Secure Telephone Identity Credentials: Certificates
draft-ietf-stir-certificates-18
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2017-12-28
|
18 | Tero Kivinen | Closed request for Last Call review by SECDIR with state 'No Response' |
2017-12-20
|
18 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2017-12-19
|
18 | Cindy Morgan | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2017-12-18
|
18 | Sean Turner | New version available: draft-ietf-stir-certificates-18.txt |
2017-12-18
|
18 | (System) | New version approved |
2017-12-18
|
18 | (System) | Request for posting confirmation emailed to previous authors: Jon Peterson , Sean Turner |
2017-12-18
|
18 | Sean Turner | Uploaded new revision |
2017-12-18
|
17 | (System) | IANA Action state changed to No IC from Waiting on RFC Editor |
2017-12-18
|
17 | (System) | IANA Action state changed to Waiting on RFC Editor from Waiting on Authors |
2017-12-15
|
17 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2017-12-15
|
17 | (System) | IANA Action state changed to In Progress from RFC-Ed-Ack |
2017-12-15
|
17 | Cindy Morgan | IESG state changed to Approved-announcement sent from Approved-announcement to be sent |
2017-12-15
|
17 | Cindy Morgan | IESG has approved the document |
2017-12-15
|
17 | Cindy Morgan | Closed "Approve" ballot |
2017-12-15
|
17 | Cindy Morgan | Ballot approval text was generated |
2017-12-15
|
17 | Cindy Morgan | Ballot writeup was changed |
2017-12-14
|
17 | Cindy Morgan | IESG state changed to Approved-announcement to be sent::Revised I-D Needed from Waiting for AD Go-Ahead |
2017-12-14
|
17 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA - Not OK |
2017-12-14
|
17 | Sean Turner | New version available: draft-ietf-stir-certificates-17.txt |
2017-12-14
|
17 | (System) | New version approved |
2017-12-14
|
17 | (System) | Request for posting confirmation emailed to previous authors: Jon Peterson , Sean Turner |
2017-12-14
|
17 | Sean Turner | Uploaded new revision |
2017-12-14
|
16 | Alexey Melnikov | [Ballot Position Update] New position, Yes, has been recorded for Alexey Melnikov |
2017-12-13
|
16 | Spencer Dawkins | [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins |
2017-12-13
|
16 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2017-12-13
|
16 | Terry Manderson | [Ballot Position Update] New position, No Objection, has been recorded for Terry Manderson |
2017-12-13
|
16 | Eric Rescorla | [Ballot comment] Removing my discuss based on conversations with the authors |
2017-12-13
|
16 | Eric Rescorla | [Ballot Position Update] Position for Eric Rescorla has been changed to No Objection from Discuss |
2017-12-13
|
16 | Alia Atlas | [Ballot Position Update] New position, No Objection, has been recorded for Alia Atlas |
2017-12-13
|
16 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
2017-12-13
|
16 | Amanda Baber | IANA Review state changed to IANA - Not OK from Version Changed - Review Needed |
2017-12-13
|
16 | Warren Kumari | [Ballot Position Update] New position, No Objection, has been recorded for Warren Kumari |
2017-12-13
|
16 | Kathleen Moriarty | [Ballot comment] Thanks for your work on this draft! NIT: Section 4, bullet 4, RFC8017 is PKCS #1 v2.2, not v1.5. There are some other … [Ballot comment] Thanks for your work on this draft! NIT: Section 4, bullet 4, RFC8017 is PKCS #1 v2.2, not v1.5. There are some other mentions of v1.5, did you mean that or 2.2? 2.2 fixes a few problems, so I was glad to see that reference. |
2017-12-13
|
16 | Kathleen Moriarty | [Ballot Position Update] New position, Yes, has been recorded for Kathleen Moriarty |
2017-12-13
|
16 | Suresh Krishnan | [Ballot Position Update] New position, No Objection, has been recorded for Suresh Krishnan |
2017-12-13
|
16 | Ben Campbell | [Ballot Position Update] New position, Yes, has been recorded for Ben Campbell |
2017-12-12
|
16 | Eric Rescorla | [Ballot discuss] national policies. The count field is only applicable to start fields' whose values do not include "*" or "#" (i.e., a … [Ballot discuss] national policies. The count field is only applicable to start fields' whose values do not include "*" or "#" (i.e., a TelephoneNumber that does not include "*" or "#"). count never overflows a TelephoneNumber digit boundary (i.e., a TelephoneNumberRange with TelephoneNumber=10 with a count=91 will address numbers 10-99). This text doesn't seem very clear. When you say "never overflows a digit boundary" do you mean "doesn't extend the integer to the left"? Because you sure seem to be overflowing the 1s place here. Is the algorithm that you are given the input TN, Count, and TN consists D digits that the range is: MIN(TN + Count, 10^D - 1) That would be consistent with your example here, but I don't think consistent with your text. Or do you mean something else? |
2017-12-12
|
16 | Eric Rescorla | [Ballot Position Update] New position, Discuss, has been recorded for Eric Rescorla |
2017-12-12
|
16 | Alissa Cooper | [Ballot Position Update] New position, Yes, has been recorded for Alissa Cooper |
2017-12-12
|
