Skip to main content

Personal Assertion Token (PASSporT) Extension for Resource Priority Authorization
draft-ietf-stir-rph-06

Revision differences

Document history

Date Rev. By Action
2018-08-30
06 (System) RFC Editor state changed to AUTH48-DONE from AUTH48
2018-08-24
06 (System) RFC Editor state changed to AUTH48 from RFC-EDITOR
2018-08-09
06 (System) RFC Editor state changed to RFC-EDITOR from EDIT
2018-07-13
06 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2018-07-13
06 (System) IANA Action state changed to Waiting on RFC Editor from Waiting on Authors
2018-07-13
06 (System) IANA Action state changed to Waiting on Authors from In Progress
2018-07-13
06 (System) IANA Action state changed to In Progress from On Hold
2018-07-05
06 (System) IANA Action state changed to On Hold from In Progress
2018-07-05
06 (System) RFC Editor state changed to EDIT
2018-07-05
06 (System) IESG state changed to RFC Ed Queue from Approved-announcement sent
2018-07-05
06 (System) Announcement was received by RFC Editor
2018-07-05
06 (System) IANA Action state changed to In Progress
2018-07-05
06 Cindy Morgan IESG state changed to Approved-announcement sent from Approved-announcement to be sent
2018-07-05
06 Cindy Morgan IESG has approved the document
2018-07-05
06 Cindy Morgan Closed "Approve" ballot
2018-07-05
06 Cindy Morgan Ballot approval text was generated
2018-07-05
06 Cindy Morgan Ballot writeup was changed
2018-07-05
06 Adam Roach JWT review approved; see https://mailarchive.ietf.org/arch/msg/jwt-reg-review/OTaiFkI7yRYr3ux5VWtVkdTcy2w
2018-07-05
06 Adam Roach IESG state changed to Approved-announcement to be sent from IESG Evaluation::External Party
2018-06-27
06 Russ Housley Added to session: IETF-102: stir  Wed-1520
2018-05-24
06 Subir Das New version available: draft-ietf-stir-rph-06.txt
2018-05-24
06 (System) New version approved
2018-05-24
06 (System) Request for posting confirmation emailed to previous authors: Subir Das , Ray Singh , An Nguyen , Martin Dolly
2018-05-24
06 Subir Das Uploaded new revision
2018-05-17
05 Ben Campbell
[Ballot comment]
Thank you for addressing my first discussion point and comments. I still have a concern on the second discuss point:

§7.2:
  o  …
[Ballot comment]
Thank you for addressing my first discussion point and comments. I still have a concern on the second discuss point:

§7.2:
  o  The verification of the signature MUST include means of verifying
      that the signer is authoritative for the signed content of the
      resource priority namespace in the PASSporT."

The authors explained via email that they expect this to depend on some ATIS work. I understand that such work is in progress, but has not reached the point of being citable. I don't want to see this document blocked on that work, so I cleared my discuss. However, I still think it would be a good idea to add some scoping text early in the document to the effect that this mechanism is intended for environments where some means of verifying that the signer is authoritative is available. (In addition to keeping the normative text in §7.2)
2018-05-17
05 Ben Campbell [Ballot Position Update] Position for Ben Campbell has been changed to Yes from Discuss
2018-05-17
05 Adam Roach Waiting on jwt-reg-review@ietf.org
2018-05-17
05 Adam Roach IESG state changed to IESG Evaluation::External Party from IESG Evaluation::AD Followup
2018-05-17
05 Adam Roach
This document is awaiting the conclusion of JWT review.

On 5/1/18, Amanda Baber via RT wrote: "If this document is going to be revised to …
This document is awaiting the conclusion of JWT review.

