IETF Logo Mail Archive

Re: [stir] [E] RCD vs "div"

"Dwight, Timothy M (Tim)" <timothy.dwight@verizon.com> Thu, 10 March 2022 22:20 UTC

Return-Path: <timothy.dwight@verizon.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 349513A1C6A for <stir@ietfa.amsl.com>; Thu, 10 Mar 2022 14:20:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.006
X-Spam-Level:
X-Spam-Status: No, score=-2.006 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=verizon.com header.b=mvnYnOUg; dkim=pass (2048-bit key) header.d=verizon-com.20210112.gappssmtp.com header.b=e3wX6/J8
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6-ylqegBUskq for <stir@ietfa.amsl.com>; Thu, 10 Mar 2022 14:20:23 -0800 (PST)
Received: from mx0a-0024a201.pphosted.com (mx0a-0024a201.pphosted.com [148.163.149.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A4743A1C93 for <stir@ietf.org>; Thu, 10 Mar 2022 14:20:22 -0800 (PST)
Received: from pps.filterd (m0114269.ppops.net [127.0.0.1]) by mx0a-0024a201.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 22AJj1C9001303 for <stir@ietf.org>; Thu, 10 Mar 2022 17:20:21 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=verizon.com; h=mime-version : references : in-reply-to : from : date : message-id : subject : to : cc : content-type; s=corp; bh=H0a5F5TqB+pCsH1YuSC/SbNaKYUVRmg0MgbppnJxQ/U=; b=mvnYnOUgeWPg6jVwj+iq46yXMOGg/5iRNl/6STLxiP9UDg4x6xFJ0vDi2f5n03zZSdhI mTrR6rUDtcJd3Xc08+Da7lD3chCL6aoGBmv5hBRGA53zSu8CFHtgArRDtk6c7Yqf+cVO nP7wiWhv6Qqm1nNKJQwbgk6U+3f7rzkJ3uw=
Received: from mail-pj1-f70.google.com (mail-pj1-f70.google.com [209.85.216.70]) by mx0a-0024a201.pphosted.com (PPS) with ESMTPS id 3eq2se77sw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for <stir@ietf.org>; Thu, 10 Mar 2022 17:20:21 -0500
Received: by mail-pj1-f70.google.com with SMTP id p5-20020a17090a748500b001bee6752974so4023906pjk.8 for <stir@ietf.org>; Thu, 10 Mar 2022 14:20:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=verizon-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=H0a5F5TqB+pCsH1YuSC/SbNaKYUVRmg0MgbppnJxQ/U=; b=e3wX6/J8tVVBjpYfxzGgPLfNiwlBUyKPgWs8oPECs3JXX/i4egL2G2zUk7s/VAAuou X/CcYO495ucWGo3b7joSe65JQWcrC6mTnxwsO1dKrXKBOo20uV4XTYbMRBWn+IH8y8rV TSsBShPFnNDbREwJSDX+26x2BV8F0s8q8ekjc/amIJNoe6T9r7Oh/7/TJdp38fSJcHmw c/nRLEbfKTJZyP8omqcVidVm07EgMkFS+zwrMxnOMMmUKTq9whn2+7XiTdCz+7oLJyYU cbcpILqASVY4iV45LybyU3dgQVJfZKz20rVSZRCQDspAcPDkbxJ42y6WwdRI7oQusDtZ lPog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=H0a5F5TqB+pCsH1YuSC/SbNaKYUVRmg0MgbppnJxQ/U=; b=FAIwlp7QRP4wO8S3LjXmXzTI4d/M89BVjbE4kfmtSsYZSpdjqkdbRnEphFsYihJvx2 zdaYx9uZSELMyZYhMu4BDa73ysHGXv85GBEtg/ZZ5QABZJQQU/Lgs2IaWycIIXEJF4r1 S0FFwcIWzAuryvD+dtuLfFH5VVAmJmn//gyKvyI3jrWJXk1Ta58Xj54hbJKYrxArP5Cx dYAzhN72DYIpNZ5svFEdHz3WeG7N6rOjanVjuZCH1cJ1zHKNFvz09cZFZm+H+mnyvh4f mSl/JwsMAgM9MzohmRg9Rf7OMPqvyraTocNuwapNyMebCWYuSzSFZU+s7okRMHMqUxxT 2Fcw==
