Re: [stir] [Technical Errata Reported] RFC8224 (6519)
Marc Petit-Huguenin <marc@petit-huguenin.org> Wed, 07 April 2021 21:18 UTC
Return-Path: <marc@petit-huguenin.org>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEFCD3A2A36 for <stir@ietfa.amsl.com>; Wed, 7 Apr 2021 14:18:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PzMVBDn4y6hd for <stir@ietfa.amsl.com>; Wed, 7 Apr 2021 14:18:02 -0700 (PDT)
Received: from implementers.org (implementers.org [92.243.22.217]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CE8C3A2A34 for <stir@ietf.org>; Wed, 7 Apr 2021 14:18:02 -0700 (PDT)
Received: from [IPv6:2601:648:8400:8e7d:d250:99ff:fedf:93cd] (unknown [IPv6:2601:648:8400:8e7d:d250:99ff:fedf:93cd]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) client-signature RSA-PSS (2048 bits)) (Client CN "Marc Petit-Huguenin", Issuer "implementers.org" (verified OK)) by implementers.org (Postfix) with ESMTPS id 5BB5FAE255; Wed, 7 Apr 2021 23:17:57 +0200 (CEST)
To: Roman Shpount <roman@telurix.com>
Cc: Christer Holmberg <christer.holmberg@ericsson.com>, "fluffy@cisco.com" <fluffy@cisco.com>, "ekr@rtfm.com" <ekr@rtfm.com>, "jon.peterson@neustar.biz" <jon.peterson@neustar.biz>, "housley@vigilsec.com" <housley@vigilsec.com>, "stir@ietf.org" <stir@ietf.org>, "superuser@gmail.com" <superuser@gmail.com>, "chris-ietf@chriswendt.net" <chris-ietf@chriswendt.net>, "rjsparks@nostrum.com" <rjsparks@nostrum.com>, Francesca Palombini <francesca.palombini@ericsson.com>, RFC Errata System <rfc-editor@rfc-editor.org>
References: <20210406052047.50377F4079F@rfc-editor.org> <AM0PR07MB38602368B3ED807C9969F8DD93759@AM0PR07MB3860.eurprd07.prod.outlook.com> <CAD5OKxtinuycq+QHamaPx9OJYY6ZTe8-Ki-7HdrHzR4sR_RTiw@mail.gmail.com> <c75e736f-58c4-0783-b37b-6be20231ecad@petit-huguenin.org> <CAD5OKxvdwE9E-GSaUYLUJRU-Z3A2tCGstcJq=mVh=BGEJR70gg@mail.gmail.com>
From: Marc Petit-Huguenin <marc@petit-huguenin.org>
Message-ID: <b0c290dd-04ae-b593-c284-2bbdb7b18430@petit-huguenin.org>
Date: Wed, 07 Apr 2021 14:17:55 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.9.0
MIME-Version: 1.0
In-Reply-To: <CAD5OKxvdwE9E-GSaUYLUJRU-Z3A2tCGstcJq=mVh=BGEJR70gg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/tHc50xWg6vtLmgMfYHfPCzak-VM>
X-Mailman-Approved-At: Thu, 08 Apr 2021 08:24:20 -0700
Subject: Re: [stir] [Technical Errata Reported] RFC8224 (6519)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Apr 2021 21:18:08 -0000
On 4/7/21 2:06 PM, Roman Shpount wrote: > All the registered Personal Assertion Tokens are tokens: > https://www.iana.org/assignments/passport/passport.xhtml. > > There is nothing in RFC8225 that limits the ppt header parameter's value, > so to be compatible, ident-type = "ppt" EQUAL (token / quoted-string) is > correct. This, however, does not reflect the decision to always put quotes > around the ppt value from IETF 101. > > If this were up to me, I would say that the original ABNF is correct and > all the other documents and implementation which put quotes around the ppt > value are wrong. After all, these quotes serve no purpose except using > extra two bytes. Furthermore, there is no reason the use anything except > tokens to identify PASSporT Extensions. I agree. > > I would also like to point out that the definition of info parameter is > also problematic since it is not a valid generic-param: > ident-info = "info" EQUAL ident-info-uri > ident-info-uri = LAQUOT absoluteURI RAQUOT > > A quoted-string should have been used for the info, not the LAQUOT > absoluteURI RAQUOT. Good point. There is also the issue that an Identity header should have supported the use of repetition using COMMA, now the we can have multiple Identity headers in a message. Here we have to make it an exception, must like for the various authorization headers. > > I assume it is too late to fix either of these things. > _____________ > Roman Shpount > > > On Wed, Apr 7, 2021 at 3:25 PM Marc Petit-Huguenin <marc@petit-huguenin.org> > wrote: > >> Hi Roman, >> >> On 4/7/21 9:18 AM, Roman Shpount wrote: >>> Hi Christer, >>> >>> This is exactly the issue. ATIS documents and other RFCs like rfc8946 use >>> ppt with a quoted token. >> >> Shouldn't the ABNF now