Rfc4474bis-03 IETF 92 (Texas) STIR WG Jon. First principles (yet again) Separating the work into two buckets: 1) Signaling – What fields are signed, signer/verifier.

Slides:



Advertisements
Similar presentations
Rfc4474bis-01 IETF 89 (London) STIR WG Jon & Cullen.
Advertisements

An Overview.  Worth 60 credits – that’s one third of the whole MSc!  Worth even more than that……..  It is used to determine final awards  Nobody gets.
BINOMIAL EXPANSION – REFLECTION BY: KHALIFA AL THANI.
STIR Credentials IETF 88 (Vancouver) Wednesday Session Jon & Hadriel.
RFC4441rev status as of IETF 86 Spencer Dawkins
Identity in SIP (and in-band) STIR BoF Berlin, DE 7/30/2013.
SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13,
How this project meets business objective.
Excel 2007 Part (2) Dr. Susan Al Naqshbandi
Hook, Housekeeping & Homework Monday-Thursday Have out your choice book and begin quietly reading! If you present today, you may spend the reading minutes.
David A. Bryan, PPSP Workshop, Beijing, China, June 17th and 18th 2010 Tracker Protocol Proposal.
Update: Security Work at W3C Thomas Roessler, W3C (channelled by:
DKIM Reporting Murray S. Kucherawy. The Problems to Solve Senders want to know when their brands are being violated –Mail being forged as coming from.
Cornell Notes Key Ideas Main Points Titles of Powerpoint Slides Vocabulary Words Detailed information Definitions of Words Example problems This is YOUR.
STIR Charter (discussion) STIR BoF Berlin, DE 7/30/2013.
Draft-rosen-ecrit-emergency- framework-00 Brian Rosen NeuStar CPa
Credentials Roadmap STIR WG IETF 90 (Toronto) Sean Turner
Investigational Work Following through and seeing the steps and paths that MAY be taken.
Certificate Credentials STIR WG IETF 91 (Honolulu) Sean Jon.
What makes for a quality RFC? An invited talk to the MPLS WG Adrian Farrel IETF-89 London, March 2014.
STIR Problem Statement IETF 88 (Vancouver) Tuesday Session Jon Peterson.
Enterprise IPv6 Transition Analysis IETF 62 IPv6 Operations Working Group March 7-11, 2005 Minneapolis, MN Presenter Jim Bound Jim Bound (Editor), Yanick.
1 Virtual Router Redundancy Protocol (VRRP) San Francisco IETF VRRP Working Group March 2003 San Francisco IETF Mukesh Gupta / Nokia Chair.
Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.
Mrs. Fawcett Room 223 Chemistry. Rules Be on time and in uniform Eat before you get here No distractions (cards, music, games, cell phones, etc.) Treat.
Rfc4474bis-01 IETF 90 (Toronto) STIR WG Jon. First principles (yet again) Separating the work into two buckets: 1) Signaling – What fields are signed,
1 IETF 88 (Vancouver) November 6, 2013 Cullen Jennings V3.
Class Discussion Boards. This is a tour of Manhattan’s Class Discussion Board Module. You’ll find that although there are lots of different ‘modules’
RADEXT WG RADIUS Attribute Guidelines Greg Weber March 21 st, 2006 IETF-65, Dallas v1 draft-weber-radius-attr-guidelines-02.txt draft-wolff-radext-ext-attribute-00.txt.
SIP PUBLISH Method Jonathan Rosenberg dynamicsoft.
IETF68 DIME WG Open Issues for RFC3588bis Victor Fajardo (draft-ietf-dime-rfc3588bis-02.txt)
1 Network Selection Problem Definition Draft-ietf-eap-netsel-problem-01.txt Jari Arkko Bernard Aboba.
Adiabatic Quantum Computing Josh Ball with advisor Professor Harsh Mathur Problems which are classically difficult to solve may be solved much more quickly.
Click to edit Master title style Click to add subtitle © 2008 Wichorus Inc. All rights reserved. CONFIDENTIAL - DO NOT DISTRIBUTE rfc3775bis Issues November.
Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.
History-Info header and Support of target-uri Solution Requirements Mary Barnes Francois Audet SIPCORE.
MODERN BoF Managing, Ordering, Distributing, Exposing, and Registering telephone Numbers IETF 92.
Draft-peterson-modern- problems-04 Jon Peterson MODERN WG IETF 95 (Buenos Aires)
SIP Working Group IETF Chairs -- Rohan MAHY Dean WILLIS.
End-to-middle Security in SIP
draft-rescorla-fallback-01
Customizable Back-to-School Social Narrative Template
EAP State Machines (draft-vollbrecht-eap-state-04.txt,ps)
STIR WG / IETF 94 Yokohama, Nov 2015 Jon
TeRI and the MODERN Framework
TITLE Student Name and Date.
Request History Capability – Requirements & Solution
Improving Security of Real-time Communications
Jari Arkko Bernard Aboba
The need for better security considerations guidance
Facing Problem with Hulu on Android and iPhone Device? (Check Here)
Proposed ATIS Standard for Signing of SIP RPH
RFC PASSporT Construction 6.2 Verifier Behavior
Sparse and Redundant Representations and Their Applications in
RFC PASSporT Construction 6.2 Verifier Behavior
RFC PASSporT Construction 6.2 Verifier Behavior
ELECTRONIC MAIL SECURITY
ELECTRONIC MAIL SECURITY
IETF 101 (London) STIR WG Mar2018
STIR WG IETF-100 PASSPorT Extension for Resource-Priority Authorization (draft-ietf-stir-rph-01) November, 2017 Ray P. Singh, Martin Dolly, Subir Das,
Change Proposals for SHAKEN Documents
European Forest Accounts – Improvements to the questionnaire proposed by Eurostat Marilise Wolf-Crowther, E.2 WG Forestry FEB 2018.
RFC Verifier Behavior Step 4: Check the Freshness of Date
PLAN PREPARATION BASICS STATEMENT OF ESTIMATED QUANTITIES (SEQ)
Synonymous Flow Labels
STIR Certificate delegation
Proposed Changes to STI-VS "iat" freshness check
STIR / SHAKEN for 911 use of SHAKEN 8/7/2019
draft-ietf-stir-oob-02 Out of Band
IETF 102 (Montreal) STIR WG Jul 2018
Presentation transcript:

