Skip to main content

Last Call Review of draft-ietf-stir-passport-rcd-21
review-ietf-stir-passport-rcd-21-artart-lc-alvestrand-2022-10-13-00

Request Review of draft-ietf-stir-passport-rcd
Requested revision No specific revision (document currently at 26)
Type Last Call Review
Team ART Area Review Team (artart)
Deadline 2022-10-12
Requested 2022-09-28
Authors Chris Wendt , Jon Peterson
I-D last updated 2022-10-13
Completed reviews Genart Last Call review of -22 by Dale R. Worley (diff)
Secdir Last Call review of -21 by Vincent Roca (diff)
Artart Last Call review of -21 by Harald T. Alvestrand (diff)
Dnsdir Last Call review of -21 by Florian Obser (diff)
Secdir Telechat review of -23 by Vincent Roca (diff)
Assignment Reviewer Harald T. Alvestrand
State Completed
Request Last Call review on draft-ietf-stir-passport-rcd by ART Area Review Team Assigned
Posted at https://mailarchive.ietf.org/arch/msg/art/rylz9YIkzKVh0MS7zVQJnWTD5Tc
Reviewed revision 21 (document currently at 26)
Result Ready w/issues
Completed 2022-10-13
review-ietf-stir-passport-rcd-21-artart-lc-alvestrand-2022-10-13-00
This document is clearly a product of a fairly mature standards process, but as
always happens with fresh eyes, there are a number of points to call out.

I'll try to not revisit items unlikely to change, such as the excessive use of
3-letter tags (I suppose for shorter headers, despite the fact that compression
would make that irrelevant) and the use of the term "rich", which by this time
is as meaningless as that other IETF cozy-word "simple".

With that off my chest - commentary about details and nits follow. This
document is, to my mind, close to being "ready" - but fixing the issues would,
I think, make it better.

By section:
Section 4 mode 3-4 uses the term “forward control”, which is a confusing term.
The term seems to indicate that “the entity that signs the RCD object can
include within the JWT object a statement about what the signer of the PASSporT
object can claim to include”. This mechanism (and the need for it) is still
obscure to me after reading the spec. See also comments on section 7.

Section 5.1 talks about fields being “derived from” things like display-name
component of From header field value of SIP. This seems like an improper
constraint on how applications are built. More likely usage is that the
passport object is signed first, and the display-name is set from the same data
source; instead of saying “derived from”, a spec should say “the same as” -
what comes first and last is not a concern for the spec.

Section 6 - spec says MUST SHA512, MUST NOT SHA-1. Given that this is a
document format, is this the right place for that kind of statement? If specs
that use it already specify something about hash functions, they are unlikely
to change their usages just because this document says so. What will not be
obeyed should not be stated.

Section 6 says that it uses “JSON pointer with a minor additional rule”, is it
clear what the additional rule is? If it’s only the 6.1.4 “jump the indirect”,
that might be worth calling out.

Section 7, The JWT Claim Constraints section, talks about “constrain the
signer”. That’s an odd form if this is a document format description. RFC 8226
seems to say that it is part of the format for requesting a signature (the
unsigned or self-signed version of the cert), and is part of the cert only to
verify what the signer was asked to sign.

Section 9.1 talks about “the certificate used to sign the PASSporT”. This
terminology seems suspect. RFC 7515 section 5.1 is the “compute the signature”
step. It doesn’t talk about a certificate used as input. 12.1 also contains
this odd construct. Does it mean "the certificate containing the public key
associated with the private key used to sign the PASSporT"? If so, it should
say that this is what it means. (An alternative would be "the PKCS#11 object
that contains both the public and private keys" - but that would seem like a
*really* odd construct.)

Section 9.3 examples - it would be good to say which elements are protected by
what for each case - for instance, example 2 will have the protection for th
PASSPorT object of the icn URL, but has no protection for the content of the
image - it’s not verifiable - while examples 3 and 4 have protected the content
of the external references using “rcdi”.

The note in section 10.1 about reconstructing “nam” from the display-name
string means that use of this format with the SIP protocol requires them to be
identical, which seems to be a common assumption (see comment on 5.1).

Section 13 introduced “first” and “third” parties without defining them.
Presumably the "first" party is the signer of the PASSPorT, while the "third"
party is the signer of the RCD - making this explicit would be good.

14.2 says that one has to extract From and use it to check the rcd (which
constrains it to be the same, no?) - while the next para talks about pulling
the nam out and displaying it instead of the name in From. This is odd, given
that they are identical.

14.2 at first seems to constrain what a relying entity shold do, but the
section ends with a statement equivalent to “but do what you want” ("It's going
to be determined by policy"), so what’s the point of the section?

All that said - this specification seems to be clear for its purpose. It could
just be somewhat better.