[Dime] FW: Secdir review of draft-ietf-dime-priority-avps-05
"Romascanu, Dan (Dan)" <dromasca@avaya.com> Thu, 01 December 2011 12:28 UTC
Return-Path: <dromasca@avaya.com>
X-Original-To: dime@ietfa.amsl.com
Delivered-To: dime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B73D21F8BBB for <dime@ietfa.amsl.com>; Thu, 1 Dec 2011 04:28:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.285
X-Spam-Level:
X-Spam-Status: No, score=-103.285 tagged_above=-999 required=5 tests=[AWL=0.314, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CBae-BU4Be5S for <dime@ietfa.amsl.com>; Thu, 1 Dec 2011 04:28:25 -0800 (PST)
Received: from de307622-de-outbound.net.avaya.com (de307622-de-outbound.net.avaya.com [198.152.71.100]) by ietfa.amsl.com (Postfix) with ESMTP id 60DDD21F8BB8 for <dime@ietf.org>; Thu, 1 Dec 2011 04:28:25 -0800 (PST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ArgAAPFx107GmAcF/2dsb2JhbAA6CppVkB2BBYFyAQEBAQMBAQEPHgoNJxcGAQgNBAQBAQsGCQIBCwEHJh8HAQEFBAEEEwgah22YE4QUjUuOEgSHbBgYgiFjBJo6jDA
X-IronPort-AV: E=Sophos;i="4.71,277,1320642000"; d="scan'208";a="279962360"
Received: from unknown (HELO co300216-co-erhwest.avaya.com) ([198.152.7.5]) by de307622-de-outbound.net.avaya.com with ESMTP; 01 Dec 2011 07:28:23 -0500
Received: from unknown (HELO 307622ANEX5.global.avaya.com) ([135.64.140.12]) by co300216-co-erhwest-out.avaya.com with ESMTP; 01 Dec 2011 07:26:20 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Thu, 01 Dec 2011 13:28:21 +0100
Message-ID: <EDC652A26FB23C4EB6384A4584434A0405AD5E29@307622ANEX5.global.avaya.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Secdir review of draft-ietf-dime-priority-avps-05
Thread-Index: AcxHTu34hXvg7biARZewSRVBSgbUbxoYjJ/wABzk3SA=
From: "Romascanu, Dan (Dan)" <dromasca@avaya.com>
To: dime@ietf.org
Subject: [Dime] FW: Secdir review of draft-ietf-dime-priority-avps-05
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dime>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Dec 2011 12:28:26 -0000
-----Original Message----- From: ietf-bounces@ietf.org [mailto:ietf-bounces@ietf.org] On Behalf Of Stephen Hanna Sent: Thursday, December 01, 2011 1:14 AM To: ietf@ietf.org; secdir@ietf.org; draft-ietf-dime-priority-avps.all@tools.ietf.org Subject: Secdir review of draft-ietf-dime-priority-avps-05 I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This standards track document defines Diameter AVPs that can be used to convey a variety of priority parameters. In July 2011, I conducted a secdir review of a previous revision of this document (-04) and found that the Security Considerations section was inadequate because it did not include any analysis of the specific security issues related to priority systems. I'm pleased to say that the authors have attempted to address this issue in their new draft. They added a reference to the Security Considerations section of RFC 5866, which is thorough and sound. In addition, they explicitly identify one threat: unauthorized changes to QoS parameters in transit. However, the countermeasure proposed is confusing. The document now says "integrity protected values SHOULD be ignored". I would expect the reverse. Values that are not integrity protected SHOULD be ignored. Am I wrong? I'm concerned that the other threats described in RFC 5866 are not addressed in this document. Lack of authentication and confidentiality protection for QoS parameters can have serious negative impacts, as described in RFC 5866. In the IETF spirit of "send text", I suggest the following paragraph be added to the Security Considerations section of this draft: As described in [RFC5866], failure to provide adequate authentication and confidentiality protection for QoS parameters may result in serious failures that undermine the very purpose of QoS. Countermeasures such as Diameter communication security should be employed as appropriate. I will supply a further optional suggestion to clarify the text recently added regarding integrity. I recommend that the first paragraph of the Security Considerations section be stripped to just its first sentence and that the following paragraph be used in place of the new text that was added at the end of that paragraph: The values in the AVPs defined in this draft are not supposed to be changed by any of the Diameter servers or any other intermediaries. In fact, changes to these AVPs in transit could result in serious problems such as inability to complete high-priority emergency phone calls. Therefore, source integrity protection SHOULD be employed for those AVPs (e.g., the use of S/MIME with the SIP RPH, or an INTEGRITY object within a POLICY_DATA object). The text that I wrote may well be incorrect or misguided. I'm just trying to provide helpful suggestions from a security perspective. If the authors would like to have a further chat about this topic, I'd be glad to do so. And if they want to keep the text that they added on integrity protection, that's OK. I just found it a bit lacking in describing the threat and its consequences and in providing an effective countermeasure. Thanks, Steve _______________________________________________ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
- [Dime] FW: Secdir review of draft-ietf-dime-prior… Romascanu, Dan (Dan)