Assertion Values for Resource Priority Header and SIP Priority Header Claims in Support of Emergency Services Networks
draft-ietf-stir-rph-emergency-services-07

[Ballot comment]
Hi, thanks for this document.  Only one minor comment:

Similar to Ben's comment, I was surprised to see the claims listed in a different order than the canonical order in 5.

[Ballot comment]
Just a couple of minor comments that I hope will help:

— Section 1 —

  Compromise of the SIP "Resource-Priority" or "Priority" header fields
  could lead to misuse of network resources (i.e., during congestion
  scenarios),

Only during congestion scenarios (“i.e.”), or is that meant to be an example of when misuse might happen?  If truly the former, why is congestion the only time compromise of these fields could lead to misuse of resources?  And could their compromise lead to other kinds of misuse?

— Section 3 —

  The "dest" claim MUST either be a country or
  region specific dial string

A nit, but I had minor trouble reading it at first without the hyphens: it should say “a country- or region-specific dial string”.  Or if you don’t like “country-“, you could say “country-specific or region-specific”.

[Ballot comment]
Section 3

  Similar to the values allowed by [RFC8443] for the "auth" JSON object
  key inside the "rph" claim, the string "esnet.x" with the appropriate

(nit) I suggest s/allowed/defined/, since RFC 8443 assumes the auth
array will be extensible.

Section 4

  The following is an example of an "sph" claim for SIP 'Priority'
  header field with the value "psap-callback":

    {
      "orig":{"tn":"12155551213"},
      "dest":{"tn":["12155551212"]},
      "iat":1443208345,
      "rph":{"auth":["esnet.0"]},
      "sph":"psap-callback"

(nit) the listed "iat" value corresponds to a date in 2015.  Should
something more current be used?

Section 5

  The order of the claim keys MUST follow the rules of [RFC8225]
  Section 9; the claim keys MUST appear in lexicographic order.

We probably want to clarify that this requirement is in force for the
deterministic JSON serialization used for signature generation (and
validation).  Especially so since the immediately preceding example has
the claims in a different order...

Section 9

Thanks to Kyle Rose for the secdir review!
Kyle called out the considerations from RFCs 8225 and 8443 as also being
relevant (and I agree); please reference those as well as RFC 8224.

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has completed its review of draft-ietf-stir-rph-emergency-services-05. If any part of this review is inaccurate, please let us know.

The IANA Functions Operator understands that, upon approval of this document, there is a single action which we must complete.

In the JSON Web Token Claims registry on the JSON Web Token (JWT) registry page located at:

https://www.iana.org/assignments/jwt/

a single, new registration is to be made as follows:

Claim Name: sph
Claim Description: SIP Priority header field
Change controller: IESG
Reference: [ RFC-to-be ]

As this document requests registrations in a Specification Required (see RFC 8126) registry, we will initiate the required Expert Review via a separate request. This review must be completed before the document's IANA state can be changed to "IANA OK."

The IANA Functions Operator understands that this is the only action required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

Thank you,

Sabrina Tanamal
Senior IANA Services Specialist

The following Last Call announcement was sent out (ends 2021-02-09):

From: The IESG
To: IETF-Announce
CC: draft-ietf-stir-rph-emergency-services@ietf.org, housley@vigilsec.com, stir-chairs@ietf.org, stir@ietf.org, superuser@gmail.com
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (Assertion Values for a Resource Priority Header Claim and a SIP Priority Header Claim in Support of Emergency Services Networks) to Proposed Standard


The IESG has received a request from the Secure Telephone Identity Revisited
WG (stir) to consider the following document: - 'Assertion Values for a
Resource Priority Header Claim and a SIP
  Priority Header Claim in Support of Emergency Services Networks'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2021-02-09. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  This document adds new assertion values for a Resource Priority
  Header ("rph") claim and a new SIP Priority Header claim ("sph") for
  protection of the "psap-callback" value as part of the "rph" PASSporT
  extension, in support of the security of Emergency Services Networks
  for emergency call origination and callback.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-stir-rph-emergency-services/



No IPR declarations have been submitted directly on this I-D.


The document contains these normative downward references.
See RFC 3967 for additional information:
    rfc7135: Registering a SIP Resource Priority Header Field Namespace for Local Emergency Communications (Informational - IETF stream)

(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)?  Why
is this the proper type of RFC?  Is this type of RFC indicated in the
title page header?

  Standards track RFC is requested.  Yes, this appears on the
  title page of the Internet-Draft.

(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:

Technical Summary

  This document adds new assertion values for a Resource Priority
  Header ("rph") claim and a new SIP Priority Header claim ("sph") for
  protection of the "psap-callback" value as part of the "rph" PASSporT
  extension, in support of the security of Emergency Services Networks
  for emergency call origination and callback.

Working Group Summary

  The STIR WG reached consensus, and there is support for publication.

Document Quality

  A few people have shown interest in implementing this specification.

Personnel

  Russ Housley is the Document Shepherd.
  Murray Kucherawy is the Responsible Area Director.

(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready
for publication, please explain why the document is being forwarded to
the IESG.

  The document shepherd did a complete review of -02 as part of the WG
  Last Call.  A few concerns were raised during WG Last Call, and all of
  them have been resolved.

(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

  No concerns at all.

(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization? If so, describe the review that
took place.

  No additional review is needed.