X-Gm-Message-State: AOAM5325oVNpGVDexHB8QTSvmqYj4qxrMUFL57G8J6n5VDagID6Dy+IP A6oB+lO0w1UC0rQIkq9Pc3sVf9cvS1QB1c0Jn/3ZojC+mmQBznD+0Xv5G3MtLuQ1btlbtS/ZgIB 1kSzMRScb4dsvaE/eEnkn
X-Received: by 2002:a17:902:edc4:b0:151:5fbb:5f44 with SMTP id q4-20020a170902edc400b001515fbb5f44mr7224307plk.34.1646950819350; Thu, 10 Mar 2022 14:20:19 -0800 (PST)
X-Google-Smtp-Source: ABdhPJyPaDtMjsN8T9lRPp0PM3CSahBg5i3EnhkV2Ph6etaF5SUlJFI67gPahHcRuI3Q0eonxIlVjHqW6roJ0CQF/jg=
X-Received: by 2002:a17:902:edc4:b0:151:5fbb:5f44 with SMTP id q4-20020a170902edc400b001515fbb5f44mr7224263plk.34.1646950818799; Thu, 10 Mar 2022 14:20:18 -0800 (PST)
MIME-Version: 1.0
References: <AM5PR83MB03551FF7294607C44221E3F188099@AM5PR83MB0355.EURPRD83.prod.outlook.com> <F4FA7DD6-CE68-4853-98C6-31221777E937@nostrum.com> <314BE4BC-8987-41A8-9306-D3B3A950CCE9@chriswendt.net> <CA1747A5-70EF-4C26-A721-14D55D320663@nostrum.com> <MWHPR02MB2878748F5B0B2C97020060A8AC099@MWHPR02MB2878.namprd02.prod.outlook.com> <CAM7yphaxegpvuMQB_hLVG4qn+iXWfGb5_LRjVJ1vUPrxsZ-eqQ@mail.gmail.com> <C9C1FA84-B65F-4E59-BC46-ABF45C6A2731@chriswendt.net> <CAHBDyN7VUYEF2FWLb3+LPrxgBNCGcD6B_-7=K6pKOXje4ijf2g@mail.gmail.com> <CAM7yphZG7V2xO_yOHbTRL53B642Vz9mngJb=9idHvWwT-eWgpw@mail.gmail.com> <4EA3A4D4-11AB-4920-A0FD-A1DB0B07AA43@chriswendt.net> <CAHBDyN7X2t1iiZ7s0NaEgVt9uaPC2Bv0-52gkgfNX-qASuezFg@mail.gmail.com> <D19AD41B-D648-4553-8171-55EE76B9406F@chriswendt.net> <EA73A277-5493-4DC4-A7D6-D4A467A244AF@chriswendt.net> <CA+NjDsg76jd8J-WcDV4C=-PTbqV_8s3P=N6Gk5_sL0tyaxkMqA@mail.gmail.com> <6860E214-3504-4750-80AA-0B73972F93BB@chriswendt.net> <CA+NjDshi8P5GbWeGMbL62etXRz1f+BKmCCfqxJneyupjonDHrQ@mail.gmail.com> <B2BF40CE-DC3C-4786-880C-4825978C2909@chriswendt.net> <B10D720D-2790-4C08-B04B-EA61D798D7C5@chriswendt.net>
In-Reply-To: <B10D720D-2790-4C08-B04B-EA61D798D7C5@chriswendt.net>
From: "Dwight, Timothy M (Tim)" <timothy.dwight@verizon.com>
Date: Thu, 10 Mar 2022 16:20:02 -0600
Message-ID: <CA+NjDsg_05NVuZCpTPSfeOz=Jv=J_DPG_-86DoSEf8t3SsUs3Q@mail.gmail.com>
To: Chris Wendt <chris-ietf@chriswendt.net>
Cc: Mary Barnes <mary.ietf.barnes@gmail.com>, Ben Campbell <ben@nostrum.com>, David Hancock <davidhancock.ietf@gmail.com>, Jack Rickard <jack.rickard@microsoft.com>, "Holmes, David" <David.Holmes@t-mobile.com>, IETF STIR Mail List <stir@ietf.org>, "Peterson, Jon" <jon.peterson@team.neustar>
Content-Type: multipart/alternative; boundary="00000000000084765005d9e49e32"
X-mailroute: internal
X-Proofpoint-ORIG-GUID: Ec--SK2oNC2rgttEXF7RrII8B_x1y3Bo
X-Proofpoint-GUID: Ec--SK2oNC2rgttEXF7RrII8B_x1y3Bo
X-Proofpoint-Spam-Reason: orgsafe
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/vNR_95Vt5h4kcupo2XFSZTlN4mI>
Subject: Re: [stir] [E] RCD vs "div"
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2022 22:20:28 -0000

