PASSporT Extension for Rich Call Data
draft-ietf-stir-passport-rcd-26

[Ballot comment]
Thank you for the work on this document.

Many thanks to Harald Alvestrand for his ART ART review: https://mailarchive.ietf.org/arch/msg/art/rylz9YIkzKVh0MS7zVQJnWTD5Tc/, and to the authors for addressing his comments.

[Ballot comment]
# Sec AD review of  draft-ietf-stir-passport-rcd-23

CC @paulwouters

See https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions
for more information about how to handle DISCUSS and COMMENT positions.

This review uses the format specified in https://github.com/mnot/ietf-comments/
which allows automated tools to process items (eg to produce github issues)

Please see Roman's raised issues. Additionally, I have a few very minor comments.

## Comments

### Section 8.3 example

the example there has a jCard with:

      ["org",{},"text","MI6;Q Branch Spy Gadgets"],

and a corresponding PASSporT claims object with:

    "nam": "Q Branch Spy Gadgets",

I wasn't sure if the org text and nam of the issuer needed to match here, so I just wanted to raise it in case this is a copy&paste error.

## odd modifier to 2119 language

I am not sure how to read:
```
        is likely NOT RECOMMENDED best practice.
```

It seems it should either not use RFC 2119 phrasing, or it should remove the
modifier "likely".

### NITS

[3GPP TS 24.229 v16.7.0] is not rendered into a proper reference

There is a few ways -> There are a few ways

Section 16 references "the IANA", instead of just "IANA".

[Ballot discuss]
** 5.*. Inconsistent requirements for URIs

-- icn: appears to be any URI per Section 5.1.3.  This would make gopher://, ftp://, https:// all equally valid.  These have different security characteristics.

-- jcd: per Section 5.1.4 “is intended to directly match the Call-Info header field value defined in [I-D.ietf-sipcore-callinfo-rcd].” Section 4 of that document says it “MUST define the use HTTPS or a transport that can validate the integrity of the source of the resource as well as the transport channel through which the resource is retrieved”.

-- jcl: is an HTTPS URL (per Section 5.1.5)

Why are these different?  Support different levels of transport security?

** Section 6. 
  Implementations MAY support additional algorithms, but MUST NOT
  support known weak algorithms such as MD5 or SHA-1. 

-- How would these additional algorithms names be canonicalized in a way that is interoperable?

-- How does one assess “known weak algorithms”?  What is the vetting process?

-- (COMMENT) Please provide references to MD5 and SHA-1.

** Section 6.*

-- Why is rcdi supported for elements that are protected by the signature (e.g., nam, apn, the whole jcd claim)?  Under what circumstance would it be used?

-- What would it mean for the rcdi to be invalid but the signature to be valid?

** Section 6.1.3.
  The use of
  digest for the "/jcd" corresponding to the entire jCard array string
  can be included as a redundant mechanism to avoid any possibility of
  substitution, insertion attacks, or other potential techniques that
  may be possible to avoid integrity detection.

What attacks are possible if there is NO digest for /jcd?  Under what circumstances is this redundancy necessary?

** Section 6.1.4.  To have parity between the jcd and jcl, the following additional guidance is needed in this section:
-- an integrity digest MUST be provided for the jcl
-- all URIs referenced in the jCard MUST also have an in integrity digest

** Section 5.1.1 and 8.  The specification of “nam” is ambiguous.
-- Section 5.1.1. which specifies the “nam” claim makes no mentions of RFC3261
-- Section 8 says “The key syntax of ‘nam’ follows the display-name ABNF given in [RFC3261].”

MUST ‘nam” conform to the ABNF of RFC3261?

** Section 8.2.  This section provides no guidance on how to handle rcdi values for non-URI values (e.g., nam)

** Section 8.2
  Consequently, if URIs with contents covered by integrity
  digests are passed to another entity, the corresponding integrity
  digest MUST also be included, for example by passing the PASSporT.
  Entities that pass on the content without the URI do not have to pass
  on the corresponding integrity digest.

What is the context for “passing” information?  Is that application specific behavior?  Why would one pass the URI+downloaded content as opposed to just the downloaded content?

** Section 8.2
  If there is any issue with completing the integrity verification
  procedures for referenced external content, including HTTP or HTTPS
  errors, the referenced content MUST be considered not verified. 

What is the operator supposed to do with data that is “not verified”?