be, to be compatible with non-SHAKEN >> implementations, this: >> >> ident-type = "ppt" EQUAL (token / quoted-string) >> >>> >>> Also, according to IETF 101 STIR notes (which you took), the ppt >>> token value should always be quoted. I am not sure why it needed to be >>> quoted (I think this is wrong), but that was the decision. >>> _____________ >>> Roman Shpount >>> >>> >>> On Wed, Apr 7, 2021 at 11:23 AM Christer Holmberg < >>> christer.holmberg@ericsson.com> wrote: >>> >>>> Hi, >>>> >>>> I have not been involved in the discussions, so my apologies for asking >>>> something that have been discussed already, but what is the reason for >> the >>>> change? If you anyway are only going to allow "token" characters, why >> the >>>> quotes? Is the only reason to align with how the parameter is used in >> other >>>> specs? >>>> >>>> Regards, >>>> >>>> Christer >>>> >>>> >>>> -----Original Message----- >>>> From: stir <stir-bounces@ietf.org> On Behalf Of RFC Errata System >>>> Sent: tiistai 6. huhtikuuta 2021 8.21 >>>> To: jon.peterson@neustar.biz; fluffy@cisco.com; ekr@rtfm.com; >>>> chris-ietf@chriswendt.net; superuser@gmail.com; Francesca Palombini < >>>> francesca.palombini@ericsson.com>; rjsparks@nostrum.com; >>>> housley@vigilsec.com >>>> Cc: stir@ietf.org; roman@telurix.com; rfc-editor@rfc-editor.org >>>> Subject: [stir] [Technical Errata Reported] RFC8224 (6519) >>>> >>>> The following errata report has been submitted for RFC8224, >> "Authenticated >>>> Identity Management in the Session Initiation Protocol (SIP)". >>>> >>>> -------------------------------------- >>>> You may review the report below and at: >>>> >>>> >> https://protect2.fireeye.com/v1/url?k=ac0542ba-f39e7bbf-ac050221-86959e472243-713aff0f88c18be4&q=1&e=6be2f688-f156-4c8b-953f-2bec6cf24d76&u=https%3A%2F%2Fwww.rfc-editor.org%2Ferrata%2Feid6519 >>>> >>>> -------------------------------------- >>>> Type: Technical >>>> Reported by: Roman Shpount <roman@telurix.com> >>>> >>>> Section: 4 >>>> >>>> Original Text >>>> ------------- >>>> ident-type = "ppt" EQUAL token >>>> >>>> Corrected Text >>>> -------------- >>>> ident-type = "ppt" EQUAL DQUOTE token DQUOTE >>>> >>>> Notes >>>> ----- >>>> Based on IETF 101 STIR notes ptr= values should always be quoted. Also, >>>> ATIS-1000074 is using double quotes around ppt value. >>>> >>>> Instructions: >>>> ------------- >>>> This erratum is currently posted as "Reported". If necessary, please use >>>> "Reply All" to discuss whether it should be verified or rejected. When a >>>> decision is reached, the verifying party can log in to change the status >>>> and edit the report, if necessary. >>>> >>>> -------------------------------------- >>>> RFC8224 (draft-ietf-stir-rfc4474bis-16) >>>> -------------------------------------- >>>> Title : Authenticated Identity Management in the Session >>>> Initiation Protocol (SIP) >>>> Publication Date : February 2018 >>>> Author(s) : J. Peterson, C. Jennings, E. Rescorla, C. Wendt >>>> Category : PROPOSED STANDARD >>>> Source : Secure Telephone Identity Revisited >>>> Area : Applications and Real-Time >>>> Stream : IETF >>>> Verifying Party : IESG >>>> -- Marc Petit-Huguenin Email: marc@petit-huguenin.org Blog: https://marc.petit-huguenin.org Profile: https://www.linkedin.com/in/petithug
- [stir] [Technical Errata Reported] RFC8224 (6519) RFC Errata System
- Re: [stir] [Technical Errata Reported] RFC8224 (6… Cullen Jennings
- Re: [stir] [Technical Errata Reported] RFC8224 (6… Cullen Jennings
- Re: [stir] [Technical Errata Reported] RFC8224 (6… Roman Shpount
- Re: [stir] [Technical Errata Reported] RFC8224 (6… Christer Holmberg
- Re: [stir] [Technical Errata Reported] RFC8224 (6… Roman Shpount
- Re: [stir] [Technical Errata Reported] RFC8224 (6… Marc Petit-Huguenin
- Re: [stir] [Technical Errata Reported] RFC8224 (6… Christer Holmberg
- Re: [stir] [Technical Errata Reported] RFC8224 (6… Roman Shpount
- Re: [stir] [Technical Errata Reported] RFC8224 (6… Marc Petit-Huguenin
- Re: [stir] [Technical Errata Reported] RFC8224 (6… Roman Shpount
- Re: [stir] [Technical Errata Reported] RFC8224 (6… Marc Petit-Huguenin
- Re: [stir] [Technical Errata Reported] RFC8224 (6… Roman Shpount