Yeah I get it.  Tools not services... IETF philosophy...

My question was motivated by the statement below in this thread, "what we
want to remove is the act of using an identity you haven’t proven you have
the right-to-use".  I wanted to understand if that's even possible.  I
think you have confirmed my understanding, that it is not.  At least, not
in the context of public telephone networks.

I also offered my understanding of what I believe we are trying to
achieve.  Namely, to hold your service provider accountable if it
indicates, on your behalf, an identity you are not authorized to use.

I suppose in another context we might let you assert your identity, sign it
yourself, and carry that end to end.  In that case we could hold YOU
responsible for the asserted identity.  There are some logistical
challenges with that but I think it could be made to work.  Maybe people
are working on that too, but I'm not.

I suppose I'm guilty of making this all about me (or at least, about the
context in which I am implementing S/S) :-)

tim

On Thu, Mar 10, 2022 at 3:48 PM Chris Wendt <chris-ietf@chriswendt.net>
wrote:

> I do recognize i am speaking a bit abstractly, but that is how we built
> the specs and how they relate.  STIR is the core protocols and PKI
> definition, SHAKEN is the set of specifications based on STIR, but with
> North American or maybe more generally telephone service provider
> deployment model in mind, where the SP represents the user with a telephone
> number vs. a private SIP deployment that might use STIR that may have a
> different deployment model.  So, we very intentionally do not want to build
> the base specs to address any telephone number usage policies or anything
> specific to a deployment.  Hopefully that explains things a bit better.
>
> So for a consumer to “prove” they have right to use a number, in North
> America and probably most place, you and I know that can’t happen in order
> to general STIR certificate base credentials to prove that.  The service
> provider can perhaps do that on a users behalf based on having the proper
> customer relationship, etc.  vetting/KYC whatever you want.  But in STIR
> specs, we don’t address any of this, very much intentionally.
>
> -Chris
>
> On Mar 10, 2022, at 4:37 PM, Chris Wendt <chris-ietf@chriswendt.net>
> wrote:
>
> STIR doesn’t address that, SHAKEN doesn’t even specifically address that
> quite yet, but we are talking about vetting/TN validation/KYC concepts that
> allow those types of use cases to be addressed in a way that is compatible
> with policies.
>
> -Chris
>
> On Mar 10, 2022, at 4:22 PM, Dwight, Timothy M (Tim) <
> timothy.dwight@verizon.com> wrote:
>
> Can't say as I understand that response.
>
> Would you answer my 2 questions differently than I did?
