Re: [stir] JWT/JSON (was - Re: Review of: draft-ietf-stir-passport-05)
"Peterson, Jon" <jon.peterson@neustar.biz> Mon, 08 August 2016 21:45 UTC
Return-Path: <prvs=10288e920a=jon.peterson@neustar.biz>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FDAD12D531 for <stir@ietfa.amsl.com>; Mon, 8 Aug 2016 14:45:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.701
X-Spam-Level:
X-Spam-Status: No, score=-102.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=neustar.biz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bf5o83RZR2ef for <stir@ietfa.amsl.com>; Mon, 8 Aug 2016 14:45:05 -0700 (PDT)
Received: from mx0b-0018ba01.pphosted.com (mx0b-0018ba01.pphosted.com [67.231.157.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34F2912D529 for <stir@ietf.org>; Mon, 8 Aug 2016 14:45:05 -0700 (PDT)
Received: from pps.filterd (m0049401.ppops.net [127.0.0.1]) by m0049401.ppops.net-0018ba01. (8.16.0.17/8.16.0.17) with SMTP id u78LhPkg031633; Mon, 8 Aug 2016 17:44:58 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=neustar.biz; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=neustar.biz; bh=qx1VJ0auu1aUJUTEYP8tsSUYOeoJv4tPJ0z5rE5bzqM=; b=uvV00L1T0Yumc8XtOZ6VHGALuUI1aYg85zrvx2ReFEtIlr5fTX7/jJOsQ4Z7ZabfLPUu rk29aMq0135gUqyR/HoMOOQEl6JiItvsL3ZAIR4XtFAMZCmM3uSlayKiNvLz9vyaoylS 6Hc4VkrPXwpI1HfEOZ+RrURwe9ekprR1Q4KcfVFj6yFL5Drt/RJz69VEbNY5fejYYruf CqYb095/MBBuZbkJUXmAohsx9dBeuNw8qT7Nv6vXPE1nVslTseh8a3MMpGk+vf/9n28N lfkf6iMt9UaQIMKPsqvChTrctffwQDmvSRA7kOcJInjWHc3B+5QMr1UOqFiJDS6oFX1p Bg==
Received: from stntexhc10.cis.neustar.com ([156.154.17.216]) by m0049401.ppops.net-0018ba01. with ESMTP id 24nc7a766n-1 (version=TLSv1 cipher=AES128-SHA bits=128 verify=NOT); Mon, 08 Aug 2016 17:44:58 -0400
Received: from STNTEXMB10.cis.neustar.com ([169.254.5.94]) by stntexhc10.cis.neustar.com ([169.254.4.225]) with mapi id 14.03.0279.002; Mon, 8 Aug 2016 17:44:57 -0400
From: "Peterson, Jon" <jon.peterson@neustar.biz>
To: "dcrocker@bbiw.net" <dcrocker@bbiw.net>, Christer Holmberg <christer.holmberg@ericsson.com>
Thread-Topic: [stir] JWT/JSON (was - Re: Review of: draft-ietf-stir-passport-05)
Thread-Index: AQHR8brwrNk3cgxDsEaYkseWd4G+9KA/ZnIA
Date: Mon, 08 Aug 2016 21:44:56 +0000
Message-ID: <D3CE482C.1A6E69%jon.peterson@neustar.biz>
References: <07e0eb16-6758-cdf1-c571-1f1ed768e741@dcrocker.net> <D3C152B2.1A69BA%jon.peterson@neustar.biz> <b096b541-c8af-9617-c9d7-5a1beb5230e8@dcrocker.net> <D3C16040.1A6A09%jon.peterson@neustar.biz> <d66d91f0-9ea2-6295-e749-e48ea37b4892@dcrocker.net> <cfd714ce-6145-1b60-aca2-ae702a8c133d@dcrocker.net> <7594FB04B1934943A5C02806D1A2204B4771FF73@ESESSMB209.ericsson.se> <5fdf4ad3-1528-3d79-6bdb-b5eb350e5c2a@alum.mit.edu> <dbb24381-55fd-fa64-d32b-fcc50265ccab@dcrocker.net> <7594FB04B1934943A5C02806D1A2204B47723C55@ESESSMB209.ericsson.se> <503738d8-c166-dfc1-d153-338d56b844c1@dcrocker.net> <7594FB04B1934943A5C02806D1A2204B4BBB1D69@ESESSMB208.ericsson.se> <51D45AE5-67D2-4120-BCA2-7BFC845E2126@neustar.biz> <fe9c9960-55f3-1187-f093-9adf13aaf841@dcrocker.net>
In-Reply-To: <fe9c9960-55f3-1187-f093-9adf13aaf841@dcrocker.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.3.160329
x-originating-ip: [10.96.12.28]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <8E4B55D8D266BE4AA34DA3449EB564F0@neustar.biz>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-08-08_15:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1604210000 definitions=main-1608080233
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/pRQ6W2aXf6lOWENZM0iH7hHaG28>
Cc: "stir@ietf.org" <stir@ietf.org>, Paul Kyzivat <pkyzivat@alum.mit.edu>
Subject: Re: [stir] JWT/JSON (was - Re: Review of: draft-ietf-stir-passport-05)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Aug 2016 21:45:08 -0000
PASSporT is indeed an object format in its own individual specification, if that's what you mean by the "level of indirection". I consider it a point of architectural modularity. The working group agreed to organize the work this way because we did not want to tie STIR too closely to any particular using protocol (such as SIP). The actual job that needs to be done here is mitigating the threats defined in our charter and threat model, which are not specific to SIP. Even though we've repeatedly explained to you that this independence from SIP was the motivation for adopting PASSporT, it still does not seem to be sinking in, as you keep saying things below about how the role of PASSporT is SIP-specific. Although you seem to feel that this modularity is for some reason a matter of impossible complexity, the working group, as far as I can tell, is comfortable with this architecturally. I'm aware of a couple of early implementations, of running code that does this today. While the situation you describe sounds very alarming, it is also as far as I can tell utterly detached from reality. If there's a practical problem here worthy of a fundamental reconsideration of our direction, it is not coming through in your objections. Jon Peterson Neustar, Inc. On 8/8/16, 2:21 PM, "Dave Crocker" <dhc@dcrocker.net> wrote: >On 8/6/2016 10:50 AM, Peterson, Jon wrote: >> Briefly, there is and always has been a "bare minimum" set of headers >> and claims that are mandatory for PASSporT. Ultimately, the question of >> what headers and claims are mandatory in PASSporT is a stir-passport >> question. SIP as a using protocol of PASSporT