Re: [Last-Call] Secdir last call review of draft-ietf-sipcore-multiple-reasons-01
Joseph Salowey <joe@salowey.net> Tue, 18 October 2022 04:13 UTC
Return-Path: <joe@salowey.net>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6C0EC14F73F for <last-call@ietfa.amsl.com>; Mon, 17 Oct 2022 21:13:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.908
X-Spam-Level:
X-Spam-Status: No, score=-6.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=salowey-net.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BMToKrCJgK2u for <last-call@ietfa.amsl.com>; Mon, 17 Oct 2022 21:13:18 -0700 (PDT)
Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B63DC14F748 for <last-call@ietf.org>; Mon, 17 Oct 2022 21:13:18 -0700 (PDT)
Received: by mail-lj1-x235.google.com with SMTP id i21so13598030ljh.12 for <last-call@ietf.org>; Mon, 17 Oct 2022 21:13:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salowey-net.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=X9y8FtuDNwfW9hzw+fjZb8GBQZ+wZ9x8Z/woJfV18Lg=; b=B6IDKlnoVRpwrzZznNmO/6uclrEQs5K+gwX4oXqnp/9OlSy14ej9SWogm6QKAY9ZmZ fkoObunJ49DG5m43SmNyouKl0ZEQ6NA1E+W0aCy39Do5dy2+aKYAWSVwpbAIbJakettL ZyDJ5L5nXEZjAIdZopXH+8qQrsTSTEHkPj0UDwmHAGTvQncRjgFUz27wIG+PIy72//j2 S7QANHgaYbWGYM7+hJLQLKqWfAwwbewMGzkG557GgyXBjf+MRxPJmebi5B9JnJdYsAeV TdEMB5LL8ISctBx4MZh2XqPihPSawFUzEIsakg+bCIgWECxU6sv3jCmdsC93S8jcqqJ3 Wlpg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=X9y8FtuDNwfW9hzw+fjZb8GBQZ+wZ9x8Z/woJfV18Lg=; b=qM02o6/2+dxb9QTuhzNjfKYY1foDgcgomX3VjVFB3vMuXAWEOtqVzKRyXaGCx6T4Fq onVtdRydrcuASNB7awDdx9d8yFSzg6epzBdJyIpV0B1r5ClW1NcdSSxlMS28FnmxGvif EFQ36lO9zCmQDCzTHiM9F320vhfGedC5d/mFqtbUTbEog0jC+aPoftXaDiFnXnGTBF40 brkNBTdFeua58q8QtvIxD89sL4BkEAQlqEiWQefApQwP7h21dSPCkCW061dK/OaNod/J 4ZzVcoBdXUF54/EcaZxPDXspvHWSMhEn4u3tTzrAhReKqKTTIvv/2TO9hgWWI+OFxQGc jmtw==
X-Gm-Message-State: ACrzQf1BS7dlaKQ22rTX+gH4rm4iwYEadLn4Dg9H/baGdsHRf4xPvsPi Sxs0FQkDfAitccTd+62WM+Lwgex+ryz4VT3p6C2pdzr34xhE2w==
X-Google-Smtp-Source: AMsMyM5KSaq2fzk5kIqG4VIUkUrzb4BB7vBlkIn8yTqAhEHbJjBKqiKDunPW7j7U8GZHnOPnD2EjpkrNq9QN1iGnHd8=
X-Received: by 2002:a2e:ab0d:0:b0:26e:8a39:4cae with SMTP id ce13-20020a2eab0d000000b0026e8a394caemr378604ljb.138.1666066395979; Mon, 17 Oct 2022 21:13:15 -0700 (PDT)
MIME-Version: 1.0
References: <166448439782.48363.7718802219117889444@ietfa.amsl.com> <b11c97c9-0a22-3119-b1ca-d289e33a7563@nostrum.com>
In-Reply-To: <b11c97c9-0a22-3119-b1ca-d289e33a7563@nostrum.com>
From: Joseph Salowey <joe@salowey.net>
Date: Mon, 17 Oct 2022 21:13:03 -0700
Message-ID: <CAOgPGoAoMZph8_3RCz7O2JGPHKCDF9bSrkF7WmCsSvPuV0vMMQ@mail.gmail.com>
To: Robert Sparks <rjsparks@nostrum.com>
Cc: secdir@ietf.org, draft-ietf-sipcore-multiple-reasons.all@ietf.org, last-call@ietf.org, sipcore@ietf.org
Content-Type: multipart/alternative; boundary="000000000000b47c7f05eb474fc7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/0ICOHr4HFktYnxA_ht0CB0ZnxZQ>
Subject: Re: [Last-Call] Secdir last call review of draft-ietf-sipcore-multiple-reasons-01
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2022 04:13:19 -0000
Hi Robert, Thanks for your response. It sounds like this should be a source of many implementation issues. Cheers, Joe On Thu, Sep 29, 2022 at 3:33 PM Robert Sparks <rjsparks@nostrum.com> wrote: > > On 9/29/22 3:46 PM, Joseph Salowey via Datatracker wrote: > > Reviewer: Joseph Salowey > > Review result: Ready > > > > I have reviewed this document as part of the security directorate's > > ongoing effort to review all IETF documents being processed by the > > IESG. These comments were written primarily for the benefit of the > > security area directors. Document editors and WG chairs should treat > > these comments just like any other last call comments. > > > > The summary of the review is Ready > > > > I have one question. The document takes a field that previously held one > > reason and allows to hold multiple reasons. Since this behavior is only > allowed > > for protocols that define multiple reasons, it seems the exposure to > existing > > implementations would be small, however it's possible that this behavior > will > > leak > leak? > > into some existing cases. Do we have any implementation experience as to > > what existing implementations will do if the receive multiple reasons > that they > > do not expect? > > We tested having multiple values appear where they shouldn't in the > reason headers for the SIP protocol and IIRC Q.850 (be careful - I mean > "speaking about SIP in the reason header" as _all_ of this is carried in > the SIP protocol) at several SIPits (quite some time ago) and > implementations present did the right thing. > > For multiple reasons to start being expressed for one of the protocols > already defined, there would have to be a series of implementation errors. > > If by leak, you mean "a message with a new protocol value that allows > (and has) multiple Reason header field values lands on an older > implementation that doesn't understand reason headers with that new > protocol", then yes, we also tested sending unknown protocols in Reason > and existing implementations mostly ignored them as RFC3326 suggests. > The exception were some implementations that would _remove_ them when > forwarding, acting in ways that our standards don't define. There will > be plenty of motivation (see what STIR is using this for) to be sure > such implementations do the right thing with multiple reason headers for > defined protocols going forward. > > > > > Thanks, > > > > Joe > > > > >
- [Last-Call] Secdir last call review of draft-ietf… Joseph Salowey via Datatracker
- Re: [Last-Call] Secdir last call review of draft-… Robert Sparks
- Re: [Last-Call] Secdir last call review of draft-… Joseph Salowey