16 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
2017-12-09
|
16 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA - Not OK |
2017-12-09
|
16 | Sean Turner | New version available: draft-ietf-stir-certificates-16.txt |
2017-12-09
|
16 | (System) | New version approved |
2017-12-09
|
16 | (System) | Request for posting confirmation emailed to previous authors: Jon Peterson , Sean Turner |
2017-12-09
|
16 | Sean Turner | Uploaded new revision |
2017-11-30
|
15 | (System) | RFC Editor state changed to AUTH48 from IESG |
2017-11-30
|
15 | (System) | IESG state changed to Waiting for AD Go-Ahead from In Last Call |
2017-11-26
|
15 | Sheng Jiang | Request for Last Call review by OPSDIR Completed: Has Nits. Reviewer: Sheng Jiang. Sent review to list. |
2017-11-21
|
15 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Sheng Jiang |
2017-11-21
|
15 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Sheng Jiang |
2017-11-18
|
15 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Klaas Wierenga |
2017-11-18
|
15 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Klaas Wierenga |
2017-11-16
|
15 | Joel Halpern | Request for Last Call review by GENART Completed: Ready. Reviewer: Joel Halpern. Sent review to list. |
2017-11-16
|
15 | (System) | IANA Review state changed to IANA - Not OK from Version Changed - Review Needed |
2017-11-16
|
15 | Amanda Baber | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Services Operator has completed its review of draft-ietf-stir-certificates-15. If any part of this review is inaccurate, please let … (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Services Operator has completed its review of draft-ietf-stir-certificates-15. If any part of this review is inaccurate, please let us know. We understand that upon approval of this document, we'll need to update existing references in the registries and complete one new action. However, we have a question about the new action. Please see below. First, upon approval of this document, for the registrations added to https://www.iana.org/assignments/smi-numbers after this document was initially approved (see Section 11.1), we will update the references to point to the document's most recent version number. Second, upon approval of this document, we will add the following registration to http://www.iana.org/assignments/media-types: application/tnauthlist [RFC-to-be] QUESTION: The template provided in Section 11.2 doesn't include the "Fragment Identifier considerations" or "Deprecated alias names for this type" fields that were added to the media type template in RFC 6838 (https://tools.ietf.org/html/rfc6838#section-5.6). Do these field need to be added? Note: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed. Thank you, Amanda Baber Lead IANA Services Specialist |
2017-11-16
|
15 | Jean Mahoney | Request for Last Call review by GENART is assigned to Joel Halpern |
2017-11-16
|
15 | Jean Mahoney | Request for Last Call review by GENART is assigned to Joel Halpern |
2017-11-16
|
15 | (System) | RFC Editor state changed to IESG from AUTH48 |
2017-11-16
|
15 | Adam Roach | Ballot has been issued |
2017-11-16
|
15 | Adam Roach | [Ballot Position Update] New position, Yes, has been recorded for Adam Roach |
2017-11-16
|
15 | Adam Roach | Created "Approve" ballot |
2017-11-16
|
15 | Adam Roach | Ballot writeup was changed |
2017-11-16
|
15 | Adam Roach | Telechat date has been changed to 2017-12-14 from 2016-11-03 |
2017-11-16
|
15 | Cindy Morgan | The following Last Call announcement was sent out (ends 2017-11-30): From: The IESG To: IETF-Announce CC: adam@nostrum.com, stir@ietf.org, Robert Sparks , draft-ietf-stir-certificates@ietf.org, … The following Last Call announcement was sent out (ends 2017-11-30): From: The IESG To: IETF-Announce CC: adam@nostrum.com, stir@ietf.org, Robert Sparks , draft-ietf-stir-certificates@ietf.org, stir-chairs@ietf.org, rjsparks@nostrum.com, br@brianrosen.net Reply-To: ietf@ietf.org Sender: Subject: Last Call: Changes to (Secure Telephone Identity Credentials: Certificates) to Proposed Standard The IESG has received a request from the Secure Telephone Identity Revisited WG (stir) to consider changes to the following document: - 'Secure Telephone Identity Credentials: Certificates' as Proposed Standard An earlier version of this document has already been approved for publication by the IESG. Subsequent to such approval, the STIR working group identified a small number of critically important omissions in the document, which this version addresses. This IETF last call is intended to solicit comments solely on the changes between the approved version and the current version. These changes can be found at: https://www.ietf.org/rfcdiff?url1=https://www.rfc-editor.org/authors/rfc8226.txt&url2=draft-ietf-stir-certificates-15 The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2017-11-30. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract In order to prevent the impersonation of telephone numbers on the Internet, some kind of credential system needs to exist that cryptographically asserts authority over telephone numbers. This document describes the use of certificates in establishing authority over telephone numbers, as a component of a broader architecture for managing telephone numbers as identities in protocols like SIP. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-stir-certificates/ The changes that are under review can be obtained via: https://www.ietf.org/rfcdiff?url1=https://www.rfc-editor.org/authors/rfc8226.txt&url2=draft-ietf-stir-certificates-15 IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-stir-certificates/ballot/ No IPR declarations have been submitted directly on this I-D. The document contains these normative downward references. See RFC 3967 for additional information: rfc7093: Additional Methods for Generating Key Identifiers Values (Informational - Independent Submission Editor stream) rfc3447: Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 (Informational - IETF stream) rfc5912: New ASN.1 Modules for the Public Key Infrastructure Using X.509 (PKIX) (Informational - IETF stream) Note that rfc8017 and rfc5912 are already listed in the acceptable Downref Registry. |
2017-11-16
|
15 | Cindy Morgan | IESG state changed to In Last Call from Last Call Requested |
2017-11-16
|
15 | Adam Roach | Last call was requested |
2017-11-16
|
15 | Adam Roach | IESG state changed to Last Call Requested from AD Evaluation |
2017-11-16
|
15 | Adam Roach | Last call announcement was changed |
2017-11-16
|
15 | Adam Roach | Last call announcement was generated |
2017-11-16
|
15 | Adam Roach | Running some changes through IETF LC again, per WG discussion. |
2017-11-16
|
15 | Adam Roach | IESG state changed to AD Evaluation from RFC Ed Queue |
2017-11-15
|
15 | Sean Turner | New version available: draft-ietf-stir-certificates-15.txt |
2017-11-15
|
15 | (System) | New version approved |
2017-11-15
|
15 | (System) | Request for posting confirmation emailed to previous authors: Jon Peterson , Sean Turner |
2017-11-15
|
15 | Sean Turner | Uploaded new revision |
2017-07-31
|
14 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2017-07-17
|
14 | (System) | RFC Editor state changed to RFC-EDITOR from REF |
2017-07-12
|
14 | (System) | RFC Editor state changed to REF from AUTH |
2017-07-07
|
14 | (System) | RFC Editor state changed to AUTH from EDIT |
2017-06-02
|
14 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2017-06-02
|
14 | (System) | IANA Action state changed to Waiting on RFC Editor from Waiting on Authors |
2017-06-02
|
14 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2017-06-02
|
14 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
2017-06-01
|
14 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2017-05-30
|
14 | (System) | IANA Action state changed to In Progress |
2017-05-30
|
14 | (System) | RFC Editor state changed to EDIT |
2017-05-30
|
14 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2017-05-30
|
14 | (System) | Announcement was received by RFC Editor |
2017-05-30
|
14 | Cindy Morgan | IESG state changed to Approved-announcement sent from Approved-announcement to be sent |
2017-05-30
|
14 | Cindy Morgan | IESG has approved the document |
2017-05-30
|
14 | Cindy Morgan | Closed "Approve" ballot |
2017-05-30
|
14 | Cindy Morgan | Ballot approval text was generated |
2017-05-30
|
14 | Cindy Morgan | Ballot writeup was changed |
2017-05-30
|
14 | Adam Roach | IESG state changed to Approved-announcement to be sent from IESG Evaluation::AD Followup |
2017-05-30
|
14 | Adam Roach | Ballot approval text was changed |
2017-05-30
|
14 | Adam Roach | RFC Editor Note was changed |
2017-05-30
|
14 | Adam Roach | RFC Editor Note was changed |
2017-05-30
|
14 | Adam Roach | RFC Editor Note for ballot was generated |
2017-05-30
|
14 | Adam Roach | RFC Editor Note for ballot was generated |
2017-05-09
|
14 | Sean Turner | New version available: draft-ietf-stir-certificates-14.txt |
2017-05-09
|
14 | (System) | New version approved |
2017-05-09
|
14 | (System) | Request for posting confirmation emailed to previous authors: Jon Peterson , Sean Turner |
2017-05-09
|
14 | Sean Turner | Uploaded new revision |
2017-05-03
|
13 | Alissa Cooper | Shepherding AD changed to Adam Roach |
2017-03-27
|
13 | Jon Peterson | New version available: draft-ietf-stir-certificates-13.txt |
2017-03-27
|
13 | (System) | New version approved |
2017-03-27
|
13 | (System) | Request for posting confirmation emailed to previous authors: Jon Peterson , Sean Turner |
2017-03-27
|
13 | Jon Peterson | Uploaded new revision |
2017-03-23
|