rfc4474bis-03 IETF 92 (Texas) STIR WG Jon

First principles (yet again) Separating the work into two buckets: 1) Signaling – What fields are signed, signer/verifier behavior, canonicalization 2) Credentials – How signers enroll, how verifiers acquire credentials, how to determine a credential’s authority for identity rfc4474bis is our signaling solution – But contains guidance for specifications of (2)

What we did since -02 Deleted a good deal of legacy text – Also, tried to eliminate some cross-referencing – Probably more optimization to be done here Lowered Date threshold to one minute – Consistently, we hope Fixed the mandatory signature over a=fingerprint – Now should support multiple fingerprints, when needed Fingerprints are concatenated in alphanumeric order – Is that our best idea? Improved “canon” text – Still some to discuss here

Open issues: On “canon” Last time we talked about canonizing To – Without it, if To: changes, verifiers could fail – Plan: canon=t: ;f: What about mixed cases? – From is a greenfield URI, To is a TN Or vice versa Proposal: either t: or f: or both may be present in “canon: Written up in my -04

Open Issues: Signing PAI Sometimes, a TN lives in PAI (RFC3325) – This is regrettable Easy out: – Allow “canon” to reflect the PAI – In PAI-using networks, the recipient could know what to do – Of course, if PAI is chopped off, and “canon” remains… Good idea? Hidden problems? Also, is this a slippery slope? – Lots of numbers in different places in 3GPP specs

Signing anything else CNIT and extensibility in general Typically in security mechanisms, the less the better If we want STIR’s signature to cover CNIT, what’s the best way to leave that door open? – Not clear which header we’d be signing yet, or what parsing needed Could have another field with an extensibility mechanism defined – Similar in style to Identity-Reliance – Best idea: we would create a blank CNIT will fill in

Anything else? Some more organizational work could be done Last call this, or wait?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.