defines only which fields >> in a SIP request will populate those mandatory components of a PASSporT >> object, and that information is given in considerable detail in RFC >> 4474bis today. >> >> Extensions may propose additional claims that will appear in PASSporT >> objects. The extensibility model of PASSporT is similarly a matter for >> the PASSporT spec rather than RFC 4474bis, though we anticipate that >> extensions may want to specify some initial using protocol behavior as >> well. We should have a few examples of that soon. > > >I've read through the above a few times, to make sure I understood it. >(Really, it did take more than once.) > > >The role being played by passport is to aid in authentication of the SIP >caller-id information. In terms of STIR's charter and the current round >of specifications, that's is sole role. (I've phrased it with a generic >term like 'caller-id' in order to encompass the variations that provide >the value to be validated.) > >In spite of having carefully read the passport spec and slogging through >the rfc4474bis spec, I had not fully appreciated the level of >indirection and complexity being introduced with the passport construct, >until your note above. > >This isn't just an encoding abstraction. It's an entirely independent >layer of complex mechanism, where the actual job that needs to be done >is just finding a key and then hashing and signing some SIP header >information. > >The aggregate complexity and indirection of the specs developed so far >seem to make it essentially impossible to determine a specific usage >scenario that is viable. And from what I can tell, this includes an >inability to determine what details are yet to be specified, before >there is core, usable capability that can operate over the Internet. > >d/ >-- > > Dave Crocker > Brandenburg InternetWorking > bbiw.net
- Re: [stir] Robocall Strike Force Richard Shockey
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] Robocall Strike Force Paul Kyzivat
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] Robocall Strike Force Tony Rutkowski
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] Robocall Strike Force Tony Rutkowski
- Re: [stir] Robocall Strike Force Richard Shockey
- Re: [stir] Robocall Strike Force Tony Rutkowski
- [stir] Robocall Strike Force Tony Rutkowski
- Re: [stir] Setting Direction for the STIR WG Last… Christer Holmberg
- Re: [stir] Setting Direction for the STIR WG Last… Russ Housley
- Re: [stir] Setting Direction for the STIR WG Last… Russ Housley
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] Setting Direction for the STIR WG Last… DOLLY, MARTIN C
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] Setting Direction for the STIR WG Last… Tony Rutkowski
- Re: [stir] Setting Direction for the STIR WG Last… Brian Rosen
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] Setting Direction for the STIR WG Last… Brian Rosen
- [stir] Setting Direction for the STIR WG Last Call Russ Housley
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Richard Shockey
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Paul Kyzivat
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- [stir] JWT/JSON (was - Re: Review of: draft-ietf-… Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Christer Holmberg
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] Review of: draft-ietf-stir-passport-05 Christer Holmberg
- Re: [stir] Review of: draft-ietf-stir-passport-05 Richard Shockey
- Re: [stir] Review of: draft-ietf-stir-passport-05 Victor Pascual
- Re: [stir] Review of: draft-ietf-stir-passport-05 Christer Holmberg
- Re: [stir] Review of: draft-ietf-stir-passport-05 Chris Wendt
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Peterson, Jon
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Peterson, Jon
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Peterson, Jon
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Peterson, Jon
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Richard Shockey
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Eric Burger
- [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Robocall Strike Force Dave Crocker
- Re: [stir] Robocall Strike Force Dave Crocker
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] Robocall Strike Force Richard Shockey
- Re: [stir] Robocall Strike Force Tony Rutkowski
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] Robocall Strike Force Richard Shockey
- Re: [stir] Robocall Strike Force Paul Kyzivat
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Eric Rescorla
- Re: [stir] Setting Direction for the STIR WG Last… Russ Housley
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Eric Rescorla
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Chris Wendt
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Eric Rescorla
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Eric Rescorla
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Eric Rescorla
- Re: [stir] Review of: draft-ietf-stir-passport-05 Michael Hammer
- Re: [stir] Review of: draft-ietf-stir-passport-05 Eric Rescorla
- Re: [stir] Review of: draft-ietf-stir-passport-05 Chris Wendt
- Re: [stir] Review of: draft-ietf-stir-passport-05 Alex Bobotek
- Re: [stir] Review of: draft-ietf-stir-passport-05 Stephen Farrell
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Chris Wendt