12 | Alexey Melnikov | [Ballot comment] Thank you for addressing my DISCUSS. The latest revision has introduced some minor errors which I don't think are intentional: 8. JWT Claim … [Ballot comment] Thank you for addressing my DISCUSS. The latest revision has introduced some minor errors which I don't think are intentional: 8. JWT Claim Constraints Syntax The subjects of certificates containing the JWT Claim Constraints certificate extension are specifies values for PASSporT claims that are permitted, values for PASSporT claims that are excluded, or both. The syntax of these claims is given in PASSporT; specifying new claims follows the procedures in [I-D.ietf-stir-passport] (Section 8.3). When a verifier is validating PASSporT claims, the JWT claim MUST contain permitted values, and MUST NOT contain excluded values. The non-critical JWT Claim Constraints certificate extension is included in the extension field of end entity certificates [RFC5280]. The extension is defined with ASN.1 [X.680][X.681][X.682] [X.683]. The above text lists "excluded" claims several times, but you removed excluded from the ASN.1: JWTClaimConstraint ::= SEQUENCE { claim IA5String, permitted SEQUENCE OF IA5String } So I think the text needs to be edited to be correct or you need to fix the ASN.1 In Section 9: ServiceProviderCodeList ::= SEQUENCE SIZE (1..3) OF IA%String Typo: IA5String |
2017-03-23
|
12 | Alexey Melnikov | [Ballot Position Update] Position for Alexey Melnikov has been changed to No Objection from Discuss |
2017-03-21
|
12 | Robert Sparks | Added to session: IETF-98: stir Thu-0900 |
2017-03-14
|
12 | Stephen Farrell | [Ballot comment] Thanks for handling my discuss points, esp about cert status. I think it'd be great if STIR prompted work to ensure better privacy … [Ballot comment] Thanks for handling my discuss points, esp about cert status. I think it'd be great if STIR prompted work to ensure better privacy for OCSP transactions as that'd be a useful mechanism (in addition to stapling) so I hope that the further work envisaged here happens in the not too distant future. |
2017-03-14
|
12 | Stephen Farrell | [Ballot Position Update] Position for Stephen Farrell has been changed to No Objection from Discuss |
2017-03-13
|
12 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2017-03-13
|
12 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed |
2017-03-13
|
12 | Jon Peterson | New version available: draft-ietf-stir-certificates-12.txt |
2017-03-13
|
12 | (System) | New version approved |
2017-03-13
|
12 | (System) | Request for posting confirmation emailed to previous authors: Jon Peterson , Sean Turner |
2017-03-13
|
12 | Jon Peterson | Uploaded new revision |
2017-01-25
|
11 | Stephen Farrell | [Ballot discuss] Sorry but I have a load of discuss points on this one. I don't think any of 'em are that hard though, except … [Ballot discuss] Sorry but I have a load of discuss points on this one. I don't think any of 'em are that hard though, except maybe one. (I'll let us all guess which one:-) (1) TN auth list services - IIUC, these are not free today. Is that correct? It's not clear to me that alternatives such as listing all good numbers inside a cert are practical. Did the WG have an explicit consensus that building in a requirement to have verifiers pay to be an effective RP is ok? If so, can you send a pointer to the list archive or minutes where that was agreed. If not, don't the WG need to explicitly ok that? (2) setion 8: you need to say more clearly exactly what the IA5String values in the extension map to in the JWT. I assume it's the field names but you don't say. You need to say if this extension can or needs to be critical. (3) section 9: you need to say whether this extension needs to be or can be critical and where in the cert path it's allowed to be and how to interpret things if >1 cert in the path has this extension (if that's allowed, and if it is, then complexity awaits us;-). (4) section 10: you need to pick one MTI method I think. Why is that wrong? You nearly, but not quite, do. Why not just do it? (5) section 10: don't you need to somehow define "short-lived"? That could be defined as an RP-configurable value, but even if so, I think you need to say that. Even if you do that, I'm not sure that an RP-configured value is right as short-lived certs, vs. not, puts a different burden on the signer and if the signer and RP have different ideas of what short-lived means, then interop failures seem likely. Bottom line for this point: what's a short lived cert? (6) section 10: as with short-lived, don't you need to define HVE? (7) section 10.2.1: Can OCSP be made use HTTPs here? If not, then you have the RP sending out the caller's TN in clear. That seems bad (cf. BCP188). Did the WG consider that? If this spec needs OCSP/HTTPs then I think you need to have a new MUST for that (it's uncommon or maybe never done?) and address the potential bootstrap issues. (But I didn't think those through - did the WG?) (new) moving this from 4474bis draft where it used to be - the authors say they want to fix it here: I think the ABNF conflicts with the E164Number definition in the 4474bis draft. |
2017-01-25
|
11 | Stephen Farrell | Ballot discuss text updated for Stephen Farrell |
2016-11-08
|
11 | Gunter Van de Velde | Closed request for Last Call review by OPSDIR with state 'No Response' |
2016-11-07
|
11 | Robert Sparks | Added to session: IETF-97: stir Wed-0930 |
2016-11-03
|
11 | Cindy Morgan | IESG state changed to IESG Evaluation::Revised I-D Needed from IESG Evaluation |
2016-11-03
|
11 | Amanda Baber | IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed |
2016-11-02
|
11 | Joel Jaeggli | [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli |
2016-11-02
|
11 | Spencer Dawkins | [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins |
2016-11-02
|
11 | Stephen Farrell | [Ballot discuss] Sorry but I have a load of discuss points on this one. I don't think any of 'em are that hard though, except … [Ballot discuss] Sorry but I have a load of discuss points on this one. I don't think any of 'em are that hard though, except maybe one. (I'll let us all guess which one:-) (1) TN auth list services - IIUC, these are not free today. Is that correct? It's not clear to me that alternatives such as listing all good numbers inside a cert are practical. Did the WG have an explicit consensus that building in a requirement to have verifiers pay to be an effective RP is ok? If so, can you send a pointer to the list archive or minutes where that was agreed. If not, don't the WG need to explicitly ok that? (2) setion 8: you need to say more clearly exactly what the IA5String values in the extension map to in the JWT. I assume it's the field names but you don't say. You need to say if this extension can or needs to be critical. (3) section 9: you need to say whether this extension needs to be or can be critical and where in the cert path it's allowed to be and how to interpret things if >1 cert in the path has this extension (if that's allowed, and if it is, then complexity awaits us;-). (4) section 10: you need to pick one MTI method I think. Why is that wrong? You nearly, but not quite, do. Why not just do it? (5) section 10: don't you need to somehow define "short-lived"? That could be defined as an RP-configurable value, but even if so, I think you need to say that. Even if you do that, I'm not sure that an RP-configured value is right as short-lived certs, vs. not, puts a different burden on the signer and if the signer and RP have different ideas of what short-lived means, then interop failures seem likely. Bottom line for this point: what's a short lived cert? (6) section 10: as with short-lived, don't you need to define HVE? (7) section 10.2.1: Can OCSP be made use HTTPs here? If not, then you have the RP sending out the caller's TN in clear. That seems bad (cf. BCP188). Did the WG consider that? If this spec needs OCSP/HTTPs then I think you need to have a new MUST for that (it's uncommon or maybe never done?) and address the potential bootstrap issues. (But I didn't think those through - did the WG?) |
2016-11-02
|
11 | Stephen Farrell | [Ballot comment] General - So a passport structure or SIP message can have a URI for the cert. And the cert can have URLs for … [Ballot comment] General - So a passport structure or SIP message can have a URI for the cert. And the cert can have URLs for OCSP and AIA and for a TN download service. That's potentially an awful lot of comms out of the RP to do STIR. Has someone put all that together into a usable assembly? If so, where's that documented? (To be open about it, I was more of a fan of the DKIM starting point for this work, but that's really just opinion, so this is definitely a non-blocking comment. I'd still be intersted in an answer though.) - section 5: "Assignees of E.164 numbering resources participating in this enrollment model should take appropriate steps to establish trust anchors." That's ambiguous. Do you mean they should establish a list of other folk's public keys they trust or that they should generate their key pair and get their public key on other folk's list of trust anchors? - section 7: What's the REQUIRED for EST about? That just seems wrong. - section 10: SCVP? Really? Does anyone do that? I'd say get rid of that text, it'll only cause grief. - section 10: "CRLs are an obviously attractive solution" hmm - s/obviously/initially/ would seem more accurate. - 10.2: last two paras are speculative - do they belong in a spec like this? If so, maybe re-word 'em so that they're not going to confuse an implementer? |
2016-11-02
|
11 | Stephen Farrell | [Ballot Position Update] New position, Discuss, has been recorded for Stephen Farrell |
2016-11-02
|
11 | Alia Atlas | [Ballot Position Update] New position, No Objection, has been recorded for Alia Atlas |
2016-11-02
|
11 | Kathleen Moriarty | [Ballot comment] Introduction: nit, Robocallers use impersonation as a means of obscuring identity; while robocallers can, in the ordinary PSTN, block (that … [Ballot comment] Introduction: nit, Robocallers use impersonation as a means of obscuring identity; while robocallers can, in the ordinary PSTN, block (that is, withhold) their caller identity, callees are less likely to pick up calls from blocked identities, and therefore appearing to calling from some number, any number, is preferable. s/appearing to calling/appearing to call/ Section 10.2.1: I'm wondering why SHA-1 is described as follows instaed of discouraged/not allowed ... o There is no requirement to support SHA-1, RSA with SHA-1, or DSA with SHA-1. I don't see any references to RFCs that update RFC5280, like RFC6818. It would be good to include these since 5280 is used for revocation methods mentioned. 6818 is for CRLs. |