** Section 9.1
  The re-construction of the "nam" claim, if using SIP protocol, should
  use the display-name string in the From header field. 

If the display-name isn’t used, how should the “nam” claim be reconstructed?

** Section 10.2
  This may include accepting a
  valid signature over a PASSporT even if it is signed with a
  credential that does not attest authority over the identity in the
  "orig" claim of the PASSporT, provided that the verification service
  has some other reason to trust the signer.  No further guidance on
  verification service authorization policy is given here.

I’m likely misunderstanding something in the STIR architecture.  Why is this text consistent with the validation practices of the first-party model.  This text seems to suggest that PASSports with arbitrary “orig”-s could be accepted regardless of the cryptographic based security mechanisms presented as the basis for the security model of this token.

** Section 10 and 11.  The iss value doesn’t appear to be consistently specified.
(a) Section 10.1 says “the value of "iss" however MUST reflect the Subject of the certificate used to sign a third-party PASSporT.”

(b) Section 10.1 depicts an example of ‘"iss":"Zorin Industries”’

-- Section 11 says “Therefore, third-party PASSporTs that carry "rcd" data MUST also carry an indication of the relationship of the generator of the PASSporT to the caller in the form of the "iss" claim.

The constraints of iss as described and depicted in (a) and (b) in Section 10.1 are not consistent with (c) in Section 11.  In what way is “Zorin Industries” suggesting the “relationship of the generator”?

** Section 12.2
  The general
  verification proceedures defined in Section 8.1 should be followed,
  but the following paragraphs describe some of the specifics needed to
  implement a verification service using the SIP protocol.

In additional to the Section 8.1 guidance, the guidance in Section 10.2 seems applicable too.

** Section 13.1
  The Verification service that receives the PASSporT, if it supports
  this specification and chooses to, should interpret the "rcd" claim
  as simply just an additional claim intended to deliver and/or
  validate delivered Rich Call Data.

Please be clear on what sections govern a “rcd” claim relevant here.  Is it just Section 5?

** Section 13.2.
  Protected Header
  {
      "alg":"ES256",
      "typ":"passport",
      "ppt":"shaken",
      "x5u":"https://cert.example.org/passport.cer"
  }


  A Verification Service that supports "rcd" and "shaken" PASSporT
  extensions is able to receive the above PASSporT and interpret both
  the "shaken" claims as well as the "rcd" defined claim.

The text states that both the “rcd” and “shaken” Passport extensions are being used.  However, in the “ppt” claim only “shaken” is being named.  Section 8.1 of RFC8225 states that “If it is necessary for an extension to PASSporT to require that a relying party support a particular extended claim or set of claims in the PASSporT object, it can do so by specifying a "ppt" element for the PASSporT JOSE Header.”  How is support for two simultaneous extensions supposed to be represented in the ppt header?

** Section 17.  Please discuss that the dereferencing of URIs will (a) depending on the scheme leak, information to an on-path attacker about the referenced content; and (b) provide the off-path hosting providing of the reference content some insight into the calling patterns.

** Section 17.
  The process of signing information contained in a "rcd" PASSporT,
  whether the identities, identifiers, alternate identities or
  identifiers, images, logos, physical addresses, or otherwise should
  follow some vetting process in which an authoritative entity should
  follow an appropriate consistent policy defined and governed by the
  eco-system using RCD and the STIR framework. 

The lack normative language and reliance on “should” seems to allow for no vetting and an inconsistent process with the RCD and STIR framework.  In my understanding of the STIR ecosystem this would violate a basic premise of the ecosystem

** Section 17.
(a) The use of JWTClaimConstraints, a mechanism defined in [RFC8226] and
  extended in [RFC9118] to constrain any of the RCD information in the
  public certificate by including that information in the certificate,
  depending on the availability in the deployment of the PKI system,
  may present a privacy issue.
(b) The use of "rcdi" claim and digests for
  representing JWT claim contents is RECOMMENDED for the prevention of
  the exposure of that information through the certificates which are
  often publically accessible and available.

-- Per (a), please explicitly state what that privacy issue might be.  Is it that the claim constraints might encode sensitive permittedValues?  Is the existence of claims sensitive?

-- Per (b), in what way does rcdi/digest “represent JWT claim content” and prevent exposure of information in the certificate?