>
> tim
>
> On Thu, Mar 10, 2022 at 3:00 PM Chris Wendt <chris-ietf@chriswendt.net>
> wrote:
>
>> Hi Tim,
>>
>> I think you need to sort of separate the STIR concept of identity and the
>> SHAKEN concept of a specific implementation of STIR that is in the context
>> of policies and other things.  In SHAKEN, we assume a model that yes
>> consumers directly can’t assert their identity.  I think that is common
>> model, but i think STIR doesn’t assume any policy rather focuses on
>> protocol and PKI model.
>>
>> -Chris
>>
>> On Mar 10, 2022, at 2:04 PM, Dwight, Timothy M (Tim) <
>> timothy.dwight@verizon.com> wrote:
>>
>> OK, so then 2 questions.
>>
>>    1. How does a consumer (or their device) "prove" they have the right
>>    to use a number?  What "evidence" do they present, and to whom?
>>
>>    2. Who grants the consumer this "right"?  What form does the grant
>>    take?
>>
>>
>> I think they're silly questions because the answers are (1) they
>> can't, and (2) nobody.
>>
>> As I understand it, there is nothing "on the wire" that would prove such
>> a right-to-use was valid.  Instead we "implicitly trust" the identity in
>> the P-Asserted-Identity header.  If it's not a number the originating
>> device is authorized to use, the originating carrier made a mistake.  STIR
>> / SHAKEN provides a means to hold carriers responsible if they make such
>> mistakes.
>>
>> STIR / SHAKEN will not AFAIK stop a call from the furnace repairman
>> presenting as its CPN the toll free number of Home Depot's service center.
>> For that to happen, Home Depot had to have worked with their carrier to
>> provide the numbers of their technicians, and authorized their carrier to
>> modify the PAID header in this way.  The carrier should have "signed its
>> work" so if there's any question whether it was appropriate, we have an
>> audit trail.
>>
>> The interesting follow-on question is what RCD gets presented in such a
>> case.  ISTM it might combine information about Home Depot (e.g., address,
>> logo, hours) and information about the repairman (e.g., his name, what he
>> looks like, what kind of car he drives).  If that's a desired end result,
>> are there standards needed to make it possible?
>>
>> tim
>>
>>
>> On Thu, Mar 10, 2022 at 11:23 AM Chris Wendt <chris-ietf@chriswendt.net>
>> wrote:
>>
>>> Sorry, clarification “spoofing” and what we want to remove is the act of
>>> using an identity you haven’t proven you have the right-to-use.
>>>
>>> On Mar 10, 2022, at 12:21 PM, Chris Wendt <chris-ietf@chriswendt.net>
>>> wrote:
>>>
>>> This is an important concept we need to agree, “spoofing” is the act of
>>> saying who you are not.  STIR should eliminate that concept, you can only
>>> assert your own identity, not an identity you do not have the
>>> right-to-use.  So i would disagree with you.
>>>
>>> On Mar 10, 2022, at 11:33 AM, Mary Barnes <mary.ietf.barnes@gmail.com>
>>> wrote:
>>>
>>> We are trying to eliminate "illegal" spoofing. There is also legal
>>> spoofing that we shouldn't be eliminating.
>>>
>>> On Thu, Mar 10, 2022 at 10:10 AM Chris Wendt <chris-ietf@chriswendt.net>
>>> wrote:
>>>
>>>> Wouldn’t you essentially treat that as a new call with new caller-id
>>>> and start from scratch anyway?  I’m a bit afraid of any of this scenario
>>>> because it implies some sort of spoofing of the caller that we are trying
>>>> to eliminate with STIR in the first place.
>>>>
>>>> On Mar 9, 2022, at 5:58 PM, David Hancock <davidhancock.ietf@gmail.com>
>>>> wrote:
>>>>
>>>> Hi Mary -- comment on your following comment...
>>>>
>>>> "For example, there may be call forwarding scenarios where you want to
>>>> display the number for the first retargeting as the calling party and not
>>>> the original calling party."
