IETF Logo Mail Archive

Re: [Dime] Alissa Cooper's Discuss on draft-ietf-dime-rfc4006bis-08: (with DISCUSS and COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Wed, 23 May 2018 15:46 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: dime@ietfa.amsl.com
Delivered-To: dime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3EAE12E3AE; Wed, 23 May 2018 08:46:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id htL3WwC-s0Cz; Wed, 23 May 2018 08:46:45 -0700 (PDT)
Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC61D12711E; Wed, 23 May 2018 08:46:43 -0700 (PDT)
X-AuditID: 12074423-37bff70000006ce2-d9-5b058ce0576f
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id 08.89.27874.1EC850B5; Wed, 23 May 2018 11:46:41 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id w4NFkco4013419; Wed, 23 May 2018 11:46:39 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w4NFkXoH021941 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 23 May 2018 11:46:36 -0400
Date: Wed, 23 May 2018 10:46:33 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Ben Campbell <ben@nostrum.com>
Cc: Alissa Cooper <alissa@cooperw.in>, "Bertz, Lyle T [CTO]" <Lyle.T.Bertz@sprint.com>, "dime-chairs@ietf.org" <dime-chairs@ietf.org>, "dime@ietf.org" <dime@ietf.org>, IESG <iesg@ietf.org>, "draft-ietf-dime-rfc4006bis@ietf.org" <draft-ietf-dime-rfc4006bis@ietf.org>
Message-ID: <20180523154633.GB32807@kduck.kaduk.org>
References: <152698725939.7754.12532481695345574563.idtracker@ietfa.amsl.com> <50deaa6d510944beafa49868eea7a6b1@plswe13m04.ad.sprint.com> <48C95314-5F5D-4CFC-963B-36017BB364A1@nostrum.com> <0e9e72c11cde4097b9d698327882be42@plswe13m04.ad.sprint.com> <DF6A2B6E-A8FE-439C-B321-B54CC9C1006E@cooperw.in> <E2D7F2F5-E45D-4B38-8668-D433CB8CE10A@nostrum.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <E2D7F2F5-E45D-4B38-8668-D433CB8CE10A@nostrum.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrGKsWRmVeSWpSXmKPExsUixCmqrPuwhzXa4OF5Q4vpZ/4yWszvPM1u sfZgmsXc3hVsFksmTmC1mPFnIrPFx/VnWRzYPb48ecnksWTJTyaPWTufsHi0XdrNHMASxWWT kpqTWZZapG+XwJVxaPV5loIHPBV9X1sYGxjbuboYOTgkBEwk9uyr7mLk4hASWMwkse34LmYI ZyOjxJy759ghnKtMEgv27APKcHKwCKhKPH/0iA3EZhNQkWjovgwWFxFQknjevJUFpIFZYC2T xK9Hf1lAEsICWRKrVkwCs3mB1k34uJAVYupzJontK6dAJQQlTs58AmYzC6hL/Jl3iRnkPmYB aYnl/zggwvISzVtngy3jFLCXuNHynR3EFhVQltjbd4h9AqPgLCSTZiGZNAth0iwkkxYwsqxi lE3JrdLNTczMKU5N1i1OTszLSy3SNdPLzSzRS00p3cQIig52F+UdjC/7vA8xCnAwKvHwamSw RguxJpYVV+YeYpTkYFIS5S2rBwrxJeWnVGYkFmfEF5XmpBYfYpTgYFYS4f3YCJTjTUmsrEot yodJSXOwKInz5ixijBYSSE8sSc1OTS1ILYLJynBwKEnw6gKTgJBgUWp6akVaZk4JQpqJgxNk OA/QcF6QGt7igsTc4sx0iPwpRkUpcd533UAJAZBERmkeXC8oeUlk7695xSgO9IowbyZIOw8w 8cF1vwIazAQ0+OJyZpDBJYkIKakGxqmlHqrX7hhPOS2Yeb9/XfI8jY++v71OTHi68N+nhz8S Dq2Wkbm22GOFwrYNuy9vts/4/vXXPxVGi31yU7auFec++dxVPmBr2QXfY6k5Xy3XKu6LXPTq Q/z8Kdqr5x1OZNaX/tD59eDrfQ3HFK7Y7lcoi+B5se+dyffn9pbcmSbLfVKXL3G3v8ysxFKc kWioxVxUnAgAdXol9DkDAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/dime/G08PVxfI8tWEB08Ok2izpow090I>
Subject: Re: [Dime] Alissa Cooper's Discuss on draft-ietf-dime-rfc4006bis-08: (with DISCUSS and COMMENT)
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dime/>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2018 15:46:47 -0000

On Wed, May 23, 2018 at 10:43:20AM -0500, Ben Campbell wrote:
> 
> 
> > On May 23, 2018, at 10:07 AM, Alissa Cooper <alissa@cooperw.in> wrote:
> > 
> >>>> 
> >>>> = Section 15.1 =
> >>>> 
> >>>> "Redirect-Server-Address AVP: the service-provider may embed
> >>>>      personal information on the subscriber in the URL/I (e.g. to
> >>>>      create a personalized message)."
> >>>> 
> >>>> This seems like a bad idea that, if it's going to be mentioned, should be
> >>> recommended against.
> >>>> 
> >>>>> Makes sense.  I would recommend add the sentence "However, this is
> >>> not recommended.”
> >>> 
> >>> It’s also commonly done, isn’t it? I think the point is to mention that the AVP
> >>> is sensitive because people might do this, not to offer permission. There’s
> >>> already text recommending against directly using personal information.
> >>> Would it help to change “may” to “might”? to avoid any semblance of
> >>> “permission”?
> >>> 
> >>> Some of the other AVPs likely carried in the same message are going to have
> >>> personally identifiable information one way or another (i.e. Subscription-ID).
> >>> 
> > 
> > What I was thinking was more that this potentially makes the URLs guessable in such a way that attackers accessing them could obtain personal information about any subscriber whose name they know. Is that not a concern?
> > 
> 
> That’s a very good point. Would it help to add some guidance to make these hard to guess along with the existing text about not adding user identifying information?

That seems worth doing.

Thanks,

Benjamin

v2.23.0 | Report a Bug | By Email