[Ecrit] RE: Review of phonebcp and framework
"Brian Rosen" <br@brianrosen.net> Wed, 19 September 2007 21:06 UTC
Return-path: <ecrit-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IY6kb-0002Vx-JC; Wed, 19 Sep 2007 17:06:25 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IY6ka-0002Vi-5h for ecrit@ietf.org; Wed, 19 Sep 2007 17:06:24 -0400
Received: from ebru.winwebhosting.com ([74.52.236.50]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IY6kY-0006ap-TC for ecrit@ietf.org; Wed, 19 Sep 2007 17:06:24 -0400
Received: from [209.173.53.233] (helo=BROSLT41xp) by ebru.winwebhosting.com with esmtpa (Exim 4.68) (envelope-from <br@brianrosen.net>) id 1IY6kL-0003xv-J9; Wed, 19 Sep 2007 16:06:09 -0500
From: Brian Rosen <br@brianrosen.net>
To: 'Richard Barnes' <rbarnes@bbn.com>, 'ECRIT' <ecrit@ietf.org>, "'James M. Polk'" <jmpolk@cisco.com>, 'Henning Schulzrinne' <hgs@cs.columbia.edu>, 'Andrew Newton' <andy@hxr.us>
References: <46BC984B.6050207@bbn.com>
Date: Wed, 19 Sep 2007 17:06:19 -0400
Message-ID: <10ff01c7fb00$eea793c0$640fa8c0@cis.neustar.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
Thread-Index: AcfbbzYr3Pvx2FhhSOGF2+9e0KHUSAfeGmww
In-Reply-To: <46BC984B.6050207@bbn.com>
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - ebru.winwebhosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - brianrosen.net
X-Source:
X-Source-Args:
X-Source-Dir:
X-Spam-Score: 0.0 (/)
X-Scan-Signature: c1c65599517f9ac32519d043c37c5336
Cc:
Subject: [Ecrit] RE: Review of phonebcp and framework
X-BeenThere: ecrit@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: ecrit.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ecrit@ietf.org>
List-Help: <mailto:ecrit-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=subscribe>
Errors-To: ecrit-bounces@ietf.org
Thank you for your comments on these documents. I will be releasing new versions of both today. I have resolved all of them except as noted below: > * One threat that's not addressed is the one introduced by phonebcp's > recommendations about call termination, namely that if a phone gets a > call from another AOR in the same domain as the PSAP, then it should > drop its current call and take the new one. This policy introduces a > denial of service attack: An attacker can send an INVITE with a spoofed > AoR and force emergency callers to disconnect from PSAPs. How were the > authors thinking about dealing with this? The text is now very specific about when you do that. It only occurs if have an active emergency call, the session timer is running, you hang up, and you get a call back from the domain that answered the original call. That's a very small window from a spoofed domain. > > * References to draft-rosen-iptel-dialstring should be to RFC 4967. > However, I think tel: URIs are appropriate in this case. The reference is fixed. The text now says MUST dial string and SHOULD tel. Tel is not appropriate in this case; it is neither a global number nor a local number. It is in fact a dial string. > >For endpoints with multiple types of network interfaces (such as >an Ethernet jack and a WiFi connection), serious incompatibilities would >ensue unless every network >supported every protocol, or alternatively, every device supported >every protocol. The text says every device supports every protocol. Did you miss that? The text is clearer now in any case. The device supports all, the network supports at least one. >instead of dial strings>Use the "tel:" URI scheme here. RFC 3966 allows for numbers that >are not globally routable. But it's not a telephone number, it is a dial string. We translate it to a URI. As above, the text now says tel SHOULD be accepted. ><security considerations>This section is very incomplete, largely because the relevant >security mechanisms don't exist - they're being worked now by the GEOPRIV >working group. Recommend removing for now; replace with a reference to >draft-barnes-geoprivlo-sec and draft-ietf-ecrit-security-threats. I did that, but it seems like a cop-out. I'd like some more comments from other work group members (and maybe A-Ds, and maybe asking for a security directorate reviewer) on the ability to do that. Note the editors note in the section. _______________________________________________ Ecrit mailing list Ecrit@ietf.org https://www1.ietf.org/mailman/listinfo/ecrit
- [Ecrit] Review of phonebcp and framework Richard Barnes
- AW: [Ecrit] Review of phonebcp and framework Tschofenig, Hannes
- Re: AW: [Ecrit] Review of phonebcp and framework Richard Barnes
- [Ecrit] RE: Review of phonebcp and framework Brian Rosen