Re: [stir] AD Evaluation: draft-ietf-stir-passport-rcd
Chris Wendt <chris-ietf@chriswendt.net> Tue, 27 September 2022 13:58 UTC
Return-Path: <chris-ietf@chriswendt.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D9ECC1526FD for <stir@ietfa.amsl.com>; Tue, 27 Sep 2022 06:58:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=chriswendt-net.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3o-DxIpQ-k-f for <stir@ietfa.amsl.com>; Tue, 27 Sep 2022 06:58:36 -0700 (PDT)
Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35EF3C152567 for <stir@ietf.org>; Tue, 27 Sep 2022 06:58:36 -0700 (PDT)
Received: by mail-io1-xd2c.google.com with SMTP id q83so7779075iod.7 for <stir@ietf.org>; Tue, 27 Sep 2022 06:58:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chriswendt-net.20210112.gappssmtp.com; s=20210112; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date; bh=v5CqSd9vYGJIxNdkONRXno5eubt47qhz7OqXhOlv0FM=; b=YIiz5XNx9DF8fxS2GugMa4M846Af7qM1QnsvKUj1VYBtTBHwGTkzp3y5V4vn/jcBz8 GdtqmG7EE9OHZGmilfeFck6zHrUUZmgfZr2OLU9ZaiFZ/GOnyiQuhkgkBqQ56YYNYMyy 0IAZk7PGmhpRdBV5s3emygabqbTulDGG9UYqPFoLdfTw5VHlmvu6IJ3F0oK5DImumPsJ ZTYPRM9ufbn526rxkba3wQKaQ8xotdbgCrvwAGBwolUBJT3pG0t7NHhMYdcxw3QeC6bB 1YhLCNVi/4k/BG6Cf0NUPHw107AO/dl41aKKGcVtoe0i2gvOL1h3To2KRwiQdb6nuNCa 0B8A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date; bh=v5CqSd9vYGJIxNdkONRXno5eubt47qhz7OqXhOlv0FM=; b=WyBWVpDNzaMlrWThw5GArXSh/PNBJxlFmZcKxxK89GDuM9SCs0FDnjfz8w0VdAmMDb Mw3u1fNiAy8NRZxYBgye24fIrxXgPIDxCjsmuglYAjG8u5SnNoA+hI1bTYf1WkyJ589m JCvlpNqGLspMVonODJxt2GHsA5kcUFlZq0r2p1s9ubyIS9gu35djMDKUuM3KewqFfO07 e7zwCMBrsC7IVXtJlRFnvTj9A9esBq4x4E3Hghj/xnsuTu4g3xYNwjvjB8X4MZsIcrFK p4K8pZ4KHnmLvxlpI9cj8oSJR6u7mjWdOyqUmGR4+d5qnoSLcyEfJUSZEWpyeu+tsIF7 e/fQ==
X-Gm-Message-State: ACrzQf1XQMGMs83KlTAEnKOsIgI3ze+baYDWFXqP+16bU2sMav9txzV7 83FHlN78BqcITMq5csR8gWd4wmaFpM6nJJ6b
X-Google-Smtp-Source: AMsMyM4egDd9+ZJZWa66nqaK69IcPwU6CCO6cFWzpmZ6gdBborsxrGL7r3Dbq2kT+MCnXUJEC4hhXQ==
X-Received: by 2002:a05:6638:3e0b:b0:35a:25ff:bde4 with SMTP id co11-20020a0566383e0b00b0035a25ffbde4mr14057418jab.253.1664287115216; Tue, 27 Sep 2022 06:58:35 -0700 (PDT)
Received: from smtpclient.apple ([65.157.103.142]) by smtp.gmail.com with ESMTPSA id r16-20020a02aa10000000b0034ac4b215c3sm636215jam.102.2022.09.27.06.58.34 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Sep 2022 06:58:34 -0700 (PDT)
From: Chris Wendt <chris-ietf@chriswendt.net>
Message-Id: <CAF1994F-C8B7-495C-9D40-79FCA8AD5934@chriswendt.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_4E74E1EC-CB11-48DD-A7CF-FF66E735850F"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
Date: Tue, 27 Sep 2022 07:58:35 -0600
In-Reply-To: <CAL0qLwZpMY+Far0skD9K4hnBMcp=DmxPwR+pSzWNTY8dxXYf4g@mail.gmail.com>
Cc: IETF STIR Mail List <stir@ietf.org>
To: "Murray S. Kucherawy" <superuser@gmail.com>
References: <CAL0qLwZaKc20eNus1wSj_-Zjys9prm1+55Ergtr=QDNi3G-sZg@mail.gmail.com> <22207E7F-87E9-41F1-B08E-5745F07353B5@chriswendt.net> <CAL0qLwZpMY+Far0skD9K4hnBMcp=DmxPwR+pSzWNTY8dxXYf4g@mail.gmail.com>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/wFY8ajb2jqUFrvFDi2-oeeYnnrQ>
Subject: Re: [stir] AD Evaluation: draft-ietf-stir-passport-rcd
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2022 13:58:40 -0000
> On Sep 26, 2022, at 9:36 PM, Murray S. Kucherawy <superuser@gmail.com> wrote: > > On Mon, Sep 26, 2022 at 2:21 PM Chris Wendt <chris-ietf@chriswendt.net <mailto:chris-ietf@chriswendt.net>> wrote: > > How do we know that the reason placed in a "crn" claim is true? Could this be abused? If so, should this be called out in Section 13 or 18 (or somewhere else)? > > Section 8.1 was intended to address this use of constraints if the signer is “non-authoritative”. The general concept is that RCD information should be vetted by trusted participants in the eco-system. “crn” is a claim that i think we conceptually provide a bit more latitude with just because call reason may more