Re: [stir] WGLC: draft-ietf-stir-passport-rcd-09

[Christer Holmberg <christer.holmberg@ericsson.com>]

Hi,

I took a look at the draft.

My first comment is that I really think it could need a proper editorial review.

I will comment on some of the things I found, mostly focusing on the generic parts of the document.

GENERAL:
-------------

Q1: Please use consistent terminology. As a simple example, please use either "this document" or "this specification". The same goes for "specifies" and "documents". 


Q2: The document tries to be protocol agnostic. Still, in most cases the procedures are SIP specific, referring to SIP header fields, parameters etc. In some cases there is text like "or something similar in other protocols", but in some cases there is not. Similar to the comment I gave on the messaging draft, is there a reason why this draft cannot be scoped to SIP?


ABSTRACT:
---------------

Q3: I think the Abstract is too long. The first half would be enough, in my opinion. The rest is too detailed and should go elsewhere.


Q4:

The text says:

   "The JSON element defined for this purpose, Rich Call Data (RCD), is an extensible object
   defined to either be used as part of STIR or with SIP Call-Info..."

How is this used with SIP Call-Info? When reading draft-ietf-sipcore-callinfo-rcd, the only thing I can find is a string
value that saying things like "For your ears only". I assume the JSON object will be stringified and added as a Call-Info call-reason value, so
it would be nice to have some examples of that.


SECTION 1:
---------------

Q5:

The text says:

"The STIR problem statement [RFC7340] declared securing the display name
 of callers outside of STIR's initial scope, so baseline STIR provides
 no features for caller name."

I assume this applies to most/all extensions, so I am not sure it needs to be stated. At least the second part after the comma could be removed, in my opinion.


Q6:

The text says:

   "As such, the baseline use-case for this document extends PASSporT to
   provide cryptographic protection for the "display-name" field of SIP
   requests as well as further "rich call data" (RCD) about the caller,
   which includes the contents of the Call-Info header field or other
   data structures that can be added to the PASSporT."

What does "the use-case for this document extends" mean? I think what you want to say is that "based on some use-case, this document extends".


Q7:

The text says:

   "This document furthermore specifies a third-party profile..."

What is this "third-party profile"? I assume this has something to do with Section 12, but it is not very clear.


Q8:

The text says:

"This specification documents an optional mechanism for PASSporT and the associated STIR procedures
  which extend PASSporT objects to protect additional elements conveying richer information:"

This sentence is difficult to read. I think it is enough to say that the document defines a PASSporT extension, and the
associated STIR procedures, to protect...


Q9:

The text says:

"information that is intended to be rendered to assist a called party in determining whether to accept or
  trust incoming communications."

I think core PASSporT already contains information (e.g., the phone number) that is intended to be rendered, so perhaps talking about "additional information".

Also, not all information will be rendered as such. For example, I assume URLs will normally not be rendered, but rather the information (pictures etc) that can be
fetched using the URLs.


SECTION 3:
---------------

Q10:

The text says:

   "The main intended use of the signing of Rich Call Data (RCD) using
   STIR within SIP [RFC8224] or more generally as a PASSporT extension
   [RFC8225] is for the entity that originates a call, either directly
   the caller themselves, if they are authoritative, or a service
   provider or third-party service that may be authoritative over the
   rich call data on behalf of the caller."

I can't parse this 6 line sentence. The main intended use seems to be many things...


Q11:

The text says:

   "Additionally, in relation to the description of the specific
   communications event itself (versus the identity description in
   previous paragraph), [I-D.ietf-sipcore-callinfo-rcd] also describes a
   "call-reason" parameter intended for description of the intent or
   reason for a particular call.  A new PASSporT claim "crn", or call
   reason, can contain the string or object that describes the intent of
   the call."

What is means by "object"? When I read [I-D.ietf-sipcore-callinfo-rcd] I can only see human readable string values in the call-reason examples.


SECTION 9:
---------------

Q12:

The text says:

   "Either or both the "rcd" or "crn" claims may appear in any PASSporT claims object as optional elements."

Is it within the scope of this document to define what other PASSporT claims can contain?


SECTION 10.1:
-------------------

Q13:

   "For re-construction of the "nam" claim the string for the display-name in the From header field."

What if there is no From header field?

This is an example of my general comment about whether the document should be scoped to SIP.

---

Regards,

Christer