IETF Logo Mail Archive

Re: [stir] PASSPorT: "orig" and "dest" mandatory in all PASSPorTs?

Christer Holmberg <christer.holmberg@ericsson.com> Tue, 23 January 2018 21:19 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BE0E12D811 for <stir@ietfa.amsl.com>; Tue, 23 Jan 2018 13:19:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T56Og20hzdE2 for <stir@ietfa.amsl.com>; Tue, 23 Jan 2018 13:19:46 -0800 (PST)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6DC212D7FC for <stir@ietf.org>; Tue, 23 Jan 2018 13:19:45 -0800 (PST)
X-AuditID: c1b4fb30-d49ff70000006bc7-55-5a67a6efbfde
Received: from ESESSHC016.ericsson.se (Unknown_Domain [153.88.183.66]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id 14.50.27591.FE6A76A5; Tue, 23 Jan 2018 22:19:43 +0100 (CET)
Received: from ESESSMB109.ericsson.se ([169.254.9.195]) by ESESSHC016.ericsson.se ([153.88.183.66]) with mapi id 14.03.0352.000; Tue, 23 Jan 2018 22:19:43 +0100
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Chris Wendt <chris-ietf@chriswendt.net>
CC: "stir@ietf.org" <stir@ietf.org>
Thread-Topic: [stir] PASSPorT: "orig" and "dest" mandatory in all PASSPorTs?
Thread-Index: AdOUD2Hs8xoe1g8QQdeomV5MKsy8iwAdEZuAAAJpSWA=
Date: Tue, 23 Jan 2018 21:19:42 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B6C13B5EB@ESESSMB109.ericsson.se>
References: <7594FB04B1934943A5C02806D1A2204B6C13837A@ESESSMB109.ericsson.se> <41C6125A-C90A-4187-9B6E-267DAE44DF8B@chriswendt.net>
In-Reply-To: <41C6125A-C90A-4187-9B6E-267DAE44DF8B@chriswendt.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.150]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrOLMWRmVeSWpSXmKPExsUyM2K7k+77ZelRBkevGVtM/7Sb2WL52m1M DkweE/rWsHosWfKTKYApissmJTUnsyy1SN8ugSvj3Z/jbAULhCo+PV/N3MD4RLCLkZNDQsBE Yv7kVhYQW0jgMKNE/wPDLkYuIHsJo8T+e8+AEhwcbAIWEt3/tEFqRAS0JQ6faWAECTMLKEv8 220PEhYW8JbYt+oXC0SJj8SE73+YIWwriVXLVrGBlLMIqEr0fFQBCfMK+Eq8XLOXHWJTK6PE tnur2EFqOAWcJLZMlQGpYRQQk/h+ag0TiM0sIC5x68l8JoiLBSSW7DnPDGGLSrx8/I8VwlaS WLH9EtRlmhLrd+lDtCpKTOl+yA6xVlDi5MwnLBMYRWchmToLoWMWko5ZSDoWMLKsYhQtTi1O yk03MtJLLcpMLi7Oz9PLSy3ZxAiMjoNbfhvsYHz53PEQowAHoxIPb/aC9Cgh1sSy4srcQ4wS HMxKIrx5rEAh3pTEyqrUovz4otKc1OJDjNIcLErivCc9eaOEBNITS1KzU1MLUotgskwcnFIN jLafJW8/snCLbQp8oFt1ZGfPL8U784/fMa57KF6msPzcswWMXYk8mw4s3HC7bkXCPEFRlV9n N09nvcJuvZH90TVdQfWlAhIOFhnXVVnuaL1gV5kofO/5VPOAl0W17RNyt2jPOfWT8R1z4p+r 1TOP7Ukp3doka/my23LDvvPKhTyH6rtPvHqcPVuJpTgj0VCLuag4EQBCdRBuigIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/yErKcVA8q_1MCe_fjdmcQTPrWtU>
Subject: Re: [stir] PASSPorT: "orig" and "dest" mandatory in all PASSPorTs?
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jan 2018 21:19:47 -0000

Hi Chris,

>> Question for clarification:
>> 
>> Section 5.2.1 of draft-passport says:
>> 
>>       "There MUST be exactly one "orig" claim with exactly one identity claim object in a PASSporT object."
>> 
>> Q1: Does the text above mean that 
>> 
>>       a) a passport must always contain one, one only one, "orig" claim; or 
>>       b) that if a passport contains an "orig" claim, if can only contains one?
>
> It can only contain one key value pair with the key “orig” and the claim value can only be one identity.
>
> In other words you cannot claim to originate multiple identities with a single passport object.

Correct. The question is whether "orig" is mandatory (alternative a) or not (alternative b). But, based on your reply to Q2 below, I assume the answer is alternative a).

I think it would be good to make that more clear. 

>> Q2: If a), does it apply to passport extensions too?
>
> All extensions must include the base passport claims and follow all rules of the claims, so yes.

I think it should be more clear whether a node can modify claims or not when adding an extension, or whether an extension needs to explicitly allow it. Currently the text only says (AFAIK) that claims cannot be removed.

For example, if I have a base passport, and add an RPH passport, I assume I cannot change the value of the "dest" claim. I would need to use a divert claim for that.

Also, as the passports may be added and signed by different authorities, and as each passport will contain the base claims, it means that the base claims will be signed multiple times, and they may be signed by different authorities. I assume that is ok.

Regards,

Christer

v2.23.0 | Report a Bug | By Email