>>>>
>>>> I vaguely remember hearing about call scenarios where the retargeting
>>>> identity is displayed to the called user, instead of or in addition to the
>>>> original calling identity. Are these cases documented anywhere?
>>>>
>>>> If the TSP is displaying the number for the first retargeting entity to
>>>> the called user instead of the original calling identity, then would there
>>>> be value in also being able to display rich call data associated with the
>>>> first retargeting entity? This gets back to my suggestion that an "rcd"
>>>> claim in a div PASSporT describes the rich call data of the "div" claim
>>>> identity. If there are legitimate scenarios where the "div" claim identity
>>>> becomes the calling identity, then maybe my suggestion has merit? Just want
>>>> to understand what we're leaving on/off the table with what we decide here.
>>>>
>>>> Thanks,
>>>> David
>>>>
>>>> On Wed, Mar 9, 2022 at 3:14 PM Mary Barnes <mary.ietf.barnes@gmail.com>
>>>> wrote:
>>>>
>>>>> Both Diversion Header and History-Info header have information as to
>>>>> why the call was diverted.  And, History-Info includes the type of retarget
>>>>> that is useful for some services.  There are services that can involve
>>>>> retargeting where the calling party number matters.  For example, there may
>>>>> be call forwarding scenarios where you want to display the number for the
>>>>> first retargeting as the calling party and not the original calling party.
>>>>> The whole purpose for Diversion and History-Info header fields is to
>>>>> provide information to services and there is not a single way they are
>>>>> handled by the called party.
>>>>>
>>>>> On Wed, Mar 9, 2022 at 2:14 PM Chris Wendt <chris-ietf@chriswendt.net>
>>>>> wrote:
>>>>>
>>>>>> No, the identity header is all about the calling party, should not
>>>>>> represent anything else. I think we even say that explicitly many times,
>>>>>> hopefully “div” specs donot imply that it represents anything besides the
>>>>>> fact that the call has been redirected from the original destination party.
>>>>>>
>>>>>> On Mar 9, 2022, at 2:44 PM, David Hancock <
>>>>>> davidhancock.ietf@gmail.com> wrote:
>>>>>>
>>>>>> Adding rich call data to a div PASSporT does seem to me to go above
>>>>>> and beyond the original intent of the div PASSporT RFC. However, if we
>>>>>> think someone might want to do this, then would it make sense to have a
>>>>>> rule that the rich call data in the "rcd" claim of a div PASSporT must be
>>>>>> associated with the "div" claim identity, not the "orig" claim identity.
>>>>>> The logic being – the div authentication service is authoritative for the
>>>>>> identity in the "div" claim, but has no relationship with the identity in
>>>>>> the "orig" claim. I’m not sure if this would be a useful capability; e.g.,
>>>>>> might there be a case where the diverting entity wants to provide its rich
>>>>>> call data to the diverted-to user? But in any case this would avoid
>>>>>> creating the situation where there is conflicting rcd info between an inner
>>>>>> PASSporT and the div PASSporT(s).
