Automatic IETF Minutes

Markdown Version | Session Recording

Session Date/Time: 08 Nov 2022 13:00

# stir

## Summary

The STIR working group meeting at IETF 115 covered the status of several drafts, including those up for ISG consideration, and discussed potential adoption and progress on drafts related to connected identity, out-of-band mechanisms, and OCSP stapling. A key discussion revolved around simplifying the connected identity draft and the potential for combining the OCSP and OCSP stapling drafts.

## Key Discussion Points

*   **ISG Agenda Documents:** Three documents are on the ISG agenda for December 1st. Minor normative and editorial changes were discussed, including clarifications on URI references, string digest calculations, and compact form.
*   **Provider OOB:** Update needed; last update was in April. A working group last call will be initiated after an update.
*   **Connected Identity:** A new version of the draft was presented, pivoting to allowing identity headers in responses and introducing a new passport type (RSP).  Discussion centered on the complexities and potential lack of widespread use, but also on potential benefits in specific use cases (e.g., banking, secure media).  Concerns were raised about handling mismatches in connected identity and potential user experience challenges. The working group explored use cases that rely on criticality. From Change (RFC 4916) mechanism will be dropped.
*   **Out-of-Band Mechanisms:** The service provider OOB draft is descriptive of emerging enterprise practices.  There were calls to move this document to last call, recognizing the potential international interest.
*   **OCSP Stapling:** Discussion focused on the trade-offs between originating-side stapling and terminating-side OCSP queries. The working group discussed pre-caching staples versus fetching them during call setup. Concerns were raised about passport size increases. Alternative approaches like bloom filters were mentioned.  Considerations were given on short-lived certs versus stapling, as well as data breach managment.

## Decisions and Action Items

*   **Connected Identity:** The working group agreed to remove the From Change mechanism from the Connected Identity draft (RFC 4916).
*   **OCSP Stapling:** The working group decided to recombine the OCSP and OCSP Stapling drafts into a single document focusing on OCSP stapling as the primary mechanism.
*   **Provider OOB:**  Chair will begin Working Group Last Call as soon as practical.
*   **Connected Identity and OCSP**: Further discussion is needed on the mailing list regarding short-lived certs versus OCSP and security analysis of Connected Identity.

## Next Steps

*   The Connected Identity draft will be updated to reflect the removal of the From Change mechanism.
*   The OCSP and OCSP Stapling drafts will be merged.
*   Continued discussion on the mailing list on short-lived certs versus OCSP and security analysis.
*   Update the provider OOB draft.
*   Start WG last call for provider OOB.