IETF Logo Mail Archive

Re: [stir] Shepherd Review of draft-ietf-stir-servprovider-oob-24

"Peterson, Jon" <Jon.Peterson@transunion.com> Mon, 23 October 2023 20:51 UTC

Return-Path: <Jon.Peterson@transunion.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2549EC16F3EC; Mon, 23 Oct 2023 13:51:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transunion.com header.b="lYXFwjmo"; dkim=pass (1024-bit key) header.d=transunion.onmicrosoft.com header.b="JHb7lPmX"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3u7Joo2ndceO; Mon, 23 Oct 2023 13:51:10 -0700 (PDT)
Received: from mx0b-00030c01.pphosted.com (mx0b-00030c01.pphosted.com [67.231.153.155]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19E78C15107F; Mon, 23 Oct 2023 13:51:09 -0700 (PDT)
Received: from pps.filterd (m0216090.ppops.net [127.0.0.1]) by mx0a-00030c01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 39NKbEao017745; Mon, 23 Oct 2023 15:51:09 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transunion.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=tuppdkim; bh=id0cLznno+hrF4IqX5R6P4MC4pPfTNlaiqv79+I9eBc=; b=lYXFwjmomsWHY47b9XupfzVsWBBiYJurRdro3HTrQPIcroXJc4YF1OYpfruxg/IibewO wR71DsSMc1LuHKyhmNKqmZGR4hl9LwDZ+W2VfJ7gMAvmEymJvvVWx72Phpyd5k5qyrEV qgRJnwtW2P96k8rmoyE6rokhSWvYbH8/wTPTioMenO7uIkO1CDx7Opv14gBZfSDpvAtv PflLNKgW8gjvGbJAC2ehbxqXCOoxGydkO59qRVniAtUJD3XhtQrqL8jxhVsYhUEi3jIy 3FHDb2yQnWMJ50Kcpoe/wbzwdydihuA/Of1qI70oQb+Sy2Shiz03Zp8kLidHx8c8OBAl zQ==
Received: from nam11-dm6-obe.outbound.protection.outlook.com (mail-dm6nam11lp2168.outbound.protection.outlook.com [104.47.57.168]) by mx0a-00030c01.pphosted.com (PPS) with ESMTPS id 3twcrvup9v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 23 Oct 2023 15:51:08 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WPUuwDYrl3evEbDK+1+OsF4PF9Uk0GwJ77fM+t9r2JrkIPG1VLBMtm5J5bBgF5P30Jv4N7Jd2TS5Dlx7bPut4ww1YAvY/em/MUWkz7hVw595aPrDYQb1lDHDG6VC/fayGWyiMJxsW9R0zXVyVOTsaMx5xMVcK0z84hSJQfbyQ8bPwMDWskV4ASxsiAZPF9BvnR6y7DPQ5qC2h9sX+W8+doLB7Ay98oxMJuC72rFy586PdePZAPQIvBW4nr9eZE9RHamPx/AoALTqbHvS71++swko6Ti3fRwZJ0Ixxm3A4OiU/JcDl6KO6QB2MiMXNHI++vskqKX9tqpjWA5NeBkKug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=id0cLznno+hrF4IqX5R6P4MC4pPfTNlaiqv79+I9eBc=; b=fab/LDKmgN7hhCJ8/nHEyKdPC488tx3C2LwPzRU+YQJ+PfhqU5uLAxMBJ4KzicZEKAtjaesp9FBIOl/kCkaGXacC2b2S0VBgTZLguRcUcXHCdBDBc3WdQFvKqhYkKJUdNZvHn0DsNYFOF2trI+voX/YHNCbmxLgY26UPxUsW+qX9k2xyJLjjzMFjuCK8llZ1hv1ACZDraEq6CU1aJrwfTJlcwXYLJW1qtwEH/nVYXbLRRIOAiCLxMAx+9up0vhnmDhDniZQWvjMDZCzT3U8G5Wnwdx2Tx87AIUU2qPQht7xIgxb+FLun++nQuZ7UjAhQdccUH7c1pjYk4NvnMLfulg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=transunion.com; dmarc=pass action=none header.from=transunion.com; dkim=pass header.d=transunion.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transunion.onmicrosoft.com; s=selector2-transunion-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=id0cLznno+hrF4IqX5R6P4MC4pPfTNlaiqv79+I9eBc=; b=JHb7lPmXcJhBLH0mluKsqhQ3X5Q+z0lnHfi9ekGUk1ndsbKzMYrZqqYCMJyclgj1Qnovvesj0rapQ2OGITqIsBHexA+tEmBJeWeYegJqK3vX/7J0Ryx9O04MYCt/tg145FCBJcvaW8kGbG4wp2e9eZoK5j3zhuaNG4fgEtibUMw=