>>>>>>
>>>>>> On Tue, Mar 8, 2022 at 1:00 PM Holmes, David <
>>>>>> David.Holmes@t-mobile.com> wrote:
>>>>>>
>>>>>>> The bottom line is going to be which passport comes from the most
>>>>>>> trusted entity (from the perspective of the terminating carrier
>>>>>>> and/recipient) and/or which allows a better assessment of the caller’s
>>>>>>> reputation to be made (if needed).  Obviously issues way beyond scope of
>>>>>>> any SDO, but ripe for someone to create a relevant “Code of practice”.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> BR/David
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> *From:* stir <stir-bounces@ietf.org> *On Behalf Of * Ben Campbell
>>>>>>> *Sent:* Tuesday, March 8, 2022 9:29 AM
>>>>>>> *To:* Chris Wendt <chris-ietf@chriswendt.net>
>>>>>>> *Cc:* Peterson, Jon <jon.peterson@team.neustar>; Mary Barnes <
>>>>>>> mary.ietf.barnes@gmail.com>; Jack Rickard <
>>>>>>> jack.rickard@microsoft.com>; IETF STIR Mail List <stir@ietf.org>
>>>>>>> *Subject:* Re: [stir] RCD vs "div"
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> *[External]*
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Mar 8, 2022, at 11:24 AM, Chris Wendt <chris-ietf@chriswendt.net>
>>>>>>> wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I think putting “rcd” on a “div” identity header would be simply a
>>>>>>> fundamental misunderstanding of what “div” represents regarding the calling
>>>>>>> party identity.  I would hope we don’t need to spell that out.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I guess the real question is interoperability. If people think this
>>>>>>> is obvious enough that people won’t screw it up, I’m okay with it.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I’m not sure if this was your intention but i wouldn’t say there is
>>>>>>> an “explicit association with a chain of earlier PASSporTs”  I think
>>>>>>> the opposite is true, there is a relationship with orig and dest of
>>>>>>> PASSporT(s) and new destination of “div” PASSporTs.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I didn’t mean to imply any semantics to the association other than
>>>>>>> that the linkage exists. I guess two RCD passports with the same orig and
>>>>>>> dest would have the same association—which I guess supports Jack’s argument
>>>>>>> that there is nothing special about RCD in “div” passports.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Ben.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> -Chris
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Mar 8, 2022, at 12:11 PM, Ben Campbell <ben@nostrum.com> wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Hi Jack,
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I understand you could get multiple passports with RCD in them even
>>>>>>> without div, and have to figure out what to use. But since a “div” passport
>>>>>>> has an explicit association with a chain of earlier passports, I wonder
>>>>>>> what it would mean to put RCD claims in a “div” passport if an innermost
>>>>>>> passport already had RCD. That seems semantically different from getting
>>>>>>> two passports with RCD that are only related by the fact they are in the
>>>>>>> same INVITE request.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> A simple answer could be “don’t do that.”
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Thanks!
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Ben.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Mar 8, 2022, at 11:03 AM, Jack Rickard <
>>>>>>> jack.rickard@microsoft.com> wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I think you may be overcomplicating it: there’s nothing preventing
>>>>>>> you from putting 2 different valid RCD passports on the same call, so
>>>>>>> you’re going to have to be able to deal with conflicting RCD information no
>>>>>>> matter what. I believe the idea is that you just gather all of the RCD
>>>>>>> information you consider valid (which may have come from SHAKEN, RCD, or
>>>>>>> even DIV passports) and deal with it however you want to.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Given that I think the answers are:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Would a retargeted call inherit any RCD claims in the innermost
>>>>>>> passport?
>>>>>>>
>>>>>>> Yes, but the RCD claims would remain only in the innermost passport,
>>>>>>> the div passport won’t need them because the original passport is still
>>>>>>> valid.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> What happens if someone adds RCD claims to a “div” passport,
>>>>>>> especially if they conflict with any claims from earlier in the chain?
>>>>>>>
>>>>>>> You deal with however you see fit. I’d guess most people will have
>>>>>>> them take lower priority than the original ones but I’m not sure.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Is the answer the same for RCD passports vs other passport types
>>>>>>> with RCD claims?
>>>>>>>
>>>>>>> I don’t think there’s any real distinction between RCD information
>>>>>>> in RCD passports vs in any other type of passport.
