Minutes - STIR Interim - April 14, 2021

Attendees:
Russ Housley, Vigil Security (chair)
Robert Sparks, Independent (chair)
Roman Shpount, TurboBridge
Ben Campbell, Independent
Marc Petit-Huguenin, Impedance Mismatch
Jack Rickard, Microsoft
Mayumi Ohsugi, NTT
David Hancock, Comcast
Chris Wendt, Comcast
Sean Turner, sn3rd
Jon Peterson, Neustar
Mary Barnes (notetaker)
Alec Fenichel, TransNexus
Christer Holmberg, Ericsson
Norbert Angell, Metaswitch
Pierce Gorman

Summary:

We will recommend that our AD approve Errata 6499 will be accepted as
written.

Marc Petit-Huguenin will propose a revision of Errata 6519 that will
adjust the grammar to allow both unquoted and quoted ppt values. Quotes
will be required when sending, but receivers will accept both. A note
indicated that early implementations don't provide the quotes may be
added.

The attendees had a long discussion about
draft-wendt-stir-identity-header-errors-handling, exploring the proposed
mechanism's use of multipart-mime, whether the Reason header was the
right place to carry error information, and how to identify which
PASSPort was problematic. There was clearly interest in the group on
working to solve the problem. Chris Wendt will revise the document based
on this meeting's discussion and the group will consider the result for
adoption.

The attendees discussed the potential issues Ben Campbell raised on
draft-ietf-stir-enhance-rfc8226. The conversation explored removing both
excludeValues and excludeClaims. It was pointed out a few times that
most of the use cases people can imagine for excludeValues could be
handled better with an allow mechanism rather than a deny mechanism. The
conclusion was to remove excludeValues, but keep excludeClaims as we had
identified utility for this constraint and the nature of the issue was
less severe for excludeClaims than it was for excludeValues. Russ will
revise the document.

The attendees discussed the intended use of the "iss" claim as described
in draft-ietf-stir-passport-rcd. The conclusion was that the claim was
intended to inform human readers of the signer and any reasonable value
is allow. The VS is not expected to verify the match. Any trust
decisions based on the reputation of the signer should determine the
signer from the certificate itself. Chris will add text to clarify this
in the next revision. We expect the document will need another (possibly
abbreviated) WGLC.

The attendees expressed interest in a SIPit-like event focusing on STIR.
Robert Sparks will follow up on how this might be organized.

A recording of the discussion is available at
https://www.youtube.com/watch?v=ir_sQ-weQkY