Received: from CO6PR17MB4978.namprd17.prod.outlook.com (2603:10b6:303:139::23) by BL3PR17MB6089.namprd17.prod.outlook.com (2603:10b6:208:3b8::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.9; Mon, 23 Oct 2023 20:51:04 +0000
Received: from CO6PR17MB4978.namprd17.prod.outlook.com ([fe80::3dbf:226d:4592:f872]) by CO6PR17MB4978.namprd17.prod.outlook.com ([fe80::3dbf:226d:4592:f872%6]) with mapi id 15.20.6933.014; Mon, 23 Oct 2023 20:51:04 +0000
From: "Peterson, Jon" <Jon.Peterson@transunion.com>
To: Ben Campbell <ben@nostrum.com>, IETF STIR Mail List <stir@ietf.org>
CC: STIR Chairs <stir-chairs@ietf.org>
Thread-Topic: Shepherd Review of draft-ietf-stir-servprovider-oob-24
Thread-Index: AQHZ/YzconqHn+p8d0iQO6j/YJQRabBXdD5+
Date: Mon, 23 Oct 2023 20:51:04 +0000
Message-ID: <CO6PR17MB49784E2CCF28CA0A7D4C933FFDD8A@CO6PR17MB4978.namprd17.prod.outlook.com>
References: <C9898106-3EF7-47E0-9588-4A413DBC25CB@nostrum.com>
In-Reply-To: <C9898106-3EF7-47E0-9588-4A413DBC25CB@nostrum.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CO6PR17MB4978:EE_|BL3PR17MB6089:EE_
x-ms-office365-filtering-correlation-id: 1aa7fda6-946c-48ce-145a-08dbd409c61c
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: uXGCA2sNX3cofEOzcODsEifGz652fZdNHjJOj8/88Qn1gW4rHRcHMoBGcSD8BgCXWSpfuOg2rcEBmn0I7YUFFd0r+0rEBz/A094urdHVfuHf8/23ZybkSou74XDZ9B6NumFkPWuL3UOjGRvMWj+faPLcEvO+j9x3R3xZDxgo7wn1j1NoqE2T7/GeU+CAraFAGaPwqAj+0OFBDd4Ef7bqMHc2V9feMKAGFrD1kM5xLCvFBdZFS+CvWBrJsuPxe5cZPZdF1p1jVvV1CEjIwfJcqlh8B+33L3TBm6XoHuB92Xva8/4WuHpA2J67ZikUj4sOHbqmlz/9au/S4rLLl2ANsLQhkanEbkYPrwZffo5hIifv4Tz6CFfY7N2pUloS9aGtNJjdQ0ptLKt2laTfxICkW9j+mcUeVsszSqhGjbB7Pw9RYJE2l1toRk39ckztaFyoyozZryHJdUmUoMjjV7veyjRNSYF/1z8tOByUgMka0bdKlUepDs/c4j06Bit5BoJbV4PrMXgOsBxy701vPTd2vjpf5sGDlAG3W7/rdsI63Uhrf7BR3v8Lsufw2FMAuCPHHzQ15StbC+/VUTDqmI4nvJS4T8E4SkiwEhlE9ou1wZzjnunVjNkppryuer8MK0Od
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO6PR17MB4978.namprd17.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(346002)(396003)(39860400002)(376002)(136003)(366004)(230922051799003)(451199024)(64100799003)(186009)(1800799009)(38070700009)(55016003)(4326008)(8936002)(5660300002)(86362001)(8676002)(52536014)(38100700002)(6506007)(2906002)(9686003)(83380400001)(26005)(122000001)(71200400001)(33656002)(7696005)(478600001)(64756008)(316002)(110136005)(76116006)(66446008)(66476007)(66556008)(66946007)(41300700001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: QYSem7/fW9OuW/CfRyvnIqWZJTY47zJZMJMJ+paMDbd7BzEUMxadusMTOL6ieuGjAA7hkU46GIz/ovLHJQUwTCCn9lHrbXIVwPJej0dR4WPTCAtnx5IBljkiE81m/fAuZFMYl3xl4RQiD8n1ZqBEQRKdYNye9SLuW1DZE6Fsf16rHD+zSdwb9vEZ1llkvxJM7VWDy/rJe4LzOaIuD7Nl9J9VARB9STMPFsj2NJHl+7KtPORL9i8x2IeCZyMhQ1dCNJBNetNNI/EUnck/smfmO/r2tshD+roQMBr13JdD/HHLrJSMSajppVNkXHgJo+6CflpULA7aQmF1y0AJP6OMXyWNd152eWyY4y+vC0gNt6SsDSFF8kQuv/p4HIpUfQze9+Hao+e0NgcmJaKKieNh94KwXZmOALSQvPi69k3ZcQe4O3ZrTtqZp89pFGNrq76YHOwQMB2sbe1eJX7nG1YKg4yfkk/ECkcvCNxr1vfNtxZvlr8sIx85QEjmR3kpYeVpkg/TCL6NkC7E0iSMrV1zrxkcakvkIoZRYq/kUiwfXsUe2VbbuysFaKJRsMpsKaVFR9LXw6Pht3ubPtX7Gd3abTCd7qUUwQjZjW71LmFa3WMRdc9rUd++MrRBg9zEVkYQhKupYd/WU94O/CRZleMNCY/pIgQaVkXKlYG9Q4bDpivsMaafeDEoUnPZMIVocW2aXji2O/H5DdiPhWWoCjeNiiazU5joYx55jSIwZcNw3FSz0RQ6tAaUpF7Tq79HEXZo0g+Xr2E0ld3xEpHIWKXdmDLUrwwGMLyAnswym8kizUt/cVqtEuishMpseKzWbtPmqXn8lEAHPLJVp9buuwiAluoBjc+BLW8GFoVYBpTzvjb2nNh0eWlnCc+TKOsOCTFuJ5XqDDGTyx6hYByaO3MuaIeHYUZ2060NHzbgYSePanyCrf5abYbscliyDP9U1DlkKqoONSnYSPkSK4DY9OJdVhkDyIDzbPjm0bTw7zU9d8ivIz3U72SjcBu6P3Ono7SCTKLD0rgvQG2G7+RWarAEwnNm/uV41Np9fujjByXu5jFJ0WI5+msfd/QTjK5vvt0ywjeT2pF47Z6q4LccLtcBtyHPw0wuf0pprN5ACBNAezO6oqiHZhCWvEp6GuQI1gucraI3ucMIR9hK8Gdo9Kck//BYba/sVeqohVj0uoFox7GDgOgg/Zm5yB4wZuqlJ7lSSDSuS0+PmmOAujQRLJIe+E8DRV5kvWtFWLwRnA5Kll+TpzHlqxS408Oh8FJuZwhYnbr/3kgcEIOZeJcxGAU4GfPFmgHkJ4oHlPZbM3nGWMdzsM9N1KgShlS3B2LGJ8UHheC9qUsVcKfMmRE4hdB6vtw8pGYC4MrqDWXBSgpRw1AvGZDmb12NzQEHh3KdHg6nDvTWqq4ldl9Er+Nqg6JpXQtSJeoig/rFYtK8nOIGoxcIHNvwRHBtxCqBoWCTyWKexR3YfkpgmsBp4TgxVw5qkTj+H5ynQYHeQX+x5izx2U/uW1MrrYUXtXNTmLftV1pgfDgtzqgFAZapWZP+/ZmOs2+x0HKOdv9HvXZjSGiic8Nfl4nGJJFxBmHChanQowsnWKWDJIz7bSPfh0r5rK77sOVkmAIxNp0/0RtcBVJtnpM=
Content-Type: multipart/alternative; boundary="_000_CO6PR17MB49784E2CCF28CA0A7D4C933FFDD8ACO6PR17MB4978namp_"
MIME-Version: 1.0
X-OriginatorOrg: transunion.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO6PR17MB4978.namprd17.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1aa7fda6-946c-48ce-145a-08dbd409c61c
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Oct 2023 20:51:04.6113 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0685d760-4332-4f24-b2ea-ffbbc2383f15
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: zEBRucoMKfyfgtiXhlM0EtmWDXnMkrVDhYW9rRH9SqNu2wt2NndMgdPkfXl4MzdinazO9KvqG6vdAy34peZ0ph03yHPmzNjxUnxwdLUbfgQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL3PR17MB6089
X-Proofpoint-GUID: XeXse3xkEmcpqriXp0nziXHqLxr3alM4
X-Proofpoint-ORIG-GUID: XeXse3xkEmcpqriXp0nziXHqLxr3alM4
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.980,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-10-23_20,2023-10-19_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 mlxscore=0 lowpriorityscore=0 mlxlogscore=999 clxscore=1011 suspectscore=0 adultscore=0 priorityscore=1501 spamscore=0 bulkscore=0 phishscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2310170001 definitions=main-2310230182
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/ue1OgOgHHaBSp718ouxksSlcx00>
Subject: Re: [stir] Shepherd Review of draft-ietf-stir-servprovider-oob-24
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Oct 2023 20:51:14 -0000

