Network Working Group C. Wendt
Internet-Draft Comcast
Updates: RFC3326 (if approved) July 12, 2021
Intended status: Standards Track
Expires: January 13, 2022
Identity Header Error Handling
draft-wendt-stir-identity-header-errors-handling-02
Abstract
This document extends STIR and the Authenticated Identity Management
in the Session Initiation Protocol (SIP) related to error handling
for STIR verification services and how they feedback errors to STIR
authentication services. Specifically, the use of a Reason header
field and addressing scenarios that use multiple identity headers
where some may have errors and others may not and the handling of
those situations is defined.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 13, 2022.
Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
Wendt Expires January 13, 2022 [Page 1]
Internet-Draft Identity Errors July 2021
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Use of provisional error responses to signal errors without
terminating the call . . . . . . . . . . . . . . . . . . . . 3
4. Handling of a verification error when there is multiple
Identity header fields . . . . . . . . . . . . . . . . . . . 3
5. Handling multiple verification errors . . . . . . . . . . . . 4
6. Removal of the Reason header field by Authentication Service 4
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5
8. Security Considerations . . . . . . . . . . . . . . . . . . . 5
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 5
9.1. Normative References . . . . . . . . . . . . . . . . . . 5
9.2. Informative References . . . . . . . . . . . . . . . . . 5
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction
[RFC8224] in Section 6.2.2 discusses future specifications for
enhancement of how errors are communicated and the handling of
multiple Identity header fields. This specification provides some
additional mechanisms for solutions to address these problems.
In some deployments of STIR and specifically using SIP [RFC3261] as
defined by [RFC8224], one issue with the current error handling,
specifically with the use of the defined 4xx error responses, is that
when an error occurs with the verification of the Identity header
filed or the PASSporT contained in the Identity header field and a
4xx response is returned, the call is then terminated. It may be the
case that the policy for handling errors dictates that calls should
continue even if there is a verification error, in the case of, for
example inadvertent errors, however the authentication service should
still be notified of the error so that corrective action can be
taken. This specification will discuss the use of the Reason header
field in subsequent provisional (1xx) responses in order to
accomplish this.
For the handling of multiple Identity header fields and the potential
situation that some of the Identity header fields in a call may pass
verification but others may have errors, this document provides a
mechanism to add an identifier so that the authentication service can
identify which Identity header field is being referred to in the case
of an error.
Wendt Expires January 13, 2022 [Page 2]
Internet-Draft Identity Errors July 2021
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
3. Use of provisional error responses to signal errors without
terminating the call
In cases where local policy dictates that a call should continue
irregardless when any verification errors, including 4XX errors
described in [RFC8224] Section 6.2.2, then the verification service
SHOULD not send the 4XX as a response, but rather include the error
response code and reason phrase in a Reason header field, defined in
[RFC3326], in the next provisional or final responses sent to the
authentication service.
Example Reason header field:
Reason: SIP ;cause=436 ;text="Bad Identity Info"
4. Handling of a verification error when there is multiple Identity
header fields
In cases where a SIP message includes multiple Identity header fields
and one of those Identity header fields has an error, the
verification service SHOULD include the error response code and
reason phrase associated with the error in a Reason header field,
defined in [RFC3326], in the next provisional or final responses sent
to the authentication service. The reason cause in the Reason header
field SHOULD represent the error that occurred when verifying the
contents of the Identity header field. The association of a Reason
header field and error to a specific Identity header field is
accomplished by adding a "ppt" parameter containing the PASSporT that
generated the error to the Reason header field. The "ppt" parameter
for the Reason header field is optional, but RECOMMENDED, in
particular for cases that a SIP INVITE contains multiple Identity
header fields. The PASSporT can be included in full form, or
optionally in compact form, where only the signature of the PASSporT
is used to identify the reported Identity header field with an error.