[Ballot comment]
Thank you to Vincent Roca for the SECDIR review

** This document makes multiple normative dependencies to draft-ietf-sipcore-callinfo-rcd.  While this document has been adopted by SIPCORE, it appears to have expired multiple times.  Is it expected to complete?  Is there acceptable risk here?  Is the reference stable enough to publish this document (and let it sit in the MISREF queue)?

** Section 1.  Editorial.

As such, based on some use-cases, this document extends ...

What use cases are being referenced here?

** Section 4.
  This document defines a mechanism
  that allows for a direct or indirect party that controls the policy ...

Should “controls the policy” be “enforces the policy” to distinguish between the entity that might define it and those that might implement it (but can’t change it)?

** Section 4. 
  The RCD integrity mechanism is
  a process of generating a sufficiently strong cryptographic digest
  for each resource ...

Is there anything to read into saying “sufficiently strong cryptographic digest” instead of just “cryptographic digest”?  Is there some gradient of security being suggested?

** Section 5.1.2

  How the signer determines
  that a user is authorized to present the number in question is a
  policy decision outside the scope of this document, however, the
  vetting of the alternate presentation number should follow the same
  level of vetting as telephone identities or any other information
  contained in an "rcd" PASSporT or "rcd" claims. 

Is this text implicitly saying that the apn value needs to be in the TNAuthList of the signing certificate so that the verifier can validated that this is a legitimate apn?  Otherwise, can’t arbitrary apn values be included and the verifier wouldn’t know.

** Section 5.1.3.

  Note that [I-D.ietf-sipcore-callinfo-rcd] extends the specific usage
  of "icon" in SIP in the context of the larger rich call data
  framework with specific guidance on referencing images and image
  types, sizes and formats.

In what way does this guidance constrain the definition of “icn”?  I’m not sure why this text is here.

** Section 5.1.5.  Mixing normative language is confusion.  Recommend:
OLD
  The
  "jcd" or "jcl" keys MAY only appear once in the "rcd" claim but MUST
  be mutually exclusive.

NEW
Either a “jcd" or "jcl" MAY appear in the “rcd” claim, but not both.

** Section 6.  The SHA2 algorithms need a normative reference

** Section 6.
  The values of each key/value pair consists of a digest across either
  the direct values or indirectly referenced resources

Consider restating this to cover there being three instances of what rcdi provides a digest for: content inline to the token; the content of a resource specified by an inline URI in the token; and the content of a resource specified by a URI that is in embedded in content specified by an inline URI (i.e., jcl).

** Section 6.1.2
  If the URI references externally linked
  content there would need to be a JSON pointer and digest entry for
  the content in that linked resource.

Is this the same as saying “If the URI references externally linked content there MUST be a JSON pointer ...”?  Please be explicit.

** Section 6.1.2
  ...the JSON pointer string would be "/icn" and the
  digest string would be created using the image file data following
  the rules of JSON pointer

What JSON pointer rules?  Section 6.1 states that “For any URI referenced content, the bytes of the body of the HTTP response is the input for the hash function”?

** Section 6.1.2
  Even though this is probably not the
  typical case, an "rcdi" JSON pointer or integrity digest

Why is it a “JSON pointer _or_ integrity digest”?  What would the JSON be used for if not for the digest?  How would there be a digest without a pointer?

** Section 6.1.2
  However, even though the direct value can be protected by the
  signature and can be constrained directly with JWTClaimConstraints,
  since the length of the image data is likely much larger than the
  integrity digest, the use of the "rcdi" JSON pointer and integrity
  digest as the constraint value in JWTClaimConstraints over the image
  data is RECOMMENDED.

What does the length of the image data have to do with whether the rcdi is used or not?

** Section 6.2.  Editorial.
  The "permittedValues" for the "rcd" claim can contain a single entry
  or optionally contain multiple entries with the intent of supporting
  cases where the certificate holder is authorized to use different
  sets of rich call data corresponding to different call scenarios.

Please re-write this section using RFC2119 keywords to make it clear on the normative guidance.

** Section 7.1. 
-- What is an “authoritative certificate creator” as opposed to a issuer?

-- Integrity is being used here in a way that is different than how it is presented in the document.  I recommend explicitly describing that this is about constraining the behavior of the entity that is generating the claim rather than an attacker.

** Section 8.1.  Per “it has a valid signature”, where is the guidance on what constitutes a valid signature.  Is that a simple JWT process?