Thanks for the read-through Ben. A few responses inline below.

Jon Peterson
TransUnion



# Substantive:



## General:



Is informational still the right status? It has quite a bit of normative language. There’s nothing inherently wrong about that, but that sort of thing does tend to trigger AD questions. If “Informational” is still correct, I suggest adding a paragraph somewhere early in the document to say why we think that and why we still included 2119/8174 language. IMO, this would be helpful both to head off questions in advance and to help end-readers understand how to think about the document. (I suspect the fact that 8816 is informative is a lot of the reason, but there are work-arounds if we think this document effectively defines a standard.)



I’m happy advancing it as PS, and having a downref to RFC8816. I think we went back and forth about that at one point. The respin will have this as std.



## §4, 2nd paragraph: “ The advantage to signing with STIR certificates is that they contain a "TNAuthList" value indicating the telephone network resources that a service provider controls.



Unfortunately, here, the biggest current deployment of STIR mostly still just puts SPCs in TnAuthList. The ATIS approach effectively allows any SPC token holder to attest to any phone number.



I thought “telephone network resources” was vague enough that it does not entail TNs as such, or at least, that was the intention. Any CPS that cared to check could consult the relevant industry databases or analytics to make a determination whether a carrier with a given SPC should actually be uploading a PASSporT from that “orig.” Or, SHAKEN-style, it could just take everything and leave it for terminating-side analytics to make the similar determination. That seems more like a matter of local policy than bits on the wire.



# Editorial:



## Abstract, last sentence: If we stick with “Informational”, I suggest saying “This document describes” rather than “This specification defines”.



Again, since we’re pushing this as PS, I’ll just stick with the current language.

.

## §1, 2nd paragraph:

###  “… and who thus will learn about the parties to communication independently…”



The phrase is a little hard to follow. I suggest “...Who thus will independently learn about the parties to communication…"



Agreed that isn’t great. How about: “and thus who will necessarily know the parties communicating”.



### “… like mobile networks …”



Given that modern mobile networks tend to use SIP, they might not be the best target to pick on. Maybe something like “such as legacy non-IP telephone networks”



Okay.



### “ where in-band transmission of STIR may not be feasible:



s/STIR/PASSporTs



Okay.



## §10, first paragraph: "This draft mitigates those concerns by making the CPS one of the two parties to call setup”



In the gateway case, there may be more than 2 parties to the call setup. I suggest changing “one of the two parties” to “one of the parties”.



Okay, done. Thanks again!

v2.23.0 | Report a Bug | By Email