On 5/1/18, Amanda Baber via RT wrote: "If this document is going to be revised to request a JSON Web Token Claims registration, according to Section 10.1 of RFC 7519, the authors need to send that registration proposal to the jwt-reg-review@ietf.org mailing list for a three-week review."
2018-05-08
05 Tim Chown Request for Last Call review by OPSDIR Completed: Ready. Reviewer: Tim Chown. Sent review to list.
2018-05-04
05 Subir Das New version available: draft-ietf-stir-rph-05.txt
2018-05-04
05 (System) New version approved
2018-05-04
05 (System) Request for posting confirmation emailed to previous authors: Subir Das , Ray Singh , An Nguyen , Martin Dolly
2018-05-04
05 Subir Das Uploaded new revision
2018-05-02
04 Henrik Levkowetz Document shepherd changed to Russ Housley
2018-05-02
04 Henrik Levkowetz Notification list changed to Russ Housley <housley@vigilsec.com> from Russ Housley <rhousley@vigilsec.com>
2018-04-25
04 (System) Sub state has been changed to AD Followup from Revised ID Needed
2018-04-25
04 (System) IANA Review state changed to Version Changed - Review Needed from IANA - Not OK
2018-04-25
04 Subir Das New version available: draft-ietf-stir-rph-04.txt
2018-04-25
04 (System) New version approved
2018-04-25
04 (System) Request for posting confirmation emailed to previous authors: Subir Das , Ray Singh , An Nguyen , Martin Dolly
2018-04-25
04 Subir Das Uploaded new revision
2018-04-19
03 Cindy Morgan IESG state changed to IESG Evaluation::Revised I-D Needed from Waiting for Writeup
2018-04-19
03 Ignas Bagdonas [Ballot comment]
NO RECORD, ran out of time for reviewing this document.
2018-04-19
03 Ignas Bagdonas Ballot comment text updated for Ignas Bagdonas
2018-04-18
03 Alissa Cooper [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper
2018-04-18
03 Benjamin Kaduk
[Ballot comment]
I support Ben's discuss.

Thank you for working with the secdir reviewer to address those
comments; I think it will really improve the …
[Ballot comment]
I support Ben's discuss.

Thank you for working with the secdir reviewer to address those
comments; I think it will really improve the document.

In a similar vein, I wonder if this document would be easier to read
if it used less formal description terms for protocol elements that
are currently referred to by using the actual protocol element (with
quotes around the name).  For example, "SIP resource priority
header" instead of "'Resource-Priority' header field", or "priority
indicator" instead of "'namespace"."priority value"'.

I'm a little confused why the new registry created in Section 6.2 is
tied to the "resource priority header" (rph) name, when the discussion
in Section 5 has some potential envisioned use cases that are
broader than resource priority.

As Ben notes, there are some stale references.  Please double-check
the referred section numbers as well; in particular "Section 10.1 of
[4474bis]" does not exist in the only February-2017 verions of that
draft.

Section 7.2 uses "authority" in a couple of different senses; it
might be easier on the reader to refer to the authority (protocol
participant) as being "authoritative for the content of [stuff] that
it signs".
2018-04-18
03 Benjamin Kaduk [Ballot Position Update] New position, No Objection, has been recorded for Benjamin Kaduk
2018-04-18
03 Deborah Brungard [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard
2018-04-18
03 Martin Vigoureux [Ballot Position Update] New position, No Objection, has been recorded for Martin Vigoureux
2018-04-18
03 Terry Manderson [Ballot Position Update] New position, No Objection, has been recorded for Terry Manderson
2018-04-17
03 Suresh Krishnan [Ballot Position Update] New position, No Objection, has been recorded for Suresh Krishnan
2018-04-17
03 Alvaro Retana [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana
2018-04-16
03 Ben Campbell
[Ballot discuss]
Thanks for this work. I plan to ballot "yes", but I have a couple of points I think need to be discussed first. …
[Ballot discuss]
Thanks for this work. I plan to ballot "yes", but I have a couple of points I think need to be discussed first.

§4.2: " If the signature validation fails, the verification service should infer
  that the calling party is not authorized for ’Resource-Priority’ as
  indicated in the claim.  In such cases, the priority treatment for
  the associated communication service is handled as per the local
  policy."

I suspect there will be deployments where the node making these local policy decisions is downstream from the verifier. How do they know RPH verification failed? Should the verifier strip resource priority header fields for which validation failed?

§7.2:
  o  The verification of the signature MUST include means of verifying
      that the signer is authoritative for the signed content of the
      resource priority namespace in the PASSporT."

I gather the intent is to leave that means to local policy, or to be specified elsewhere. I think that's a problem from an interoperability standpoint. The verifier needs a way to know whether the authorizer is authoritative for the RPH. If we want authorizers and verifiers from different vendors to be able to interoperate, it seems like at least some mechanism needs to be standardized and possibly MTI.
2018-04-16
03 Ben Campbell
[Ballot comment]
General: It's probably worth updating the references to 4474bis and passport to their respective RFCs.

§3, 4th paragraph: The imbedding of ABNF in …
[Ballot comment]
General: It's probably worth updating the references to 4474bis and passport to their respective RFCs.