** Section 8.1.  Per “it abides by all rules set forth in the proper construction of the claims”, please specify what sections define that proper construction.

** Section 12.1
  Note that the information that is included in
  a signed PASSporT is RECOMMENDED to be vetted by an entity that is
  authoritative over determining the accuracy of that information, so
  how that information is received by the authentication service is
  important and the use of Call-Info as a source of RCD information on
  the authentication side is likely NOT RECOMMENDED best practice.

Can this sentence be restated?  The guidance isn't clear. 

** Section 13.  It isn’t clear what additional guidance is being provided to implementers using the rcd passport.  Specifically:

  Note: There is one very important caveat to this capability, because
  generally if there is URI referenced content in an "rcd" PASSporT
  there is often the requirement to use "rcdi" and JWT Claims
  Constraints.  So, it is important for the user of this specification
  to recognize that the certificates used should include the necessary
  JWT Claims Constraints for proper integrity and security of the
  values in the "rcd" claim incorporated into PASSporTs that are not
  "rcd".

-- The use of rcdi is required in some cases, here it is suggested that “often” there is such a requirement

-- it isn’t clear under what circumstances the JWT Claim Constraints should be used

** Section 16.3.  Per “Any new registrations should consist only of a name and a reference document”, does this mean that this is a two column registry with column1 = “Name” and column2 = “Reference Document”?  For consistency other PASSport registries seem to have column2 = “Reference”.  Recommend being explicit.

** Section 17.  Are there best practices around handling URLs covered in Section 7 of RFC3986?

** From idnits:
== The document seems to lack the recommended RFC 2119 boilerplate, even if
    it appears to use RFC 2119 keywords.

    (The document does seem to have the reference to RFC 2119 which the
    ID-Checklist requires).
  -- The exact meaning of the all-uppercase expression 'MAY NOT' is not
    defined in RFC 2119.  If it is intended as a requirements expression, it
    should be rewritten using one of the combinations defined in RFC 2119;
    otherwise it should not be all-uppercase.

  == The expression 'MAY NOT', while looking like RFC 2119 requirements text,
    is not defined in RFC 2119, and should not be used.  Consider using 'MUST
    NOT' instead (if that is what you mean).
   
    Found 'MAY NOT' in this paragraph:
   
    The jCard object value for "jcd" MUST be a jCard JSON object that
    MAY have URI referenced content, but that URI referenced content MAY NOT
    further reference URIs.  Future specifications may extend this
    capability, but as stated in [I-D.ietf-sipcore-callinfo-rcd] it
    constrains the security properties of RCD information and the integrity
    of the content referenced by URIs.

  == The expression 'MAY NOT', while looking like RFC 2119 requirements text,
    is not defined in RFC 2119, and should not be used.  Consider using 'MUST
    NOT' instead (if that is what you mean).
   
    Found 'MAY NOT' in this paragraph:
   
    The jCard object referenced by the URI value for "jcl" MUST be a
    jCard JSON object that MAY have URI referenced content, but that URI
    referenced content MAY NOT further reference URIs.  Future specifications
    may extend this capability, but as stated in
    [I-D.ietf-sipcore-callinfo-rcd] it constrains the security properties of
    RCD information and the integrity of the content referenced by URIs.



  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

  ** Obsolete normative reference: RFC 7159 (Obsoleted by RFC 8259)

[Ballot comment]
Thanks for this document, it seems thorough and well-written, as far as this non-expert can tell. I have just a few nit-level things to mention.

1. In Section 4, "This mechanism is inspired by and based on the W3C Subresource Integrity specification (http://www.w3.org/TR/SRI/)." Instead of listing the URL inline, that seems like it really should be a reference.

2. Section 4, first paragraph, "what data is allowed to be used". Shouldn't that be "data are"? (I said these were nits...)

3. Section 4, last para, "The third and fourth mode cover cases", should be "modes".

That's it. Yours for agreement in number.

[Ballot comment]

# Éric Vyncke, INT AD, comments for draft-ietf-stir-passport-rcd-23
CC @evyncke

Thank you for the work put into this document.

Please find below some non-blocking COMMENT points (but replies would be appreciated even if only for my own education), and some nits.

Special thanks to Russ Housley for the shepherd's detailed write-up including the WG consensus *but* the justification of the intended status is missing.