(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the
IESG should be aware of? For example, perhaps he or she is uncomfortable
with certain parts of the document, or has concerns whether there really
is a need for it. In any event, if the WG has discussed those issues and
has indicated that it still wishes to advance the document, detail those
concerns here.

  No concerns at all.

(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed. If not, explain why.

  Each of the authors has confirmed that they are unaware of any
  IPR disclosures that need to be submitted.

(8) Has an IPR disclosure been filed that references this document?
If so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

  No IPR disclosures have been submitted against this document.

(9) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with it? 

  The STIR WG reached consensus, and there is support for publication.

(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is publicly available.)

  No one has threatened to appeal or expressed discontent.

(11) Identify any ID nits the Document Shepherd has found in this
document. (See https://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist). Boilerplate checks are not enough; this check needs to be
thorough.

  IDnits raises one warning, which is resolved by the downref handling.

(12) Describe how the document meets any required formal review
criteria, such as the MIB Doctor, media type, and URI type reviews.

  No additional formal review is needed for this document.

(13) Have all references within this document been identified as
either normative or informative?

  Yes, informative and normative references appear is separate
  sections in the document.

(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative
references exist, what is the plan for their completion?

  No normative references are blocking publication.

(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in
the Last Call procedure.

  There is a downref fo RFC 7135.  This downref needs to be highlighted
  in the IETF Last Call.

(16) Will publication of this document change the status of any
existing RFCs? Are those RFCs listed on the title page header, listed
in the abstract, and discussed in the introduction? If the RFCs are not
listed in the Abstract and Introduction, explain why, and point to the
part of the document where the relationship of this document to the
other RFCs is discussed. If this information is not in the document,
explain why the WG considers it unnecessary.

  No, publication of this document will not change the status of
  any other documents.

(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly
identified. Confirm that newly created IANA registries include a
detailed specification of the initial contents for the registry, that
allocations procedures for future registrations are defined, and a
reasonable name for the new registry has been suggested (see RFC 5226).

  The IANA considerations appear to be complete.

(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find
useful in selecting the IANA Experts for these new registries.

  No new IANA registries are created.  One JSON Web Token Claim registry
  entry is added to the existing IANA registry.

(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

  None is needed for this document.

(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)?  Why
is this the proper type of RFC?  Is this type of RFC indicated in the
title page header?

  Standards track RFC is requested.  Yes, this appears on the
  title page of the Internet-Draft.

(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:

Technical Summary

  This document adds new assertion values for a Resource Priority
  Header ("rph") claim and a new SIP Priority Header claim ("sph") for
  protection of the "psap-callback" value as part of the "rph" PASSporT
  extension, in support of the security of Emergency Services Networks
  for emergency call origination and callback.

Working Group Summary

  The STIR WG reached consensus, and there is support for publication.

Document Quality

  A few people have shown interest in implementing this specification.

Personnel

  Russ Housley is the Document Shepherd.
  Murray Kucherawy is the Responsible Area Director.

(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready
for publication, please explain why the document is being forwarded to
the IESG.

  The document shepherd did a complete review of -02 as part of the WG
  Last Call.  A few concerns were raised during WG Last Call, and all of
  them have been resolved.

(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

  No concerns at all.

(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization? If so, describe the review that
took place.

  No additional review is needed.

(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the
IESG should be aware of? For example, perhaps he or she is uncomfortable
with certain parts of the document, or has concerns whether there really
is a need for it. In any event, if the WG has discussed those issues and
has indicated that it still wishes to advance the document, detail those
concerns here.

  No concerns at all.

(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed. If not, explain why.

  Each of the authors has confirmed that they are unaware of any
  IPR disclosures that need to be submitted.

(8) Has an IPR disclosure been filed that references this document?
If so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

  No IPR disclosures have been submitted against this document.

(9) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with it? 

  The STIR WG reached consensus, and there is support for publication.

(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is publicly available.)

  No one has threatened to appeal or expressed discontent.

(11) Identify any ID nits the Document Shepherd has found in this
document. (See https://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist). Boilerplate checks are not enough; this check needs to be
thorough.

  IDnits raises one warning, which is resolved by the downref handling.

(12) Describe how the document meets any required formal review
criteria, such as the MIB Doctor, media type, and URI type reviews.

  No additional formal review is needed for this document.

(13) Have all references within this document been identified as
either normative or informative?

  Yes, informative and normative references appear is separate
  sections in the document.

(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative
references exist, what is the plan for their completion?

  No normative references are blocking publication.

(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in
the Last Call procedure.

  There is a downref fo RFC 7135.  This downref needs to be highlighted
  in the IETF Last Call.

(16) Will publication of this document change the status of any
existing RFCs? Are those RFCs listed on the title page header, listed
in the abstract, and discussed in the introduction? If the RFCs are not
listed in the Abstract and Introduction, explain why, and point to the
part of the document where the relationship of this document to the
other RFCs is discussed. If this information is not in the document,
explain why the WG considers it unnecessary.

  No, publication of this document will not change the status of
  any other documents.

(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly
identified. Confirm that newly created IANA registries include a
detailed specification of the initial contents for the registry, that
allocations procedures for future registrations are defined, and a
reasonable name for the new registry has been suggested (see RFC 5226).

  The IANA considerations appear to be complete.

(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find
useful in selecting the IANA Experts for these new registries.

  No new IANA registries are created.  One JSON Web Token Claim registry
  entry is added to the existing IANA registry.

(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

  None is needed for this document.