Minutes interim-2021-stir-01: Wed 16:00
The information below is for an old version of the document.
|Meeting Minutes||Secure Telephone Identity Revisited (stir) WG Snapshot|
|Date and time||2021-04-14 16:00|
|Title||Minutes interim-2021-stir-01: Wed 16:00|
|Other versions||plain text|
Minutes - STIR Interim - April 14, 2021 Attendees: Russ Housley, Vigil Security (chair) Robert Sparks, Independent (chair) Roman Shpount, TurboBridge Ben Campbell, Independent Marc Petit-Huguenin, Impedance Mismatch Jack Rickard, Microsoft Mayumi Ohsugi, NTT David Hancock, Comcast Chris Wendt, Comcast Sean Turner, sn3rd Jon Peterson, Neustar Mary Barnes (notetaker) Alec Fenichel, TransNexus Christer Holmberg, Ericsson Norbert Angell, Metaswitch Pierce Gorman Summary: We will recommend that our AD approve Errata 6499 will be accepted as written. Marc Petit-Huguenin will propose a revision of Errata 6519 that will adjust the grammar to allow both unquoted and quoted ppt values. Quotes will be required when sending, but receivers will accept both. A note indicated that early implementations don't provide the quotes may be added. The attendees had a long discussion about draft-wendt-stir-identity-header-errors-handling, exploring the proposed mechanism's use of multipart-mime, whether the Reason header was the right place to carry error information, and how to identify which PASSPort was problematic. There was clearly interest in the group on working to solve the problem. Chris Wendt will revise the document based on this meeting's discussion and the group will consider the result for adoption. The attendees discussed the potential issues Ben Campbell raised on draft-ietf-stir-enhance-rfc8226. The conversation explored removing both excludeValues and excludeClaims. It was pointed out a few times that most of the use cases people can imagine for excludeValues could be handled better with an allow mechanism rather than a deny mechanism. The conclusion was to remove excludeValues, but keep excludeClaims as we had identified utility for this constraint and the nature of the issue was less severe for excludeClaims than it was for excludeValues. Russ will revise the document. The attendees discussed the intended use of the "iss" claim as described in draft-ietf-stir-passport-rcd. The conclusion was that the claim was intended to inform human readers of the signer and any reasonable value is allow. The VS is not expected to verify the match. Any trust decisions based on the reputation of the signer should determine the signer from the certificate itself. Chris will add text to clarify this in the next revision. We expect the document will need another (possibly abbreviated) WGLC. The attendees expressed interest in a SIPit-like event focusing on STIR. Robert Sparks will follow up on how this might be organized. A recording of the discussion is available at https://www.youtube.com/watch?v=ir_sQ-weQkY