Last Call Review of draft-ietf-stir-oob-05
review-ietf-stir-oob-05-opsdir-lc-bhandari-2019-09-17-00
| Request | Review of | draft-ietf-stir-oob |
|---|---|---|
| Requested revision | No specific revision (document currently at 07) | |
| Type | Last Call Review | |
| Team | Ops Directorate (opsdir) | |
| Deadline | 2019-09-17 | |
| Requested | 2019-09-03 | |
| Authors | Eric Rescorla , Jon Peterson | |
| I-D last updated | 2019-09-17 | |
| Completed reviews |
Secdir Last Call review of -05
by Watson Ladd
(diff)
Genart Last Call review of -05 by Suhas Nandakumar (diff) Opsdir Last Call review of -05 by Shwetha Bhandari (diff) Genart Telechat review of -06 by Suhas Nandakumar (diff) Secdir Telechat review of -06 by Watson Ladd (diff) |
|
| Assignment | Reviewer | Shwetha Bhandari |
| State | Completed | |
| Request | Last Call review on draft-ietf-stir-oob by Ops Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/ops-dir/PzhjwdxuLFaEB1nuZwiw9ZrzDRQ | |
| Reviewed revision | 05 (document currently at 07) | |
| Result | Ready | |
| Completed | 2019-09-17 |
review-ietf-stir-oob-05-opsdir-lc-bhandari-2019-09-17-00
I have reviewed this document as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving the operational aspects of the IETF drafts per guidelines in RFC5706 . Comments that are not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: This is an informational draft that describes use cases and sketches a solution to deliver PASSporT objects outside of the signaling path as part of STIR(Secure Telephone Identity Revisited). The PASSporT format defines a token that can be carried by signaling protocols, including SIP, to cryptographically attest the identify of callers. The solution defines a new Call Placement Service(CPS) that permits the PASSporT object to be stored during call processing and retrieved for verification purposes. The draft clarifies that deploying this service and framework would require additional specification outside the scope of this document. The draft covers operational considerations per the guidelines defined in RFC 5706: a) Operational environments section in the draft describes environments in which the proposed out-of-band STIR mechanism is intended to operate. b) New CPS service and data flows required between existing components - caller, callee endpoints and gateways etc for secure storage and validation of PASSportT objects c) Storing and Retrieving PASSporTs objects d) Service discovery: Mechanism for CPS discovery Given that the draft expects additional specification to actually deploy the new service I am assuming Manageability consideration such as configuring and managing CPS, data models for providing operational state and fault notification for CPS data flows will be detailed in the future specifications. Also impact of the CPS on network and call setup will have to be covered in those additional specifications.