Other thanks to Florian Obser for the DNS directorate Last Call review: https://mailarchive.ietf.org/arch/msg/dnsdir/Fv-pKTtPyHLVXYDD2phBfvab9nc/ Thank you, Chris, for your reply on the mailing list.

I hope that this review helps to improve the document,

Regards,

-éric

## COMMENTS

### MAY NOT

As indicated by idnits:
```
    The expression 'MAY NOT', while looking like RFC 2119 requirements text,
    is not defined in RFC 2119, and should not be used.
```

### Section 1

`In this document, we utilize` suggest not to use the first person when writing a specification.

### Section 5.1.1 and 3GPP Releases

Rather than "3GPP TS 24.229 v16.7.0", should 3GPP release v17 be used ?

### Section 5.1.3

Suggest to use "https://wwww.example.com/alice/photo.jpg" rather than "http://wwww.example.com/alice/photo.jpg", i.e., use HTTPS as in other examples.

### Section 6

Suggest to provide a reference either to the NIST specification or to the different SHA variations.

Should there be a registry for all those algorithms in order to facilitate interoperation  ? (to be honest, I hesitated to ballot a DISCUSS on this point)

### Section 6.1.3

I love your James Bond's example ;-)

### Section Shocking !

Alas, there is no April 1st DISCUSS else I would have balloted a DISCUSS on "Her Majesty" as it is now "His Majesty" ;-) ;-)

## NITS

### Section 1

Even if "JWT" is in the list of accepted abbreviations by the RFC editor, it may be worth to expand it at first use. Same for "STIR" (or use "STIR WG") ;-)

Also in this section there is at least one sentence that is 7 lines long... this does not help the readability of the document. It also occurs in multiple places in the I-D.

### E.g.

AFAIK, "e.g." is always followed by a comma. Same for "i.e.".

## Notes

This review is in the ["IETF Comments" Markdown format][ICMF], You can use the
[`ietf-comments` tool][ICT] to automatically convert this review into
individual GitHub issues.

[ICMF]: https://github.com/mnot/ietf-comments/blob/main/format.md
[ICT]: https://github.com/mnot/ietf-comments

(Via drafts-lastcall-comment@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has completed its review of draft-ietf-stir-passport-rcd-21. If any part of this review is inaccurate, please let us know.

The IANA Functions Operator understands that, upon approval of this document, there are three actions which we must complete.

First, in the JSON Web Token Claims registry on the JSON Web Token (JWT) registry page located at:

https://www.iana.org/assignments/jwt/

three, new registrations are to be registered as follows:

Claim Name: "rcd"
Claim Description: Rich Call Data Information
Change Controller: IESG
Specification Document(s): [ RFC-to-be ]

Claim Name: "rcdi"
Claim Description: Rich Call Data Integrity Information
Change Controller: IESG
Specification Document(s): [ RFC-to-be ]

Claim Name: "crn"
Claim Description: Call Reason
Change Controller: IESG
Specification Document(s): [ RFC-to-be ]

Because this registry requires Expert Review [RFC8126] for registration, we've contacted the IESG-designated expert in a separate ticket to request approval. Expert review should be completed before your document can be approved for publication as an RFC.

IANA Question --> Would it be acceptable to list the IETF as the change controller for the JWT registrations instead of the IESG? There has been a preference for doing so, as described in the expired document at https://datatracker.ietf.org/doc/html/draft-leiba-ietf-iana-registrations-00, but it hasn\u2019t been recorded in a permanent document yet.

Second, in the Personal Assertion Token (PASSporT) Extensions registry on the Personal Assertion Token (PASSporT) registry page located at:

https://www.iana.org/assignments/passport/

a single, new registration will be made as follows:

ppt value: rcd
Reference: [ RFC-to-be ]

Because this registry also requires Expert Review [RFC8126] for registration, we've contacted the IESG-designated expert in a separate ticket to request approval. Expert review should be completed before your document can be approved for publication as an RFC.

