Telechat Review of draft-ietf-stir-rph-03
review-ietf-stir-rph-03-secdir-telechat-huitema-2018-04-16-00

Request Review of draft-ietf-stir-rph
Requested rev. no specific revision
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2018-04-17
Requested 2018-03-21
Other Reviews Genart Telechat review of -03 by Brian Carpenter
Review State Completed
Reviewer Christian Huitema
Review review-ietf-stir-rph-03-secdir-telechat-huitema-2018-04-16
Posted at https://mailarchive.ietf.org/arch/msg/secdir/U3i8ZXKXNQu-f4WaRdlHqhSZRIo
Reviewed rev. 03
Review result Has Nits
Draft last updated 2018-04-16
Review completed: 2018-04-16

Review
review-ietf-stir-rph-03-secdir-telechat-huitema-2018-04-16

Summary: ready with nits.

The STIR specifications (RFC 8224, RFC 8225) define a mechanism in which the "Identity" in a 
SIP header points to an URI used to retrieve the JSON-encoded claims related to that identity. The
claims can be verifed by cryptographic mechanisms, allowing in principle called parties to make
informed decisions before accepting a call. The draft extends the syntax of the JSON tokens to
make claims about the "resource priority" levels that can be used in the call. The goal appears
to be better management of resource in SIP gateways, e.g., chosing which of many incoming
calls would get access to a scarce resource.

Or in any case that's what I understood after reading the draft. It would be helpful if the
introduction explained the problem that the extension is solving, maybe with a reference to
the problem statement in RFC 7340 or the threat model in RFC 7375.

The third paragraph of the introduction could be rearranged. As written,
it mentions an extension defined in RFC 7340, which had me puzzled for a time, as that RFC is a 
problem statement and a list of requirements. As far as I can tell, the extension
uses the mechanisms for "Extending PASSport" defined in section 8 or RFC 8825. Why not
say that, instead of a vague assertion that "The STIR architecture allows extensions". Or,
define what you actually mean by the STIR Architecture, arguably the combination of
RFC 8824 and RFC 8825.

Looking at security issue, it appears that the proposal reuses for resource priority the
mechanisms defined by RFC 8824 for generally verifying claims. That seems reasonable. My
main concern is with the levels of indirection. The security mechanisms will verify that
a claim is authentic by verifying that it is properly authorized by the specified
authority. But at that point, the gateway will have to verify that the authority
behind the claim is actually authorized to consume the resource as specified in
the resource priority header. This is potentially more complex than verifying an
identity claim. Section 7.2. of the security consideration explains that,
but I am curious to see whether that will work in practice. 

Please update the references. [I-D.ietf-stir-rfc4474bis] has been replaced by RFC 8224.
[I-D.ietf-stir-passport] has been replaced by RFC 8225.