IETF Logo Mail Archive

Re: [Rum] [EXT] RUM security model

Paul Kyzivat <pkyzivat@alum.mit.edu> Thu, 22 October 2020 15:33 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: rum@ietfa.amsl.com
Delivered-To: rum@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 324913A1047 for <rum@ietfa.amsl.com>; Thu, 22 Oct 2020 08:33:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level:
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.247, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7LhyQvvS_xFQ for <rum@ietfa.amsl.com>; Thu, 22 Oct 2020 08:33:47 -0700 (PDT)
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2074.outbound.protection.outlook.com [40.107.244.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 427F53A0C24 for <rum@ietf.org>; Thu, 22 Oct 2020 08:33:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MP9jdMawNzAoSSwi6N8gOUm8I9MUI11M0dcVRtQRrIEgQkk8rTp1zAwkyr2gdPg0Pji7SQxtToKRn6nNFnjgPxQrpNcMxlsAWun7YmvRxKEEDW2LJoZUd9iHlGHMIgkVT/DxyvikWXSDfheWfNakfst/Z9LngVnMliwIgum3D/tWZ+FO+femA7A/xnBJaQcEZ8h7lEworaJIVtC3Qi/3i5bLi4URYNGNFzMTdxCWcNJ2O3JqVvHfg2NmDbRL/Rslfiwux4pVykn5MGBYaHQpThTsN3vB+RjBRFb4GpCZv8E2XdOVeoxmaYNbJ9n/FIocWzCL46Otm27+uySbz7bSjw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pco0b/W5Wz3mfFUc62kUt4Ld+TV9Zs7ZIvyf8m7ugkc=; b=FuJQRYCg8hHld/1S2jAT4avfwoXiR7ZMQw3FdzvvSJBUu9FhGzrV2nLpSMiOuS4JiS7XneatrW4GbdK64OiNaqAmWLiIcEW8nfFMfC3thJAdj1Wk1rqtp2QA4z1sSPNDYEWb/SxIjJ0C6Kj3DkZst9zQcmAcJE48bj/i+wWfy+MLdTDXt4zWhDJM9BqU/Spi3TBPXhgO/qzaskMKl+xwujrXwJwaepL51UbfDnx3Livyk83VinBgUp269Y5BY/lG0i+3TvXgZNipChT+MpWbfIAFylfm1fB7zdCEszEgooKjVNQuOqzEEfA86NRLpjI6Lc7KMQaQeea/kBKXhSG6kA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=edvina.net smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pco0b/W5Wz3mfFUc62kUt4Ld+TV9Zs7ZIvyf8m7ugkc=; b=N7m27AosujV4QQhZG4hI8RtpwpZPMRE/CeHa9vxks/EZzrz4G8emDsnzCAjdUa97lmLsj3OaFQ9Ip9CkeIqQEhDBaH0RiCrh3huC9Ltw7Tk7YXTnDiyaGUB1YJ7ttrhipib7A1maNB03KC3nh4KsPUWpZSAi1cYfU6PU9QuZpbk=
Received: from MN2PR16CA0009.namprd16.prod.outlook.com (2603:10b6:208:134::22) by MN2PR12MB4607.namprd12.prod.outlook.com (2603:10b6:208:a1::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.25; Thu, 22 Oct 2020 15:33:45 +0000
Received: from BL2NAM02FT044.eop-nam02.prod.protection.outlook.com (2603:10b6:208:134:cafe::1b) by MN2PR16CA0009.outlook.office365.com (2603:10b6:208:134::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.18 via Frontend Transport; Thu, 22 Oct 2020 15:33:45 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; edvina.net; dkim=none (message not signed) header.d=none;edvina.net; dmarc=bestguesspass action=none header.from=alum.mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu;
Received: from outgoing-alum.mit.edu (18.7.68.33) by BL2NAM02FT044.mail.protection.outlook.com (10.152.77.35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.20 via Frontend Transport; Thu, 22 Oct 2020 15:33:44 +0000
Received: from PaulKyzivatsMBP.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id 09MFXgU8002249 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Thu, 22 Oct 2020 11:33:42 -0400
To: "Olle E. Johansson" <oej@edvina.net>, Brian Rosen <br@brianrosen.net>
Cc: Eugene Christensen <echristensen@sorenson.com>, "rum@ietf.org" <rum@ietf.org>