Third, a new registry is to be created called the PASSporT RCD types registry. The new registry will be located on the Personal Assertion Token (PASSporT) registry page located at:

https://www.iana.org/assignments/passport/

The new registry will have a registration procedure of Specification Required as defined in RFC8126. There are five, initial registrations in the new registry as follows:

RCD Type Reference
--------+-------------
nam [ RFC-to-be ]
apn [ RFC-to-be ]
icn [ RFC-to-be ]
jcd [ RFC-to-be ]
jcl [ RFC-to-be ]

The IANA Functions Operator understands that these three actions are the only ones required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

For definitions of IANA review states, please see:

https://datatracker.ietf.org/help/state/draft/iana-review

Thank you,

David Dong
IANA Services Specialist

The following Last Call announcement was sent out (ends 2022-10-12):

From: The IESG
To: IETF-Announce
CC: draft-ietf-stir-passport-rcd@ietf.org, housley@vigilsec.com, stir-chairs@ietf.org, stir@ietf.org, superuser@gmail.com
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (PASSporT Extension for Rich Call Data) to Proposed Standard


The IESG has received a request from the Secure Telephone Identity Revisited
WG (stir) to consider the following document: - 'PASSporT Extension for Rich
Call Data'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2022-10-12. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  This document extends PASSporT, a token for conveying
  cryptographically-signed call information about personal
  communications, to include rich meta-data about a call and caller
  that can be signed and integrity protected, transmitted, and
  subsequently rendered to the called party.  This framework is
  intended to include and extend caller and call specific information
  beyond human-readable display name comparable to the "Caller ID"
  function common on the telephone network and is also enhanced with a
  integrity mechanism that is designed to protect the authoring and
  transport of this information for different authoritative use-cases.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-stir-passport-rcd/



No IPR declarations have been submitted directly on this I-D.

Shepherd Write-up for draft-ietf-stir-passport-rcd-20


(1) Does the working group (WG) consensus represent the strong
concurrence of a few individuals, with others being silent, or did it
reach broad agreement?

  There is broad support for this document in the STIR WG.

(2) Was there controversy about particular points, or were there
decisions where the consensus was particularly rough?

  When work began on this document, the was some controversy about the
  integrity mechanism, bur consensus emerged for the solution in the
  document.  No one spoke against this approach for over two years.
 
(3) Has anyone threatened an appeal or otherwise indicated extreme
discontent?  If so, please summarize the areas of conflict in separate
email messages to the responsible Area Director.  (It should be in a
separate email because this questionnaire is publicly available.)

  No one has threatened an appeal or indicated extreme discontent.

(4) For protocol documents, are there existing implementations of the
contents of the document?  Have a significant number of potential
implementers indicated plans to implement?  Are any existing
implementations reported somewhere, either in the document itself (as
RFC 7942 recommends) or elsewhere (where)?

  Many people have expressed an intention implement this document.

(5) Does this document need review from other IETF working groups or
external organizations?  Have those reviews occurred?

  None needed.

(6) Describe how the document meets any required formal expert review
criteria, such as the MIB Doctor, YANG Doctor, media type, and URI type
reviews.

  None needed.

(7) If the document contains a YANG module, has the final version of the
module been checked with any of the recommended validation tools for
syntax and formatting validation?  If there are any resulting errors or
warnings, what is the justification for not fixing them at this time?
Does the YANG module comply with the Network Management Datastore
Architecture (NMDA) as specified in RFC 8342?

  YANG is not used in the document.

(8) Describe reviews and automated checks performed to validate sections
of the final version of the document written in a formal language, such
as XML code, BNF rules, MIB definitions, CBOR's CDDL, etc.

  JSON is used.  The use if STIR PASSporT was reviewed on the
  jwt-reg-review@ietf.org mailing list in 2016.  There are new JSON Web
  Token (JWT) Claims defined in this document, but they have not yet
  been explicitly discussed on the jwt-reg-review@ietf.org mailing
  list to get the advice of the Designated Experts.  A posting was
  made on 15 September 2022 to make sure that the experts on that
  mailing list have an opportunity to comment.

(9) Based on the shepherd's review of the document, is it their opinion
that this document is needed, clearly written, complete, correctly
designed, and ready to be handed off to the responsible Area Director?

  The document shepherd finds the document clear and complete.

(10) Several IETF Areas have assembled lists of common issues that their
reviewers encounter.  Do any such issues remain that would merit specific
attention from subsequent reviews?

  The document shepherd finds no concerns.

(11) What type of RFC publication is being requested on the IETF stream
(Best Current Practice, Proposed Standard, Internet Standard,
Informational, Experimental, or Historic)?  Why is this the proper type
of RFC?  Do all Datatracker state attributes correctly reflect this
intent?

  Proposed Standard.  The datatracker indicates this intent.

