Skip to main content

Minutes IETF109: stir

Meeting Minutes Secure Telephone Identity Revisited (stir) WG
Date and time 2020-11-20 09:00
Title Minutes IETF109: stir
State Active
Other versions plain text
Last updated 2020-11-24

Minutes - STIR - IETF 109
Friday 2020-11-20 16:00 +07 (09:00 UTC)


* Jon will remove the ability for intermediate CAs to sign certs from the
delegation draft. * draft-ietf-stir-rph-emergency-services (already post-wglc)
should be ready to submit to the IESG at this point. * We will issue a call for
WG adoption on draft-peterson-stir-messaging * There was suppport to adopt
draft-peterson-stir-rfc4916-update, but it may take a charter tweak. Murray
will evaluate.

--- Raw Notes (via codimd) ---
# STIR - IETF109

## Minute Takers, Jabber Scribe
Brian Rosen, Jean Mahoney - note takers
Russ will watch the chat room

## Agenda Bash
Chris would like to talk about a draft if there's time - related to errors with
multiple identity headers.

## Status of drafts between pubreq and RFC
oob and div - div is blocked on oob.
delegation - IESG review. Should intermediate CAs be able to sign certs?
Jon - do people feel strongly?
Russ - there are certain CA keys to sign with, but delegation was intended to
be lower in the chain - add to Sec Considerations. Chris - don't we create
delegate from intermediate certs? Jon - the only thing you can sign ... can't
sign passports with intermediate certs. How much do we care about aggregating
permissions from multiple certs Russ - It is ugly, work arounds exist, not
opposed to removal Jon - Okay with taking it out Chris - chains won't be that
long Ben - can always go back and add it with another draft Jon - sold

## draft-ietf-stir-passport-rcd – Chris Wendt
Simple fixes, including adding PAI to nam
Ready to go
sipcore-rcd-updates issues.  If no jcard, what do we do with the URL, I think
ignore Should call-reason have a cid? Jon - reason could be in a header. Hassle
to add a body just to contain a text string. How do you feel about clobbering
the Subject header field? RjS - coopting it would close doors with weird side
effect. Put it in a data URI? You can carry one in the header. Jon - data URI
is a pet peeve of mine, maybe time has come. We want more structure, data
structures for internationalization. If we can't use Subject, use Reason
header. Chris - seems potentially important. Just for a string, agree on that.
I'll ask on the list. Russ - please, and that's the SIPCORE list, correct?
Chris - yes.

## draft-ietf-stir-servprovider-oob - Jon Peterson
New idea, what if terminating service provider operates the OOB service.  No
need to encrypt PASSports, need CPS discovery. Need to wait another cycle to
advance the document. Lot of changes. Chris - Are you going to align with IPNNI
work going on? Jon - align with IETF security. It's a plausible security

## draft-ietf-stir-rph-emergency-services - Chris Wendt
Claims updates. auth instead of ESOrig and ESCallBack
RjS - could we send this to the IESG Dec/Jan?
Chris - that would be good.
RjS - nothing it's waiting on?
Chris - no. Nothing controversial left.
Brian - there's my draft which has to have a mechanism draft in sipcore. This
draft does not have a dependency on that draft.

## draft-peterson-stir-rfc4916-update - Jon Peterson
How to make Identity work in the backwards direction. Updates 4916.  Extends
scope of stir. Chris - +1 to the "before the call" use case. How to roll this
out when it's not globally supported. RjS - how many big companies leave the
calls in Ringing when the customer is in the IVR still? Just establishes early
media, and leaves you sitting there? Jon - isn't there a PRACK update? You get
a 183 you can PRACK it right? RjS - I think there's a missing step. You have to
have something to PRACK. Something to consider. Jon - don't need to solve it
here, but see if people are interested, if the WG wants to adopt. Ben - No
passport extension needed, right? No problem with orig claim being confused
with caller orig? Chris - could send rcd backwards, but don't need extension.

Chairs - do we think we should do this, and enough people to help? Murray, are
you comfortable that this is in charter or do we need to change it? Murray -
I'll take a look, maybe next week.

## draft-peterson-stir-messaging - Jon Peterson
Applies stir to messaging
For carrier messaging, could use same cert infrastructure

Brian - use MESSAGE for alarm - not 2-way. Working to make STIR applicable to
emergency calls because of swatting. We want to protect MESSAGE.

Should we define how any framework uses stir?, like MLS?
Chris - sframe - associating participants with each media stream, should
incorporate this framework. Russ - MLS focusing on encrypting group chat. Brian
- I need this. I want it and will work on it. Ben - intellectually, I really
like this. Reservation about whether it will get used - Google is using Signal
protocol for e2e encryption. Brian's use case is enough by itself. Chris - be
nice to have a common framework. tim costello - sounds like a good idea. Thomas
McCarthy-Howe - I can totally see this. I'm in. Russ - think we can do ...
without recharter. Brian - I need it bad enough that I don't want to get bogged
down in a generic framework. My simple use case will be waiting on that. Jon -
how to deal with a plurality of message types. Do we need typing of messages?
Brian - don't have an Identity header in those environments. Many things you
would have to do to do this outside of SIP. Chris - we have a generic passport,
think we have the bones. Jon - what I'm hearing from Brian - don't go crazy
with the scope. RjS - If we did magic and it was well-defined today, what does
the deployment pipeline look like. Take immediate advantage? Brian - we would
just do it anyway. In NEMA specs, for incoming emergency calls, an incoming
text - maybe MSRP - we assume we can use the Identity coming in with INVITE.
There's discussions with ATIS to sign outgoing calls from emergency services. I
think it's real simple. Jon - do you care if the message has been tampered
with? Brian - anything that improves integrity is worthwhile and we would
implement in a flash. Primary concern is swatting. Chris - If I send a picture
of crimescene, are there integrity issues. Brian - need to know who you are.
Identity is primary issue. Identity protection. Russ - do you care about
replay? Brian - message replay, yes. Russ - this mechanism doesn't give you
that. Brian - right. RjS - I heard a ton of interest. Can issue a call for
adoption on the list.

RjS - Chris, you had a draft you wanted to discuss?
Chris -
A solution when you have multiple IDentity headers, some succeed, some fail.
Send back PASSporTs that had errors. Take a look. Suggest things. List
discussion would be appreciated. Jon - I'd rather do this then hack UIDs. Minor
reservation - the div part - reviewing service logic in the backwards direction
- someone may holler about. div is the failure. If there's a way to extract
PASSporTs. Chris - div is the exception. the critical usecase SHAKEN succeeds,
but rcd failed. Jon - it's a non-critical error, what you do when they report
them. Ben - Does OOB come into play here? Do this for OOB? Chris - I'll defer
to Jon, don't know if you can trace it all the way back. Jon - If we can patch
8224, I'd be happy. I don't want to put UIDs in PASSporTs. Chris - I don't
think using PASSporTs is a bad idea.

RjS - end of our agenda and AOB.