Example Reason header field with full form PASSporT:
Wendt Expires January 13, 2022 [Page 3]
Internet-Draft Identity Errors July 2021
Reason: SIP ;cause=436 ;text="Bad Identity Info" ;ppt= \
"eyJhbGciOiJFUzI1NiIsInR5cCI6InBhc3Nwb3J0IiwieDV1I \
joiaHR0cHM6Ly9jZXJ0LmV4YW1wbGUub3JnL3Bhc3Nwb3J0LmNlciJ9.eyJ \
kZXN0Ijp7InVyaSI6WyJzaXA6YWxpY2VAZXhhbXBsZS5jb20iXX0sImlhdC \
I6IjE0NDMyMDgzNDUiLCJvcmlnIjp7InRuIjoiMTIxNTU1NTEyMTIifX0.r \
q3pjT1hoRwakEGjHCnWSwUnshd0-zJ6F1VOgFWSjHBr8Qjpjlk-cpFYpFYs \
ojNCpTzO3QfPOlckGaS6hEck7w"
Example Reason header field with compact form PASSporT: ~~~~~~~~~~~
Reason: SIP ;cause=436 ;text="Bad Identity Info" ;ppt= \
"..rq3pjT1akEGjHCnWSwUnshd0-zJ6F1VOgFWSjHBr8Qjpjlk-cpFYpFYs \
ojNCpTzO3QfPOlckGaS6hEck7w" ~~~~~~~~~~~
5. Handling multiple verification errors
This specification updates [RFC3326] in that for STIR applications
the use of multiple Reason header fields with the same "SIP" protocol
string is allowed. So, if there is multiple Identity header field
verification errors being reported the verification service SHOULD
include corresponding Reason header fields with "ppt" parameters
including full or compact form of the PASSporT with cause and text
parameters identifying each error.
Example Reason header fields for two identity info errors:
Reason: SIP ;cause=436 ;text="Bad Identity Info" ;ppt= \
"eyJhbGciOiJFUzI1NiIsInR5cCI6InBhc3Nwb3J0IiwieDV1I \
joiaHR0cHM6Ly9jZXJ0LmV4YW1wbGUub3JnL3Bhc3Nwb3J0LmNlciJ9.eyJ \
kZXN0Ijp7InVyaSI6WyJzaXA6YWxpY2VAZXhhbXBsZS5jb20iXX0sImlhdC \
I6IjE0NDMyMDgzNDUiLCJvcmlnIjp7InRuIjoiMTIxNTU1NTEyMTIifX0.r \
q3pjT1hoRwakEGjHCnWSwUnshd0-zJ6F1VOgFWSjHBr8Qjpjlk-cpFYpFYs \
ojNCpTzO3QfPOlckGaS6hEck7w"
Reason: SIP ;cause=436 ; text="Bad Identity Info" ;ppt= \
"eyJhbGciOiJFUzI1NiIsInR5cCI6InBhc3Nwb3J0IiwieDV1I \
joiaHR0cHM6Ly9jZXJ0LmV4YW1wbGUub3JnL3Bhc3Nwb3J0LmNlciJ9.eyJ \
xpY2VAZXhhbXBsZS5jb20iXX0sImlhdCkZXN0Ijp7InVyaSI6WyJzaXA6YW \
p7InRuIjoiMTIxNTU1NTEyMTIifX0I6IjE0NDMyMDgzNDUiLCJvcmlnIj.r \
J6F1VOgFWSjHBr8Qjpjlk-cpFYpFYsq3pjT1hoRwakEGjHCnWSwUnshd0-z \
ckGaS6hEck7wojNCpTzO3QfPOl"
6. Removal of the Reason header field by Authentication Service
When an Authentication Service [RFC8224] receives the Reason header
field with a PASSporT it generated as part of an Identity header
field and the authentication of a call, it should first follow local
policy to recognize and acknowledge the error (e.g. perform
Wendt Expires January 13, 2022 [Page 4]
Internet-Draft Identity Errors July 2021
operational actions like logging or alarming), but then MUST remove
the identified Reason header field to avoid the PASSporT information
going upstream to UAC or UAS that may not be authorized to see claim
information contained in the PASSporT for privacy or other reasons.
7. Acknowledgements
Would like to thank David Hancock for help to identify these error
scenarios and Jon Peterson, Roman Shpount, and STIR working group for
helpful feedback and discussion.
8. Security Considerations
TBD
9. References
9.1. Normative References
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
A., Peterson, J., Sparks, R., Handley, M., and E.
Schooler, "SIP: Session Initiation Protocol", RFC 3261,
DOI 10.17487/RFC3261, June 2002,
<https://www.rfc-editor.org/info/rfc3261>.
[RFC3326] Schulzrinne, H., Oran, D., and G. Camarillo, "The Reason
Header Field for the Session Initiation Protocol (SIP)",
RFC 3326, DOI 10.17487/RFC3326, December 2002,
<https://www.rfc-editor.org/info/rfc3326>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8224] Peterson, J., Jennings, C., Rescorla, E., and C. Wendt,
"Authenticated Identity Management in the Session
Initiation Protocol (SIP)", RFC 8224,
DOI 10.17487/RFC8224, February 2018,
<https://www.rfc-editor.org/info/rfc8224>.
9.2. Informative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
Wendt Expires January 13, 2022 [Page 5]
Internet-Draft Identity Errors July 2021
Author's Address
Chris Wendt
Comcast
Comcast Technology Center
Philadelphia, PA 19103
USA
Email: chris-ietf@chriswendt.net
Wendt Expires January 13, 2022 [Page 6]