IETF Logo Mail Archive

Re: [apps-discuss] APPSDIR review of draft-ietf-insipid-session-id-reqts-08

"Paul E. Jones" <paulej@packetizer.com> Wed, 25 September 2013 00:47 UTC

Return-Path: <paulej@packetizer.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AD9D11E819B; Tue, 24 Sep 2013 17:47:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f+kRwrRrj6pG; Tue, 24 Sep 2013 17:47:12 -0700 (PDT)
Received: from dublin.packetizer.com (dublin.packetizer.com [75.101.130.125]) by ietfa.amsl.com (Postfix) with ESMTP id 9212211E819A; Tue, 24 Sep 2013 17:47:12 -0700 (PDT)
Received: from [192.168.1.20] (rrcs-98-101-148-48.midsouth.biz.rr.com [98.101.148.48]) (authenticated bits=0) by dublin.packetizer.com (8.14.5/8.14.5) with ESMTP id r8P0l6Z0007371 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 24 Sep 2013 20:47:07 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=packetizer.com; s=dublin; t=1380070028; bh=n73/Ip7dNOFO6M3kpDsWJR6CEt4YGheX8PbrRenKq3Y=; h=From:To:Subject:Cc:Date:Content-Transfer-Encoding:Content-Type: In-Reply-To:Message-Id:Mime-Version:Reply-To; b=iI9I8LrX1vPEBWFbuix0N2UWV86PMIJlp4UC+Hnvtr1F3nL2PWTdAMs0pkuCKnFGe L98wcyqoCeElq2Z0n74GB4PQYH5S5JqG+BUkSQjn3YvGNKg+gzgUBEsdMPgohSfJeu qGPAjdiILAvQ/3uwpYdM/hsPGBaGKjRegpZvrm4E=
From: "Paul E. Jones" <paulej@packetizer.com>
To: "Vijay K. Gurbani" <vkg@bell-labs.com>
Date: Wed, 25 Sep 2013 00:47:12 +0000
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; format="flowed"; charset="utf-8"
In-Reply-To: <52405E5B.7080207@bell-labs.com>
Message-Id: <em88c5753f-e9a3-4d3e-89bc-69e8596ba6dc@sydney>
Mime-Version: 1.0
User-Agent: eM_Client/5.0.18661.0
Cc: draft-ietf-insipid-session-id-reqts.all@tools.ietf.org, 'James Polk' <jmpolk@cisco.com>, 'IESG IESG' <iesg@ietf.org>, apps-discuss@ietf.org
Subject: Re: [apps-discuss] APPSDIR review of draft-ietf-insipid-session-id-reqts-08
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: "Paul E. Jones" <paulej@packetizer.com>
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Sep 2013 00:47:17 -0000

Vijay,

Thanks for the additional feedback.  I will consult with a few of the 
folks in the WG to see how we can best address your points.

Paul

------ Original Message ------
From: "Vijay K. Gurbani" <vkg@bell-labs.com>
To: "Paul E. Jones" <paulej@packetizer.com>
Cc: draft-ietf-insipid-session-id-reqts.all@tools.ietf.org; "'James 
Polk'" <jmpolk@cisco.com>; "'IESG IESG'" <iesg@ietf.org>; 
apps-discuss@ietf.org
Sent: 9/23/2013 11:29:31 AM
Subject: Re: [apps-discuss] APPSDIR review of 
draft-ietf-insipid-session-id-reqts-08
>On 09/20/2013 04:07 PM, Paul E. Jones wrote:
>>Vijay,
>>
>>(My email client did not format that well. Let me try to correct 
>>that...)
>>
>>I apologize for taking so long to get back to you. This has been an
>>extremely busy week for me.
>
>Paul: No problem. Please see inline.
>
>>I understand. I wasn't trying to be combative. Rather, I'm just
>>stating that I'm not sure what more is needed. Please don't assume I
>>was being argumentative, as that certainly was not the intent.
>
>No worries; I just wanted to make sure that if you made any changes,
>they would be driven by what you would also consider actual problems,
>and not driven by just trying to placate me :-)
>
>>I cannot recall who introduced that language into that text, but the
>>desire would be prevent two things: [...]
>>The proposed remedies in that paragraph are to mandate REQ6 and
>>encourage encryption.
>
>Right, it is the "encourage encryption" part that I think should garner
>some attention. One way to do so is suggested below.
>
>>REQ5 does not, in itself, assume or require some kind of security. In 
>>a
>>trusted service provider network, for example, the value might be
>>inserted at the edge by an SBC and no encryption used through the
>>service provider domain.
>
>SIP has developed this notion of a trust domain as a set of SIP nodes,
>including B2BUAs, that are trusted to exchange some private information
>among (and between) themselves. This function goes by the wonderful
>name of Spec(T) and is fully defined in rfc3324. Other pieces of work
>[1,2] that forsee a need to define a trust domain simply use the
>Spec(T) function to do so.
>
>>The required security differs based on the environment. As I mentioned
>>above, a service provider domain may have minimal internal security
>>requirements, placing all security at the edge. Likewise, the issues
>>related to the Session-ID are not unlike those of the Call-ID. In 
>>fact,
>>an attack on the Call-ID or "To" header in SIP is far more problematic
>>than an attack on the Session-ID. So, while I think most real-world
>>implementations of SIP (ignoring Session-ID) should use TLS, at the 
>>very
>>least, we cannot insert a requirement for use of any particular 
>>security
>>mechanism.
>
>The Spec(T) mechanism at least allows you to state that you have
>thought of the security ramifications of the header being sent out in
>cleartext, and therefore, domains that wish to exchange the header in
>non cleartext format should comply to Spec(T). You can define Spec(T)
>as is done in [1], without having to delve into the mandating TLS or
>choosing cipher specs for TLS.
>
>It seems appropriate that if we know that usurping the session
>identifier will lead to problems then we at least try to provide a way
>to mitigate these problems without mandating specific security 
>policies.
>I think Spec(T) allows you to do so.
>
>Regarding the statement that an attack on the Call-ID or "To" header
>being more disruptive than an attack on Session-ID, sure I agree. But
>at least we have rfc4474 to mitigate that (I understand it is not used
>widely, but it *is* there).
>
>>I do not disagree, but I cannot insert a requirement into this text 
>>that
>>says TLS must be used. There may be folks who would oppose that. I
>>think the particular means through which the requirements are met 
>>should
>>be spelled out only in the solution text. If you really disagree, we
>>can go back to the WG and raise the point. I certainly have no
>>objection to that.
>
>I am not privy to the discussions that happened in the working group
>along making TLS mandatory. But from your description it seems that
>the working group does not want to mandate it. Maybe couching the
>security aspects in terms of Spec(T) will suffice?
>
>[1] See Section 5.4 of 
>http://tools.ietf.org/html/draft-ietf-soc-load-control-event-package-09
>[2] 
>http://tools.ietf.org/html/draft-vanelburg-dispatch-private-network-ind-02
>
>Thanks,
>
>- vijay
>-- Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent
>1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60563 (USA)
>Email: vkg@{bell-labs.com,acm.org} / vijay.gurbani@alcatel-lucent.com
>Web: http://ect.bell-labs.com/who/vkg/ | Calendar: http://goo.gl/x3Ogq

v2.23.0 | Report a Bug | By Email