2016-11-02
|
11 | Kathleen Moriarty | Ballot comment text updated for Kathleen Moriarty |
2016-11-02
|
11 | Ben Campbell | [Ballot Position Update] New position, Yes, has been recorded for Ben Campbell |
2016-11-02
|
11 | Suresh Krishnan | [Ballot Position Update] New position, No Objection, has been recorded for Suresh Krishnan |
2016-11-02
|
11 | Kathleen Moriarty | [Ballot comment] Introduction: nit, Robocallers use impersonation as a means of obscuring identity; while robocallers can, in the ordinary PSTN, block (that … [Ballot comment] Introduction: nit, Robocallers use impersonation as a means of obscuring identity; while robocallers can, in the ordinary PSTN, block (that is, withhold) their caller identity, callees are less likely to pick up calls from blocked identities, and therefore appearing to calling from some number, any number, is preferable. s/appearing to calling/appearing to call/ Section 10.2.1: I'm wondering why SHA-1 is described as follows instaed of discouraged/not allowed ... o There is no requirement to support SHA-1, RSA with SHA-1, or DSA with SHA-1. I don't see any references to RFCs that update RFC5280, like RFC6818. It would be good to include these when 5280 is used for revocation methods mentioned. 6818 is for CRLs. |
2016-11-02
|
11 | Kathleen Moriarty | [Ballot Position Update] New position, No Objection, has been recorded for Kathleen Moriarty |
2016-11-02
|
11 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
2016-11-02
|
11 | Ralph Droms | Request for Last Call review by GENART Completed: Ready. Reviewer: Ralph Droms. |
2016-11-02
|
11 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko |
2016-11-01
|
11 | Terry Manderson | [Ballot Position Update] New position, No Objection, has been recorded for Terry Manderson |
2016-11-01
|
11 | Mirja Kühlewind | [Ballot Position Update] New position, No Objection, has been recorded for Mirja Kühlewind |
2016-11-01
|
11 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2016-11-01
|
11 | Alexey Melnikov | [Ballot discuss] I have one small issue that I would like to discuss before recommending approval of this document: Reading Section 8 I was unable … [Ballot discuss] I have one small issue that I would like to discuss before recommending approval of this document: Reading Section 8 I was unable to figure out what are "claim", "permitted" and "excluded" and what exact syntaxes they use. I think this is underspecified. You are probably missing some references, examples or both. |
2016-11-01
|
11 | Alexey Melnikov | [Ballot comment] URI (RFC 3986), HTTP (RFC 7230) and HTTPS (RFC 2818) need to be Normative References. |
2016-11-01
|
11 | Alexey Melnikov | [Ballot Position Update] New position, Discuss, has been recorded for Alexey Melnikov |
2016-11-01
|
11 | Alissa Cooper | IESG state changed to IESG Evaluation from Waiting for Writeup |
2016-11-01
|
11 | Alissa Cooper | Ballot has been issued |
2016-11-01
|
11 | Alissa Cooper | [Ballot Position Update] New position, Yes, has been recorded for Alissa Cooper |
2016-11-01
|
11 | Alissa Cooper | Created "Approve" ballot |
2016-11-01
|
11 | Alissa Cooper | Ballot writeup was changed |
2016-11-01
|
11 | (System) | IESG state changed to Waiting for Writeup from In Last Call |
2016-10-31
|
11 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed |
2016-10-31
|
11 | Jon Peterson | New version available: draft-ietf-stir-certificates-11.txt |
2016-10-31
|
11 | (System) | New version approved |
2016-10-31
|
10 | (System) | Request for posting confirmation emailed to previous authors: "Sean Turner" , "Jon Peterson" |
2016-10-31
|
10 | Jon Peterson | Uploaded new revision |
2016-10-28
|
10 | Sabrina Tanamal | IANA Review state changed to IANA OK - Actions Needed from IANA - Not OK |
2016-10-27
|
10 | (System) | IANA Review state changed to IANA - Not OK from IANA - Review Needed |
2016-10-27
|
10 | Sabrina Tanamal | (Via drafts-lastcall-comment@iana.org): IESG/Authors/WG Chairs: The IANA Services Operator has completed its review of draft-ietf-stir-certificates-10.txt. If any part of this review is inaccurate, please let … (Via drafts-lastcall-comment@iana.org): IESG/Authors/WG Chairs: The IANA Services Operator has completed its review of draft-ietf-stir-certificates-10.txt. If any part of this review is inaccurate, please let us know. Upon approval of this document, we understand that there are four registry actions to complete. First, in the SMI Security for PKIX Certificate Extension subregistry in the Structure of Management Information (SMI) Numbers (MIB Module Registrations) registry located at: http://www.iana.org/assignments/smi-numbers/ two new values are to be registered as follows: Decimal: [ TBD-at-registration ] Description: id-ce-TNAuthList Reference: [ RFC-to-be ] Decimal: [ TBD-at-registration ] Description: id-ce-JWTClaimConstraints Reference: [ RFC-to-be ] As this is an Expert Review (see RFC 5226) registry, we will initiate the required review via a