(12) Has the interested community confirmed that any and all appropriate
IPR disclosures required by BCP 78 and BCP 79 have been filed?  If not,
explain why.  If yes, summarize any discussion and conclusion regarding
the intellectual property rights (IPR) disclosures, including links to
relevant emails.

  All authors and contributors have explicitly confirmed that all IPR
  disclosures required for full conformance with the provisions of
  BCP 78 and BCP 79 have already been filed.  There are none.

(13) Has each Author or Contributor confirmed their willingness to be
listed as such?  If the number of Authors/Editors on the front page is
greater than 5, please provide a justification.

  All authors have explicitly confirmed their willingness to be listed
  as an author.  All contributors are listed as authors.

(14) Identify any remaining I-D nits in this document.  (See the idnits
tool and the checkbox items found in Guidelines to Authors of
Internet-Drafts).  Simply running the idnits tool is not enough; please
review the entire guidelines document.

  IDnits discovered one place where "MAY NOT" needs to be changed to
  "MUST NOT".  The authors are making this change, and it will be posted
  when other changes are needed.

  The document shepherd review of the document did not find any
  issues related to the Guidelines to Authors of Internet-Drafts.

(15) Should any informative references be normative or vice-versa?

  All references are in the proper category.

(16) List any normative references that are not freely available to
anyone.  Did the community have sufficient access to review any such
normative references?

  All normative references are RFCs, or will be when finished.

(17) Are there any normative downward references (see RFC 3967, BCP 97)?
If so, list them.

  There are no downrefs.

(18) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state?  If they exist, what is
the plan for their completion?

  One of the normative references has not been published yet:
  draft-ietf-sipcore-callinfo-rcd.  This is moving forward in a
  different IETF working group.

(19) Will publication of this document change the status of any existing
RFCs?  If so, does the Datatracker metadata correctly reflect this and
are those RFCs listed on the title page, in the abstract, and discussed
in the introduction?  If not, explain why and point to the part of the
document where the relationship of this document to these other RFCs is
discussed.

  Publication of this document will not effect the status of any
  other documents.

(20) Describe the document shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document.  Confirm that all aspects of the document requiring IANA
assignments are associated with the appropriate reservations in IANA
registries.  Confirm that any referenced IANA registries have been
clearly identified.  Confirm that each newly created IANA registry
specifies its initial contents, allocations procedures, and a reasonable
name (see RFC 8126).

  No concerns were found.  As noted above, three new JSON Web
  Token (JWT) Claims are defined, these have been raised on the
  jwt-reg-review@ietf.org mailing list to get the advice of the
  Designated Experts.

(21) List any new IANA registries that require Designated Expert Review
for future allocations.  Are the instructions to the Designated Expert
clear?  Please include suggestions of designated experts, if appropriate.

  One new IANA registries is needed.  The PASSporT RCD Types registry is
  described in Section 17.3, and it will use the Specification Required
  policy for new entries to be added in the future.

Shepherd Write-up for draft-ietf-stir-passport-rcd-20


(1) Does the working group (WG) consensus represent the strong
concurrence of a few individuals, with others being silent, or did it
reach broad agreement?

  There is broad support for this document in the STIR WG.

(2) Was there controversy about particular points, or were there
decisions where the consensus was particularly rough?

  When work began on this document, the was some controversy about the
  integrity mechanism, bur consensus emerged for the solution in the
  document.  No one spoke against this approach for over two years.
 
(3) Has anyone threatened an appeal or otherwise indicated extreme
discontent?  If so, please summarize the areas of conflict in separate
email messages to the responsible Area Director.  (It should be in a
separate email because this questionnaire is publicly available.)

  No one has threatened an appeal or indicated extreme discontent.

(4) For protocol documents, are there existing implementations of the
contents of the document?  Have a significant number of potential
implementers indicated plans to implement?  Are any existing
implementations reported somewhere, either in the document itself (as
RFC 7942 recommends) or elsewhere (where)?

  Many people have expressed an intention implement this document.

(5) Does this document need review from other IETF working groups or
external organizations?  Have those reviews occurred?

  None needed.

(6) Describe how the document meets any required formal expert review
criteria, such as the MIB Doctor, YANG Doctor, media type, and URI type
reviews.

  None needed.

(7) If the document contains a YANG module, has the final version of the
module been checked with any of the recommended validation tools for
syntax and formatting validation?  If there are any resulting errors or
warnings, what is the justification for not fixing them at this time?
Does the YANG module comply with the Network Management Datastore
Architecture (NMDA) as specified in RFC 8342?

