: [stir] Ben Campbell's Discuss on draft-ietf-s… Das, Subir