§3, 4th paragraph: The imbedding of ABNF in the middle of a paragraph is difficult to read. It would be helpful to separate that from the surrounding text in the conventional fashion.

§3, 5th paragraph and throughout: The repeated use of "r-value ="namespace "." priority value" is hard to read. Please consider giving that parameter construct a name, and using the name throughout.

§3, 7th paragraph: "The authority MUST use its credentials (i.e., CERT)"
Does "CERT" mean "Certificate"? I assume it's not "Computer Emergency Response Team".

§4.1 : A SIP authentication service typically will derive the value of "rph"
  from the ’Resource-Priority’ header field based on policy associated
  with service specific use of the "namespace "." priority value" for
  r-values based on [RFC4412].:
"Typically" usually implies "Most but not all of the time". Is that the intent?

§4.2, last paragraph: Am I correct to guess that this is talking about valid claims?
2018-04-16
03 Ben Campbell [Ballot Position Update] New position, Discuss, has been recorded for Ben Campbell
2018-04-16
03 Christian Huitema Request for Telechat review by SECDIR Completed: Has Nits. Reviewer: Christian Huitema. Sent review to list.
2018-04-15
03 Spencer Dawkins [Ballot Position Update] New position, Yes, has been recorded for Spencer Dawkins
2018-04-15
03 Alexey Melnikov [Ballot Position Update] New position, No Objection, has been recorded for Alexey Melnikov
2018-04-15
03 Eric Rescorla [Ballot Position Update] New position, No Objection, has been recorded for Eric Rescorla
2018-04-12
03 Mirja Kühlewind [Ballot Position Update] New position, No Objection, has been recorded for Mirja Kühlewind
2018-04-09
03 Adam Roach Ballot has been issued
2018-04-09
03 Adam Roach [Ballot Position Update] New position, Yes, has been recorded for Adam Roach
2018-04-09
03 Adam Roach Created "Approve" ballot
2018-04-09
03 Adam Roach Ballot writeup was changed
2018-04-06
03 (System) IESG state changed to Waiting for Writeup from In Last Call
2018-04-04
03 (System) IANA Review state changed to IANA - Not OK from IANA - Review Needed
2018-04-04
03 Sabrina Tanamal
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Services Operator has completed its review of draft-ietf-stir-rph-03. If any part of this review is inaccurate, please let …
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Services Operator has completed its review of draft-ietf-stir-rph-03. If any part of this review is inaccurate, please let us know.

The IANA Services Operator has a question about one of the actions requested in the IANA Considerations section of this document.

The IANA Services Operator understands that, upon approval of this document, there are two actions which we must complete.

First, in the Personal Assertion Token (PASSporT) registry located at:

https://www.iana.org/assignments/passport/

a single, new registration will be made as follows:

ppt value: rph
Reference: [ RFC-to-be ]

As this document requests registrations in a Specification Required (see RFC 8126) registry, we will initiate the required Expert Review via a separate request. If there is no expert designated for the registry, we will work with the IESG to have one assigned. Expert review will need to be completed before your document can be approved for publication as an RFC.

Second, a new registry is to be created called the rph types registry. The new registry has two fields: the name of the "rph type" and the reference. The registry is to be managed via Specification Required as defined in RFC 8126.

There is a single, initial registration in the new registry as follows:

rph type Reference
---------+---------------
auth [ RFC-to-be ]

IANA Question --> Where should this new registry be located? Should it be added to an existing registry page? If not, does it belong in an existing category at http://www.iana.org/protocols?

The IANA Services Operator understands that these are the only actions required to be completed upon approval of this document.

Note: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

Thank you,

Sabrina Tanamal
Senior IANA Services Specialist
2018-04-02
03 Brian Carpenter Request for Telechat review by GENART Completed: Ready. Reviewer: Brian Carpenter. Sent review to list.
2018-03-26
03 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Tim Chown
2018-03-26
03 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Tim Chown
2018-03-23
03 Amy Vezza IANA Review state changed to IANA - Review Needed
2018-03-23
03 Amy Vezza
The following Last Call announcement was sent out (ends 2018-04-06):

From: The IESG
To: IETF-Announce
CC: adam@nostrum.com, stir@ietf.org, rhousley@vigilsec.com, draft-ietf-stir-rph@ietf.org, stir-chairs@ietf.org …
The following Last Call announcement was sent out (ends 2018-04-06):

From: The IESG
To: IETF-Announce
CC: adam@nostrum.com, stir@ietf.org, rhousley@vigilsec.com, draft-ietf-stir-rph@ietf.org, stir-chairs@ietf.org, Russ Housley
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (PASSporT Extension for Resource-Priority Authorization) to Proposed Standard


The IESG has received a request from the Secure Telephone Identity Revisited
WG (stir) to consider the following document: - 'PASSporT Extension for
Resource-Priority Authorization'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2018-04-06. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the beginning of
the Subject line to allow automated sorting.

