Re: [stir] Benjamin Kaduk's No Objection on draft-ietf-stir-rph-03: (with COMMENT)

"Das, Subir" <sdas@appcomsci.com> Thu, 19 April 2018 18:17 UTC

Return-Path: <sdas@appcomsci.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFAAC12DA15; Thu, 19 Apr 2018 11:17:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hMo03mzX_Qnf; Thu, 19 Apr 2018 11:17:01 -0700 (PDT)
Received: from thumper.appcomsci.com (thumper.appcomsci.com [205.132.0.196]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3554E12DA28; Thu, 19 Apr 2018 11:16:59 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by thumper.appcomsci.com (Postfix) with ESMTP id EE5DA69512A; Thu, 19 Apr 2018 14:15:03 -0400 (EDT)
X-Virus-Scanned: by SpamTitan at appcomsci.com
Received: from thumper.appcomsci.com (localhost [127.0.0.1]) by thumper.appcomsci.com (Postfix) with ESMTP id 91641695123; Thu, 19 Apr 2018 14:15:03 -0400 (EDT)
Received: from bambi.appcomsci.com (bambi.appcomsci.com [192.4.5.54]) by thumper.appcomsci.com (Postfix) with ESMTPS id 74475695120; Thu, 19 Apr 2018 14:15:03 -0400 (EDT)
Received: from brg-exmb1.ats.atsinnovate.com (exch.appcomsci.com [192.4.5.112]) by bambi.appcomsci.com (8.14.4/8.13.4) with ESMTP id w3JIGv2J023164; Thu, 19 Apr 2018 14:16:57 -0400
Received: from RRC-ATS-EXMB2.ats.atsinnovate.com ([2002:c004:56a::c004:56a]) by brg-ats-exhb1.ats.atsinnovate.com ([fe80::fc05:b53:7f2b:84f9%18]) with mapi id 14.03.0389.001; Thu, 19 Apr 2018 14:16:57 -0400
From: "Das, Subir" <sdas@appcomsci.com>
To: Benjamin Kaduk <kaduk@mit.edu>, The IESG <iesg@ietf.org>
CC: "draft-ietf-stir-rph@ietf.org" <draft-ietf-stir-rph@ietf.org>, "Russ Housley" <rhousley@vigilsec.com>, "stir-chairs@ietf.org" <stir-chairs@ietf.org>, "rhousley@vigilsec.com" <rhousley@vigilsec.com>, "stir@ietf.org" <stir@ietf.org>
Thread-Topic: Benjamin Kaduk's No Objection on draft-ietf-stir-rph-03: (with COMMENT)
Thread-Index: AQHT14AKPiOjJFWsR0e2KEqxePTvUaQIWPCg
Date: Thu, 19 Apr 2018 18:16:47 +0000
Message-ID: <AAC987F0CC2C7845A9FBD8A36D52E12DCBD4702D@rrc-ats-exmb2.ats.atsinnovate.com>
References: <152410229195.28672.4848182467373812893.idtracker@ietfa.amsl.com>
In-Reply-To: <152410229195.28672.4848182467373812893.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.4.8.216]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/wG3YIly7WI65iRYluXeAYUap1ko>
Subject: Re: [stir] Benjamin Kaduk's No Objection on draft-ietf-stir-rph-03: (with COMMENT)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Apr 2018 18:17:03 -0000

Hello Benjamin,
Thanks for your review and comments. Please see the answers inline. 

Regards,
-Subir 

-----Original Message-----
From: Benjamin Kaduk <kaduk@mit.edu>; 
Sent: Wednesday, April 18, 2018 9:45 PM
To: The IESG <iesg@ietf.org>;
Cc: draft-ietf-stir-rph@ietf.org; Russ Housley <rhousley@vigilsec.com>;; stir-chairs@ietf.org; rhousley@vigilsec.com; stir@ietf.org
Subject: Benjamin Kaduk's No Objection on draft-ietf-stir-rph-03: (with COMMENT)

Benjamin Kaduk has entered the following ballot position for
draft-ietf-stir-rph-03: No Objection

When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-stir-rph/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

I support Ben's discuss.

Thank you for working with the secdir reviewer to address those comments; I think it will really improve the document.

SD>Thanks. 

In a similar vein, I wonder if this document would be easier to read if it used less formal description terms for protocol elements that are currently referred to by using the actual protocol element (with quotes around the name).  For example, "SIP resource priority header" instead of "'Resource-Priority' header field", or "priority indicator" instead of "'namespace"."priority value"'.

SD> We can update like this but earlier recommendation was to be consistent with RFC 4412 and we followed that. 

I'm a little confused why the new registry created in Section 6.2 is tied to the "resource priority header" (rph) name, when the discussion in Section 5 has some potential envisioned use cases that are broader than resource priority.

SD> . You are correct that Section 5 leaves the possibility of adding new value but when defined, this will be a new  type and will be registered under the same ppt value 'rph'.   For use cases other than resource priority, a new 'ppt' needs to be defined.   We will make it clear in Section 5, 1st paragraph last sentence as follows:

" The specification of the "rph" claim could entail the optional presence of one or more such additional information fields applicable to 'Resource Priority'."


As Ben notes, there are some stale references.  Please double-check the referred section numbers as well; in particular "Section 10.1 of [4474bis]" does not exist in the only February-2017 verions of that draft.

Section 7.2 uses "authority" in a couple of different senses; it might be easier on the reader to refer to the authority (protocol
participant) as being "authoritative for the content of [stuff] that it signs".

SD>  How about the following? 

The use of extension to PASSporT tokens with "ppt" value "rph" based on the validation of the digital signature and the associated certificate requires consideration of the authentication, authorization, and  reputation of the signer to attest to the identity being asserted. The following considerations should be recognized when using PASSporT extension with "ppt" value of "rph":

o A signer is only allowed to sign the content of a 'SIP Resource-Priority’ header field for which it has the right authority.  The signer  that signs the token MUST have a secure method for authentication of the end user or the device.