[stir] draft-ietf-stir-passport

Jim Schaad <ietf@augustcellars.com> Sun, 23 October 2016 22:29 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 0FFD5129550; Sun, 23 Oct 2016 15:29:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.225
X-Spam-Status: No, score=-1.225 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, LOCALPART_IN_SUBJECT=1.107, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id sjrcOJDbJ7QC; Sun, 23 Oct 2016 15:29:40 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A78DC129440; Sun, 23 Oct 2016 15:29:39 -0700 (PDT)
Received: from hebrews ( by mail2.augustcellars.com ( with Microsoft SMTP Server (TLS) id 15.0.1210.3; Sun, 23 Oct 2016 15:45:41 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: draft-ietf-stir-passport@ietf.org
Date: Sun, 23 Oct 2016 15:29:24 -0700
Message-ID: <001701d22d7c$ea604ce0$bf20e6a0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdIs4KYXR1xPIGuRTGKXlgWopYvZMg==
Content-Language: en-us
X-Originating-IP: []
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/q6fh6tOK30U4DbPF1REoJFTiJ8U>
Cc: stir@ietf.org
Subject: [stir] draft-ietf-stir-passport
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Oct 2016 22:29:41 -0000

I have started looking at implementation of this and I have two suggestions
for changes to the document which I think will make the code easier to
implement.  I think that, with one exception, this will generate exactly the
same output for all of the current cases.

Change #1 in section 5.2.2

I suggest that the text be modified to say that the algorithm is:

1. Take the a=fingerprint lines from the SIP header.
2. Sort the lines based on the UTF8 encoding of the strings
3. Encode the array in the order of the sorted lines.
	- Each element in the array is a map
	- Each map contains two elements constructed as follows ....

I think that this will be the same as the current sorting order.

Change #2 in section 9

The current text in JWK-Thumbprint does not cover the cases that you need.

The JSON object MUST following the following rules.  These rules are based
on the thumbprint of a JSON Web Key (JWK) as defined in Section 3 of
[RFC7638].  They cover some additional cases that [RFC7638] did not need to

1. The JSON object contains no whitespace or line breaks before or after any
syntactic elements.
2. Map objects have the keys ordered lexicographically by the Unicode
[UNICODE] code points of the member names.  If two member names are equal,
then the JSON serialization fails.
3. JSON value literals are lowercase
4. JSON numbers are to be encoded as integers unless the field is defined to
be encoded otherwise.
5. Encoding rules are applied recursively to member values and array values.

The rule on two key names is new, but is implicit as JWKs are not supposed
to have two keys of the same name.  Having a generic rule on maps means that
one will not have a miss someplace if a new element is defined.