Abstract


  This document extends the Secure Telephone Identity Revisited (STIR)
  Personal Assertion Token (PASSporT) specification defined in
  [I-D.ietf-stir-passport] to allow the inclusion of cryptographically
  signed assertions of authorization for the values populated in the
  Session Initiation Protocol (SIP) 'Resource-Priority' header field,
  which is used for communications resource prioritization.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-stir-rph/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-stir-rph/ballot/


No IPR declarations have been submitted directly on this I-D.




2018-03-23
03 Amy Vezza IESG state changed to In Last Call from Last Call Requested
2018-03-23
03 Adam Roach Last call was requested
2018-03-23
03 Adam Roach Ballot approval text was generated
2018-03-23
03 Adam Roach Ballot writeup was generated
2018-03-23
03 Adam Roach IESG state changed to Last Call Requested from AD Evaluation::AD Followup
2018-03-23
03 Adam Roach Last call announcement was generated
2018-03-22
03 Jean Mahoney Request for Telechat review by GENART is assigned to Brian Carpenter
2018-03-22
03 Jean Mahoney Request for Telechat review by GENART is assigned to Brian Carpenter
2018-03-22
03 Tero Kivinen Request for Telechat review by SECDIR is assigned to Christian Huitema
2018-03-22
03 Tero Kivinen Request for Telechat review by SECDIR is assigned to Christian Huitema
2018-03-21
03 Adam Roach Placed on agenda for telechat - 2018-04-19
2018-03-09
03 Russ Housley Added to session: IETF-101: stir  Thu-0930
2018-02-28
03 Adam Roach
Given the excessive number of documents currently in last call, I'm going to wait last call on this document until after London, to give the …
Given the excessive number of documents currently in last call, I'm going to wait last call on this document until after London, to give the last-call queue some time to drain.
2018-02-01
03 (System) Sub state has been changed to AD Followup from Revised ID Needed
2018-02-01
03 Subir Das New version available: draft-ietf-stir-rph-03.txt
2018-02-01
03 (System) New version approved
2018-02-01
03 (System) Request for posting confirmation emailed to previous authors: Subir Das , Ray Singh , An Nguyen , Martin Dolly
2018-02-01
03 Subir Das Uploaded new revision
2018-01-19
02 Adam Roach AD Evaluation can be found at https://mailarchive.ietf.org/arch/msg/stir/C9PPWZ8nZ11Z2Df50XXjnfOkAwQ
2018-01-19
02 Adam Roach IESG state changed to AD Evaluation::Revised I-D Needed from AD Evaluation
2018-01-17
02 Adam Roach IESG state changed to AD Evaluation from Publication Requested
2018-01-04
02 Russ Housley
(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)?  Why
is this the proper type of RFC?  …
(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)?  Why
is this the proper type of RFC?  Is this type of RFC indicated in the
title page header?

  Standards track RFC is requested.  Yes, this appears on the
  title page of the Internet-Draft.

(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:

Technical Summary

  This document extends the STIR PASSporT specification to allow the
  inclusion of cryptographically-signed assertions of authorization
  for values that might appear in the SIP 'Resource-Priority' header
  field, which is used for communications resource prioritization.

Working Group Summary

  The STIR WG reached consensus, and there is strong support for
  publication of this document.

Document Quality

  Several people have expressed interest in implementing this
  specification.

Personnel

  Russ Housley is the Document Shepherd.
  Adam Roach is the Responsible Area Director.

(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready
for publication, please explain why the document is being forwarded to
the IESG.

  The document shepherd did a complete review of -01, and all items
  of concern were corrected with the posting of -02.

(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

  No concerns at all.

(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization? If so, describe the review that
took place.

  No additional review is needed.

(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the
IESG should be aware of? For example, perhaps he or she is uncomfortable
with certain parts of the document, or has concerns whether there really
is a need for it. In any event, if the WG has discussed those issues and
has indicated that it still wishes to advance the document, detail those
concerns here.