separate request. Approval by the expert is required for registration. Second, in the SMI Security for PKIX Online Certificate Status Protocol (OCSP) subregistry in the Structure of Management Information (SMI) Numbers (MIB Module Registrations) registry located at: http://www.iana.org/assignments/smi-numbers/ a single new value is to be registered as follows: Decimal: [ TBD-at-registration ] Description: id-pkix-ocsp-stir-tn Reference: [ RFC-to-be ] Again, as this is an Expert Review (see RFC 5226) registry, we will initiate the required review via a separate request. Approval by the expert is required for registration. Third, in the SMI Security for PKIX Access Descriptor subregistry of the Structure of Management Information (SMI) Numbers (MIB Module Registrations) registry located at: http://www.iana.org/assignments/smi-numbers/ a single new value is to be registered as follows: Decimal: [ TBD-at-registration ] Description: id-ad-stir-tn Reference: [ RFC-to-be ] Once again, expert review is required. Fourth, in the SMI Security for PKIX Module Identifier also in the Structure of Management Information (SMI) Numbers (MIB Module Registrations) registry located at: http://www.iana.org/assignments/smi-numbers/ a single new value is to be registered as follows: Decimal: [ TBD-at-registration ] Description: id-mod-tn-module Reference: [ RFC-to-be ] Once again, expert review is required. We understand that these are the only actions required to be completed upon approval of this document. Note: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed. Thank you, Sabrina Tanamal IANA Services Specialist PTI |
2016-10-27
|
10 | Tero Kivinen | Request for Last Call review by SECDIR Completed: Has Nits. Reviewer: Klaas Wierenga. |
2016-10-22
|
10 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Warren Kumari |
2016-10-22
|
10 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Warren Kumari |
2016-10-20
|
10 | Jean Mahoney | Request for Last Call review by GENART is assigned to Ralph Droms |
2016-10-20
|
10 | Jean Mahoney | Request for Last Call review by GENART is assigned to Ralph Droms |
2016-10-20
|
10 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Klaas Wierenga |
2016-10-20
|
10 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Klaas Wierenga |
2016-10-18
|
10 | Cindy Morgan | IANA Review state changed to IANA - Review Needed |
2016-10-18
|
10 | Cindy Morgan | The following Last Call announcement was sent out: From: The IESG To: "IETF-Announce" CC: alissa@cooperw.in, stir@ietf.org, "Robert Sparks" , draft-ietf-stir-certificates@ietf.org, stir-chairs@ietf.org, … The following Last Call announcement was sent out: From: The IESG To: "IETF-Announce" CC: alissa@cooperw.in, stir@ietf.org, "Robert Sparks" , draft-ietf-stir-certificates@ietf.org, stir-chairs@ietf.org, rjsparks@nostrum.com Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Secure Telephone Identity Credentials: Certificates) to Proposed Standard The IESG has received a request from the Secure Telephone Identity Revisited WG (stir) to consider the following document: - 'Secure Telephone Identity Credentials: Certificates' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2016-11-01. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract In order to prevent the impersonation of telephone numbers on the Internet, some kind of credential system needs to exist that cryptographically asserts authority over telephone numbers. This document describes the use of certificates in establishing authority over telephone numbers, as a component of a broader architecture for managing telephone numbers as identities in protocols like SIP. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-stir-certificates/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-stir-certificates/ballot/ No IPR declarations have been submitted directly on this I-D. The document contains this normative downward references. See RFC 3967 for additional information: rfc7093: Additional Methods for Generating Key Identifiers Values (Informational - Independent Submission Editor stream) rfc3447: Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 (Informational - IETF stream) rfc5912: New ASN.1 Modules for the Public Key Infrastructure Using X.509 (PKIX) (Informational - IETF stream) Note that rfc3447 and rfc5912 are already listed in the acceptable Downref Registry. |
2016-10-18
|
10 | Cindy Morgan | IESG state changed to In Last Call from Last Call Requested |
2016-10-18
|
10 | Alissa Cooper | Last call was requested |
2016-10-18
|
10 | Alissa Cooper | Ballot approval text was generated |
2016-10-18
|
10 | Alissa Cooper | Ballot writeup was generated |
2016-10-18
|
10 | Alissa Cooper | IESG state changed to Last Call Requested from Publication Requested |
2016-10-18
|
10 | Alissa Cooper | Last call announcement was changed |
2016-10-18
|