  YANG is not used in the document.

(8) Describe reviews and automated checks performed to validate sections
of the final version of the document written in a formal language, such
as XML code, BNF rules, MIB definitions, CBOR's CDDL, etc.

  JSON is used.  The use if STIR PASSporT was reviewed on the
  jwt-reg-review@ietf.org mailing list in 2016.  There are new JSON Web
  Token (JWT) Claims defined in this document, but they have not yet
  been explicitly discussed on the jwt-reg-review@ietf.org mailing
  list to get the advice of the Designated Experts.  A posting was
  made on 15 September 2022 to make sure that the experts on that
  mailing list have an opportunity to comment.

(9) Based on the shepherd's review of the document, is it their opinion
that this document is needed, clearly written, complete, correctly
designed, and ready to be handed off to the responsible Area Director?

  The document shepherd finds the document clear and complete.

(10) Several IETF Areas have assembled lists of common issues that their
reviewers encounter.  Do any such issues remain that would merit specific
attention from subsequent reviews?

  The document shepherd finds no concerns.

(11) What type of RFC publication is being requested on the IETF stream
(Best Current Practice, Proposed Standard, Internet Standard,
Informational, Experimental, or Historic)?  Why is this the proper type
of RFC?  Do all Datatracker state attributes correctly reflect this
intent?

  Proposed Standard.  The datatracker indicates this intent.

(12) Has the interested community confirmed that any and all appropriate
IPR disclosures required by BCP 78 and BCP 79 have been filed?  If not,
explain why.  If yes, summarize any discussion and conclusion regarding
the intellectual property rights (IPR) disclosures, including links to
relevant emails.

  All authors and contributors have explicitly confirmed that all IPR
  disclosures required for full conformance with the provisions of
  BCP 78 and BCP 79 have already been filed.  There are none.

(13) Has each Author or Contributor confirmed their willingness to be
listed as such?  If the number of Authors/Editors on the front page is
greater than 5, please provide a justification.

  All authors have explicitly confirmed their willingness to be listed
  as an author.  All contributors are listed as authors.

(14) Identify any remaining I-D nits in this document.  (See the idnits
tool and the checkbox items found in Guidelines to Authors of
Internet-Drafts).  Simply running the idnits tool is not enough; please
review the entire guidelines document.

  IDnits discovered one place where "MAY NOT" needs to be changed to
  "MUST NOT".  The authors are making this change, and it will be posted
  when other changes are needed.

  The document shepherd review of the document did not find any
  issues related to the Guidelines to Authors of Internet-Drafts.

(15) Should any informative references be normative or vice-versa?

  All references are in the proper category.

(16) List any normative references that are not freely available to
anyone.  Did the community have sufficient access to review any such
normative references?

  All normative references are RFCs, or will be when finished.

(17) Are there any normative downward references (see RFC 3967, BCP 97)?
If so, list them.

  There are no downrefs.

(18) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state?  If they exist, what is
the plan for their completion?

  One of the normative references has not been published yet:
  draft-ietf-sipcore-callinfo-rcd.  This is moving forward in a
  different IETF working group.

(19) Will publication of this document change the status of any existing
RFCs?  If so, does the Datatracker metadata correctly reflect this and
are those RFCs listed on the title page, in the abstract, and discussed
in the introduction?  If not, explain why and point to the part of the
document where the relationship of this document to these other RFCs is
discussed.

  Publication of this document will not effect the status of any
  other documents.

(20) Describe the document shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document.  Confirm that all aspects of the document requiring IANA
assignments are associated with the appropriate reservations in IANA
registries.  Confirm that any referenced IANA registries have been
clearly identified.  Confirm that each newly created IANA registry
specifies its initial contents, allocations procedures, and a reasonable
name (see RFC 8126).

  No concerns were found.  As noted above, three new JSON Web
  Token (JWT) Claims are defined, these have been raised on the
  jwt-reg-review@ietf.org mailing list to get the advice of the
  Designated Experts.

(21) List any new IANA registries that require Designated Expert Review
for future allocations.  Are the instructions to the Designated Expert
clear?  Please include suggestions of designated experts, if appropriate.

  One new IANA registries is needed.  The PASSporT RCD Types registry is
  described in Section 17.3, and it will use the Specification Required
  policy for new entries to be added in the future.