>>>>>>>
>>>>>>>
>>>>>>> Jack
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> *From:* stir <stir-bounces@ietf.org> *On Behalf Of *Ben Campbell
>>>>>>> *Sent:* 08 March 2022 15:40
>>>>>>> *To:* Mary Barnes <mary.ietf.barnes@gmail.com>; Chris Wendt <
>>>>>>> chris-ietf@chriswendt.net>
>>>>>>> *Cc:* Peterson, Jon <jon.peterson@team.neustar>; IETF STIR Mail
>>>>>>> List <stir@ietf.org>
>>>>>>> *Subject:* [EXTERNAL] Re: [stir] RCD vs "div"
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I’m willing to believe that the RCD draft doesn’t need to talk about
>>>>>>> “div” passports. But just to check my understanding:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> - A “div” passport would not copy forward RCD claims from an inner
>>>>>>> passport. This is covered in RFC 8946, where it says no other claims are
>>>>>>> copied forward.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> - A single “div” passport can chain back to multiple inner passports
>>>>>>> with matching orig/dest, e.g. if you have a separate SHAKEN and RCD
>>>>>>> passport in the original INVITE request. Also covered in 8946.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> - Can we also assume that no one would ever add _new_ RCD claims to
>>>>>>> a “div” passport? That seems to make sense, but is it documented somewhere?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Thanks!
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Ben.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Mar 7, 2022, at 2:48 PM, Mary Barnes <mary.ietf.barnes@gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I would agree with that in general.  IMHO, we really need a call
>>>>>>> flow document to show examples of all of this.  I worked on one a long
>>>>>>> while back  (no RCD - it was focused on DIV) and no one was interested in
>>>>>>> progressing.
>>>>>>>
>>>>>>>
>>>>>>> https://www.ietf.org/archive/id/draft-barnes-stir-passport-div-hi-callflows-02.txt
>>>>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__nam02.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.ietf.org-252Farchive-252Fid-252Fdraft-2Dbarnes-2Dstir-2Dpassport-2Ddiv-2Dhi-2Dcallflows-2D02.txt-26data-3D04-257C01-257Cdavid.holmes-2540t-2Dmobile.com-257C11d4aa0d70ec4a7cfb7408da01292bef-257Cbe0f980bdd994b19bd7bbc71a09b026c-257C0-257C0-257C637823573598265762-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C3000-26sdata-3Dwp86b64trt9hVVKjAoA6MlBkeFZu8gpOshEWty7kjis-253D-26reserved-3D0&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=c_Kmr0d7wYbLjRgLlHhXDviBK0s0URNX8Rv57YMgUiA&m=GvnHPrfC3PsLJXplKXyXqK6mGtduWtTybUpETLN0oqjjin1oz9J9GUSgUqxIa1W5&s=zhMTOg29rgCq8KsjWnXyZ_582kT7zpmyLEmycFMOWtQ&e=>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> It's way too much work to do on my own.  But, if anyone is
>>>>>>> interested, let me know.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Regards,
>>>>>>>
>>>>>>> Mary.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Mar 7, 2022 at 2:32 PM Chris Wendt <
>>>>>>> chris-ietf@chriswendt.net> wrote:
>>>>>>>
>>>>>>> Hi Ben,
>>>>>>>
>>>>>>> I think the way i'd like to think about it is that “div” rules apply
>>>>>>> to all PASSporTs and you don’t need multiple “div”s if you have multiple
>>>>>>> PASSporT types.  So, to the extent possible i’d like to keep that line of
>>>>>>> distinction.  In other words, i’d prefer to not have to discuss all of the
>>>>>>> other PASSporT types in subsequent PASSporT type specifications to the
>>>>>>> extent possible.
>>>>>>>
>>>>>>> A simpler answer would be that i don’t believe “rcd” has any
>>>>>>> implications specific to “div” other than someone adding new “div”s and
>>>>>>> following the general rules.
>>>>>>>
>>>>>>> -Chris
>>>>>>>
>>>>>>> > On Mar 7, 2022, at 3:25 PM, Ben Campbell <ben@nostrum.com> wrote:
>>>>>>> >
>>>>>>> > Hi,
>>>>>>> >
>>>>>>> > (Apologies for bringing this up late in the process for RCD, but I
>>>>>>> just thought about it over the weekend.)