generally be a more dynamic field, but there is nothing in the specification that doesn’t allow for an eco-system using this specification to mandate the use of constraints. This is a balance we have needed to support for most of the specs to allow for flexibility depending on use of the specs. > > I'm not sure I follow. The question I'm asking is: Is there anything stopping me from giving a false reason in a "crn" claim? Could I, for instance, claim the call is an emergency of some type and thus get you to answer when I'm actually just going to try to sell you something? The specific answer to your question is it depends on who “me” is. If the signer is “authoritative” and responsible for the vetting their own set of “rcd” claims, then yes they can lie about any of the claims, but generally if you do that, whether “crn” or telephone number or calling name, you can be identified as doing fraudulent things and depending on policy be kicked out of the eco-system. If there is a delegation relationship where the authority is providing certificates with constraints/integrity on what the delegated party can sign for in their “rcd” based on vetting of allowed “rcd” claims, than the constraints prevent the delegated party from putting in “crn” or other claims that contain false or fraudulent information. > If that's a risk, I think that should be explicit; it would be enough to say that there's no validation for what's in the "crn" claim (and couldn't possibly be). I guess what i’m saying in too many words is that “crn” follows the same trust model that all of the other claims follow in STIR, so if someone falsifies any information, it’s the signer and/or the authoritative vetter of the information that is responsible party. So, i guess i’m a little afraid of trying to state in any more explicit way that the trust model is different for “crn”, even though as i state above in my previous response that “crn” is likely to have more variations of text than other signed information and a little more burdensome if vetting/certificate generation is required. I think all of these things are decisions that have to be made on a eco-system/policy/implementation basis. But i think all of the rules for “rcd” more generally support the different security policies needed to either have explicit control over “crn” or other claims included in “rcd” PASSporT if required, or make it looser for other more trusted environments. Hopefully that makes it a bit clearer? It really is sort of the point of the different constraint and integrity options to enforce “rcd” information, so i want to make sure that its consistent for all information and we generally don’t treat any particular claims differently (at least that wasn’t the intent). > > [...] > > > For that matter, would ABNF be useful here? > > Likely would but we haven’t included it in other relevant specs, i would hate to add at last minute. > > I don't mind waiting if it's worth doing. :-) I think for this hyphen case you have called out, its straight forward enough from the description that i don’t need to include. The example is also pretty illustrative as well. > > Thanks for the rest, looks good. > > -MSK
- [stir] AD Evaluation: draft-ietf-stir-passport-rcd Murray S. Kucherawy
- Re: [stir] AD Evaluation: draft-ietf-stir-passpor… Chris Wendt
- [stir] STIR WG - PAY ATTENTION : Re: AD Evaluatio… Robert Sparks
- Re: [stir] AD Evaluation: draft-ietf-stir-passpor… Murray S. Kucherawy
- Re: [stir] STIR WG - PAY ATTENTION : Re: AD Evalu… Murray S. Kucherawy
- Re: [stir] AD Evaluation: draft-ietf-stir-passpor… Murray S. Kucherawy
- Re: [stir] AD Evaluation: draft-ietf-stir-passpor… Chris Wendt
- Re: [stir] AD Evaluation: draft-ietf-stir-passpor… pierce
- Re: [stir] AD Evaluation: draft-ietf-stir-passpor… Chris Wendt
- Re: [stir] AD Evaluation: draft-ietf-stir-passpor… pierce
- Re: [stir] AD Evaluation: draft-ietf-stir-passpor… Murray S. Kucherawy