  No concerns at all.

(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed. If not, explain why.

  Each of the authors has confirmed that they are unaware of any
  IPR disclosures that need to be submitted.

(8) Has an IPR disclosure been filed that references this document?
If so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

  No IPR disclosures have been submitted against this document.

(9) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with it? 

  The STIR WG reached consensus, and there is strong support for
  publication of this document.

(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is publicly available.)

  No one has threatened to appeal or expressed discontent.

(11) Identify any ID nits the Document Shepherd has found in this
document. (See https://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist). Boilerplate checks are not enough; this check needs to be
thorough.

  IDnits raises one warning.  It is the result of a typo, not a
  serious problem.  IDnits could not find the reference in the
  body of the document to RFC 7340, but it appears on line 95 of
  the Internet-Draft.  There ought to be a space after the ']'.

(12) Describe how the document meets any required formal review
criteria, such as the MIB Doctor, media type, and URI type reviews.

  No additional formal review is needed for this document.

(13) Have all references within this document been identified as
either normative or informative?

  Yes, informative and normative references appear is separate
  sections in the document.

(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative
references exist, what is the plan for their completion?

  Two normative references are in the RFC Editor queue.

(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in
the Last Call procedure.

  There are no downrefs.

(16) Will publication of this document change the status of any
existing RFCs? Are those RFCs listed on the title page header, listed
in the abstract, and discussed in the introduction? If the RFCs are not
listed in the Abstract and Introduction, explain why, and point to the
part of the document where the relationship of this document to the
other RFCs is discussed. If this information is not in the document,
explain why the WG considers it unnecessary.

  No, publication of this document will not change the status of
  any other documents.

(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly
identified. Confirm that newly created IANA registries include a
detailed specification of the initial contents for the registry, that
allocations procedures for future registrations are defined, and a
reasonable name for the new registry has been suggested (see RFC 5226).

  The IANA considerations appear to be complete.

(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find
useful in selecting the IANA Experts for these new registries.

  No new IANA registries are created.  Two entries are added to
  existing IANA registries.

(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

  None is needed for this document.
2018-01-04
02 Russ Housley Responsible AD changed to Adam Roach
2018-01-04
02 Russ Housley IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up
2018-01-04
02 Russ Housley IESG state changed to Publication Requested
2018-01-04
02 Russ Housley IESG process started in state Publication Requested
2018-01-04
02 Russ Housley Changed document writeup
2018-01-04
02 Russ Housley Tag Revised I-D Needed - Issue raised by WGLC cleared.
2018-01-04
02 Russ Housley IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call
2018-01-04
02 Subir Das New version available: draft-ietf-stir-rph-02.txt
2018-01-04
02 (System) New version approved
2018-01-04
02 (System) Request for posting confirmation emailed to previous authors: Subir Das , Ray Singh , An Nguyen , Martin Dolly
2018-01-04
02 Subir Das Uploaded new revision
2017-12-19
01 Russ Housley Notification list changed to Russ Housley <rhousley@vigilsec.com>
2017-12-19
01 Russ Housley Document shepherd changed to Russ Housley
2017-12-19
01 Russ Housley Tag Revised I-D Needed - Issue raised by WGLC set.
2017-10-23
01 Russ Housley IETF WG state changed to In WG Last Call from WG Document
2017-10-23
01 Russ Housley Changed consensus to Yes from Unknown
2017-10-23
01 Russ Housley Intended Status changed to Proposed Standard from None
2017-09-14
01 Subir Das New version available: draft-ietf-stir-rph-01.txt
2017-09-14
01 (System) New version approved
2017-09-14
01 (System) Request for posting confirmation emailed to previous authors: Martin Dolly , Ray Singh , An Nguyen , Subir Das
2017-09-14
01 Subir Das Uploaded new revision
2017-07-16
00 Robert Sparks Added to session: IETF-99: stir  Wed-1330
2017-07-05
00 Robert Sparks This document now replaces draft-singh-stir-rph instead of None
2017-06-30
00 Subir Das New version available: draft-ietf-stir-rph-00.txt
2017-06-30
00 (System) New version approved
2017-06-30
00 Subir Das Request for posting confirmation emailed  to submitter and authors: Martin Dolly , An Nguyen , "Ray P. Singh" , Subir Das
2017-06-30
00 Subir Das Uploaded new revision