>>>>>>> >
>>>>>>> > Does the RCD passport draft need to talk about interactions with
>>>>>>> “div” passports?
>>>>>>> >
>>>>>>> > For example, would a retargeted call inherit any RCD claims in the
>>>>>>> innermost passport? What happens if someone adds RCD claims to a “div”
>>>>>>> passport, especially if they conflict with any claims from earlier in the
>>>>>>> chain? Is the answer the same for RCD passports vs other passport types
>>>>>>> with RCD claims?
>>>>>>> >
>>>>>>> > Thanks!
>>>>>>> >
>>>>>>> > Ben.
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> stir mailing list
>>>>>>> stir@ietf.org
>>>>>>> https://www.ietf.org/mailman/listinfo/stir
>>>>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__nam02.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.ietf.org-252Fmailman-252Flistinfo-252Fstir-26data-3D04-257C01-257Cdavid.holmes-2540t-2Dmobile.com-257C11d4aa0d70ec4a7cfb7408da01292bef-257Cbe0f980bdd994b19bd7bbc71a09b026c-257C0-257C0-257C637823573598265762-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C3000-26sdata-3DQx7nrpVtUpR52LwSr5fJ0HyD7RpUNOyFiXnzJwJlSqM-253D-26reserved-3D0&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=c_Kmr0d7wYbLjRgLlHhXDviBK0s0URNX8Rv57YMgUiA&m=GvnHPrfC3PsLJXplKXyXqK6mGtduWtTybUpETLN0oqjjin1oz9J9GUSgUqxIa1W5&s=Ny0S_IVz5OJQ3WTT8hBPOhB33PeNbOhnPye9sPWGB1g&e=>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> stir mailing list
>>>>>>> stir@ietf.org
>>>>>>> https://www.ietf.org/mailman/listinfo/stir
>>>>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__nam02.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.ietf.org-252Fmailman-252Flistinfo-252Fstir-26data-3D04-257C01-257Cdavid.holmes-2540t-2Dmobile.com-257C11d4aa0d70ec4a7cfb7408da01292bef-257Cbe0f980bdd994b19bd7bbc71a09b026c-257C0-257C0-257C637823573598265762-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C3000-26sdata-3DQx7nrpVtUpR52LwSr5fJ0HyD7RpUNOyFiXnzJwJlSqM-253D-26reserved-3D0&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=c_Kmr0d7wYbLjRgLlHhXDviBK0s0URNX8Rv57YMgUiA&m=GvnHPrfC3PsLJXplKXyXqK6mGtduWtTybUpETLN0oqjjin1oz9J9GUSgUqxIa1W5&s=Ny0S_IVz5OJQ3WTT8hBPOhB33PeNbOhnPye9sPWGB1g&e=>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> stir mailing list
>>>>>>> stir@ietf.org
>>>>>>> https://www.ietf.org/mailman/listinfo/stir
>>>>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_stir&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=c_Kmr0d7wYbLjRgLlHhXDviBK0s0URNX8Rv57YMgUiA&m=GvnHPrfC3PsLJXplKXyXqK6mGtduWtTybUpETLN0oqjjin1oz9J9GUSgUqxIa1W5&s=cGHwLGDrBZcVLymefoh2JE2UZ5Fv7EbQBMA1OXIhMhg&e=>
>>>>>>>
>>>>>>
>>>>>>
>>>>
>>>
>>> _______________________________________________
>>> stir mailing list
>>> stir@ietf.org
>>>
>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_stir&d=DwICAg&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=c_Kmr0d7wYbLjRgLlHhXDviBK0s0URNX8Rv57YMgUiA&m=GvnHPrfC3PsLJXplKXyXqK6mGtduWtTybUpETLN0oqjjin1oz9J9GUSgUqxIa1W5&s=cGHwLGDrBZcVLymefoh2JE2UZ5Fv7EbQBMA1OXIhMhg&e=
>>>
>>
>>
>
>

v2.23.0 | Report a Bug | By Email