References: <4d6ba97f-a83d-3d36-14a9-c6e84dd5b874@alum.mit.edu> <7A11F680-9EA6-4477-9BD8-6A7755AD0054@brianrosen.net> <7fdb95e6-e954-7275-60f7-462cf07eff0e@alum.mit.edu> <CAOPrzE1ONDUcGwvcfRhpyu9YM5JJJD92AsLKaeXvXqH4fmNbBw@mail.gmail.com> <92b5d34b-2fbf-0e2b-8562-8f7d11c5123b@alum.mit.edu> <F03944C6-0C19-4964-94A8-658B338526D4@brianrosen.net> <5e6d8446-c267-5113-aff1-fc87576b1317@alum.mit.edu> <BYAPR04MB49835526E9F63A38A5C56B86A31C0@BYAPR04MB4983.namprd04.prod.outlook.com> <38090A50-6572-4A8E-97D4-C260323365AE@brianrosen.net> <EC92824F-0175-407A-8175-A95DFE197B22@edvina.net>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <f5c85256-45fe-2c0b-2b93-3fe4fd24e557@alum.mit.edu>
Date: Thu, 22 Oct 2020 11:33:42 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:78.0) Gecko/20100101 Thunderbird/78.3.3
MIME-Version: 1.0
In-Reply-To: <EC92824F-0175-407A-8175-A95DFE197B22@edvina.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 623b0941-3c37-4fff-f915-08d8769fdc8f
X-MS-TrafficTypeDiagnostic: MN2PR12MB4607:
X-Microsoft-Antispam-PRVS: <MN2PR12MB4607554A5FABEE80B662802CF91D0@MN2PR12MB4607.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:7691;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: LILz7jfi7y1wTt1A2PzP32ZY6oKBXicSNUb/L1RDgtowZD8P2cTVqO6KIVMiPRl98Fwc1Q//HvOnATgrsESOBFQqD+aa7ZMy57BF8YdOiNLb3ffA0aAo1Z6C/eB1DVdD7moJsP9OVhSYvSjgOrJ6cj7vPAoLar8DrnRczM2PW4/PMPZ3FtWdy8D+FZgkYXXkMf8e3X9nXri/aSVGdMkoCCU2h3TybP9POS1iIV4GOYhvRrTGbaabw1TfOOa7ebSNV2huyPSrYilmFHVcxkRlI8+Ol+MDL1V5epopVp0/XrYAEmTU1cw28z+T6NszPQ/v2EDa00svtxUnAWQ2TPXGzA88aft5nDh7EFn10m7YRdl+/7gDt9gY28J3GU532C8O/D7nmq7fOgnwcERXlK9Dg9/fZXS9bB9ptl4Z4lgwUSIK9zZOJDbarFDcL1Uj2hmu
X-Forefront-Antispam-Report: CIP:18.7.68.33; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:outgoing-alum.mit.edu; PTR:outgoing-alum.mit.edu; CAT:NONE; SFS:(376002)(346002)(136003)(396003)(39860400002)(46966005)(4744005)(70206006)(75432002)(70586007)(956004)(2906002)(82310400003)(2616005)(110136005)(54906003)(5660300002)(86362001)(4326008)(31696002)(336012)(186003)(66574015)(316002)(36906005)(83380400001)(47076004)(15650500001)(26005)(478600001)(786003)(356005)(8936002)(8676002)(7596003)(53546011)(82740400003)(31686004)(43740500002); DIR:OUT; SFP:1101;
X-OriginatorOrg: alum.mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Oct 2020 15:33:44.3916 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 623b0941-3c37-4fff-f915-08d8769fdc8f
X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu]
X-MS-Exchange-CrossTenant-AuthSource: BL2NAM02FT044.eop-nam02.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4607
Archived-At: <https://mailarchive.ietf.org/arch/msg/rum/56JmmLgbmu-xjPA5KHNi3u0JVvA>
Subject: Re: [Rum] [EXT] RUM security model
X-BeenThere: rum@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Relay User Machine <rum.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rum>, <mailto:rum-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rum/>
List-Post: <mailto:rum@ietf.org>
List-Help: <mailto:rum-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rum>, <mailto:rum-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Oct 2020 15:33:49 -0000

On 10/22/20 2:29 AM, Olle E. Johansson wrote:

[snip]

>> Brute force and DDoS attacks can’t be addressed by this document except in the Security Consideration section.  They are implementation issues.
> If there are specific attack vectors to RUM that doesn’t apply to SIP implementations in general, yes.

AFAIK there should be nothing special about VRS that makes it any more 
vulnerable to attack than any other sip service accessed over the public 
internet.

I'd like to hear from the providers if I am wrong about this.

	Thanks,
	Paul

v2.23.0 | Report a Bug | By Email