[stir] Comments on draft-singh-stir-rph-00
Robert Sparks <rjsparks@nostrum.com> Fri, 16 June 2017 15:18 UTC
Return-Path: <rjsparks@nostrum.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 089EA129508 for <stir@ietfa.amsl.com>; Fri, 16 Jun 2017 08:18:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.881
X-Spam-Level:
X-Spam-Status: No, score=-1.881 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G0sEuBWlyMrX for <stir@ietfa.amsl.com>; Fri, 16 Jun 2017 08:18:12 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DB70124D85 for <stir@ietf.org>; Fri, 16 Jun 2017 08:18:12 -0700 (PDT)
Received: from unescapeable.local ([47.186.26.91]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id v5GFIAU1048338 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for <stir@ietf.org>; Fri, 16 Jun 2017 10:18:11 -0500 (CDT) (envelope-from rjsparks@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host [47.186.26.91] claimed to be unescapeable.local
To: stir@ietf.org
From: Robert Sparks <rjsparks@nostrum.com>
Message-ID: <0afe3f1a-92f8-4010-69a8-355fd50c1da1@nostrum.com>
Date: Fri, 16 Jun 2017 10:18:10 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.2.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/zZ9xR01hHKmLUHGWai2jiMmUY4c>
Subject: [stir] Comments on draft-singh-stir-rph-00
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jun 2017 15:18:14 -0000
1) I'm not sure why we need to the label "Resource-Priority" in
{"auth":"Resource-Priority: ets.0"}
Why isn't that simply
{"auth":"ets.0"}?
or
{"rp":"ets.0"}?
2) Clarify whether you are looking for the possibility that a different
authority signs this claim or if you're always expecting this claim to
be signed by the same authority as the base claims. If they can be
different (and we're talking separate passports), some additional
description of the verification logic is needed to help address
cut-paste attacks.
3) In section 4.2, is the implication that the compact form of passport
is not allowed when using this extension? If so, saying that explicitly
would be better.
4) Could you say more about the first bullet in 7.2 - it's not clear
it's salient to this particular spec?
5) (Minor thing, probably in the weeds) : Is there a use case in the
real world now where a user gets an enhanced priority, but is only
allowed to use it once? If so, this spec should call out that this
mechanism doesn't restrict the user to one call. They can call as many
times as they can send an INVITE within the acceptable iat window and
have the assertions check out. There will be out-of-protocol
consequences of course...
Nits:
The first paragraph of 7.1 has a sentence that doesn't parse starting at
"A uniqueness of the set"
Text two bullets look like they're repeating the base spec and probably
don't need to be here?
- [stir] Comments on draft-singh-stir-rph-00 Robert Sparks
- Re: [stir] Comments on draft-singh-stir-rph-00 DOLLY, MARTIN C