10 | Robert Sparks | 1. Summary draft-ietf-stir-certificates defines protocol and is intended for publication as Proposed Standard. From the abstract: In order to prevent the impersonation of telephone … 1. Summary draft-ietf-stir-certificates defines protocol and is intended for publication as Proposed Standard. From the abstract: In order to prevent the impersonation of telephone numbers on the Internet, some kind of credential system needs to exist that cryptographically asserts authority over telephone numbers. This document describes the use of certificates in establishing authority over telephone numbers, as a component of a broader architecture for managing telephone numbers as identities in protocols like SIP. This document is a component of a toolset for combating robocalling. In the US, the FCC is applying significant pressure to the industry to deter robocalling (with deadlines in the last part of 2016). An industry-led strike force is moving towards deployment of a solution that uses that toolset. The ATIS/SIP Forum IPNNI Task Force's SHAKEN solution relies on the toolset defined by STIR and profiles it for deployment in the North American market. 2. Review and Consensus This document has undergone heavy review. Interoperability testing at the SIPit in September identified issues leading to the introduction of the JWT Claim Constraints, shifting where LOA assertions are made. The document suite has been through three working group last calls, the third of which was abbreviated to one week. The first last call stimulated significant discussion, some of which was heated. 3. Intellectual Property The authors have each confirmed that any IPR they are aware of has been disclosed. There are no IPR disclosures currently registered for this document 4. Other Points There are three normative downreferences. Two (3447 and 5912) are already in the downref registry. The other, 7093, should be called out in IETF-LC. The document provides an ASN.1 module. The module was verified by Russ Housley and Sean Turner. The document requires several actions from IANA. They are concretely described in the document text. Note that the group intended to request pre-allocation of a few of the codepoints discussed there, but the pre-allocation request was not made. |
2016-10-18
|
10 | Robert Sparks | Responsible AD changed to Alissa Cooper |
2016-10-18
|
10 | Robert Sparks | IETF WG state changed to Submitted to IESG for Publication from In WG Last Call |
2016-10-18
|
10 | Robert Sparks | IESG state changed to Publication Requested |
2016-10-18
|
10 | Robert Sparks | IESG process started in state Publication Requested |
2016-10-18
|
10 | Robert Sparks | Intended Status changed to Proposed Standard from None |
2016-10-18
|
10 | Robert Sparks | Changed document writeup |
2016-10-18
|
10 | Robert Sparks | Notification list changed to "Robert Sparks" <rjsparks@nostrum.com> |
2016-10-18
|
10 | Robert Sparks | Document shepherd changed to Robert Sparks |
2016-10-18
|
10 | Jon Peterson | New version available: draft-ietf-stir-certificates-10.txt |
2016-10-18
|
10 | (System) | New version approved |
2016-10-18
|
09 | (System) | Request for posting confirmation emailed to previous authors: "Sean Turner" , "Jon Peterson" |
2016-10-18
|
09 | Jon Peterson | Uploaded new revision |
2016-10-18
|
09 | Alissa Cooper | Changed consensus to Yes from Unknown |
2016-10-18
|
09 | Alissa Cooper | Placed on agenda for telechat - 2016-11-03 |
2016-10-06
|
09 | Jon Peterson | New version available: draft-ietf-stir-certificates-09.txt |
2016-10-06
|
09 | (System) | New version approved |
2016-10-06
|
08 | (System) | Request for posting confirmation emailed to previous authors: "Sean Turner" , "Jon Peterson" |
2016-10-06
|
08 | Jon Peterson | Uploaded new revision |
2016-09-09
|
08 | Jon Peterson | New version available: draft-ietf-stir-certificates-08.txt |
2016-07-22
|
07 | Russ Housley | A two week WG Last Call for the STIR Certificates document started on 13 July 2016, and it will end on 27 July 2016. Ideally … A two week WG Last Call for the STIR Certificates document started on 13 July 2016, and it will end on 27 July 2016. Ideally major concerns will be raised quickly so that they can be tackled during IETF 96. |
2016-07-22
|
07 | Russ Housley | IETF WG state changed to In WG Last Call from WG Document |
2016-07-08
|
07 | Sean Turner | New version available: draft-ietf-stir-certificates-07.txt |
2016-07-07
|
06 | Robert Sparks | Added to session: IETF-96: stir Tue-1400 |
2016-07-06
|
06 | Sean Turner | New version available: draft-ietf-stir-certificates-06.txt |
2016-06-25
|
05 | Sean Turner | New version available: draft-ietf-stir-certificates-05.txt |
2016-05-27
|
04 | Russ Housley | Added to session: interim-2016-stir-1 |
2016-05-26
|
04 | Jon Peterson | New version available: draft-ietf-stir-certificates-04.txt |
2016-03-21
|
03 | Robert Sparks | Added to session: IETF-95: stir Thu-1620 |
2016-03-21
|
03 | Jon Peterson | New version available: draft-ietf-stir-certificates-03.txt |
2015-07-06
|
02 | Jon Peterson | New version available: draft-ietf-stir-certificates-02.txt |
2015-03-25
|
01 | Sean Turner | New version available: draft-ietf-stir-certificates-01.txt |
2014-10-23
|
00 | Jon Peterson | New version available: draft-ietf-stir-certificates-00.txt |