Re: [secdir] secdir review of draft-ietf-sipcore-sip-push-21

Christer Holmberg <christer.holmberg@ericsson.com> Thu, 03 January 2019 11:29 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D84A2124C04 for <secdir@ietfa.amsl.com>; Thu, 3 Jan 2019 03:29:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.365
X-Spam-Level:
X-Spam-Status: No, score=-4.365 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.065, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=O2UN+0WJ; dkim=pass (1024-bit key) header.d=ericsson.com header.b=m6JVfmM/
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KPJvFy6ekJXO for <secdir@ietfa.amsl.com>; Thu, 3 Jan 2019 03:29:49 -0800 (PST)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11FA912008F for <secdir@ietf.org>; Thu, 3 Jan 2019 03:29:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1546514986; x=1549106986; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=H4nFpLz+uad/Ke+qt0HvnKNChd9dgF3AFAW7V851ewQ=; b=O2UN+0WJ7AKJWrkNTiiP7D96P1v6VdnrF6iJH/kCkFly3Xz0OLbJT1wtfWkLZGfg NxM/0ysNekwx5s2kxoXo5pE2PZ8fzC/pBfZvjCs1zEXeli/JA08LR2UfYvpNSbuH PtDWtHct/VlzEi77TzcZVjbV7CQH5H+s9NKp+yDzh64=;
X-AuditID: c1b4fb30-fabff7000000355c-ba-5c2df22a1e66
Received: from ESESBMB504.ericsson.se (Unknown_Domain [153.88.183.117]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id 97.E6.13660.A22FD2C5; Thu, 3 Jan 2019 12:29:46 +0100 (CET)
Received: from ESESBMR503.ericsson.se (153.88.183.135) by ESESBMB504.ericsson.se (153.88.183.187) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Thu, 3 Jan 2019 12:29:46 +0100
Received: from ESESSMB504.ericsson.se (153.88.183.165) by ESESBMR503.ericsson.se (153.88.183.135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Thu, 3 Jan 2019 12:29:45 +0100
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (153.88.183.157) by ESESSMB504.ericsson.se (153.88.183.165) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Thu, 3 Jan 2019 12:29:45 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=H4nFpLz+uad/Ke+qt0HvnKNChd9dgF3AFAW7V851ewQ=; b=m6JVfmM/Gk4nKD+g0ep7KiQ5sgKDmN8b+8t6kkuufya9SQa0gIHsjQJhflobDSpASK/+bj3E+uXJRb60PuPJzG8krWXe306miLn/Q51O2imcCZuUb/j4xG2zImwpnBlfRTmYzvxNeGQ3wjk03wx9CDLXvToK35JQTXabCDwBZLY=
Received: from DB7PR07MB5628.eurprd07.prod.outlook.com (20.178.47.151) by DB7PR07MB4585.eurprd07.prod.outlook.com (52.135.141.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1495.6; Thu, 3 Jan 2019 11:29:43 +0000
Received: from DB7PR07MB5628.eurprd07.prod.outlook.com ([fe80::2554:b72e:2ba3:26a3]) by DB7PR07MB5628.eurprd07.prod.outlook.com ([fe80::2554:b72e:2ba3:26a3%4]) with mapi id 15.20.1495.005; Thu, 3 Jan 2019 11:29:43 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: "Scott G. Kelly" <scott@hyperthought.com>, "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-sipcore-sip-push.all@ietf.org" <draft-ietf-sipcore-sip-push.all@ietf.org>
Thread-Topic: secdir review of draft-ietf-sipcore-sip-push-21
Thread-Index: AQHUoUFwpb8nIR8T3kKT3FjKoKE4faWdaLFK
Date: Thu, 3 Jan 2019 11:29:42 +0000
Message-ID: <DB7PR07MB56286B4A2702A5FF1915D1D6938D0@DB7PR07MB5628.eurprd07.prod.outlook.com>
References: <1546285539.44113084@apps.rackspace.com>
In-Reply-To: <1546285539.44113084@apps.rackspace.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [87.93.24.165]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB7PR07MB4585; 6:/a9Xz2/D7450UipazrasixYaZZxtaupqUkyGFdxaDH1YwxLITMZKTDR/ueJl3jBWlqqdKlGbrMSn3ujCsCojBikZ+GvyAcFtBoG0OuplcICsYS6depepimq55Vtqc+/anxGzpRNT84fboh+oSkBTWQ8CF4HmhNzcrM+qdne4Kf/Re+eBwMi2ff4GpdAg9Fl5YGSHlQ0yzfDvFYCM5++IiTiLcxG7oqJyS7ySIGbj1P9Geyv4QQKx9KCsDUAgbUN5/lc96xeoF3cujWjUsIwzlOasBHgbmKwFX5M4Q+wFCFNit8xCoqK5SMnfgR6qmemkq8ImBiKzcUk2v8J5x8VgVYMs5pGwj/AACYRdepBrGucK87XiCgCV1CzGo5ftifsLBkLrZ+CO3ky4tbKi54WjzEKLyJWhNYnaw8w2CJ659AN3cktlNfxzbESIJP8rkrBisnVYfCnuUPc8Ngk5E1gMvA==; 5:P08VhbeyoSNfxjj51M/YNwrUGlE1gxslP2LXTaznT4PUOCMvJvwSRmpF5tSZmDLX+unqSaZZB41wTrmQ1SEx90X8UnswItT5JcTMEGCNzAc5glnJif41/mVi9u2zz5s4Zprsvs0+iTu80SbddCFvH4pW4VBLgpGkZQCZZitA6vfAM7+utJd1mkdPWagix+U4OhK2seT2e9t/02OrRRn6gg==; 7:Dj4nMIdGu6EhUC5q/FoXT3MKxPFhvstYEHUDJQlYTNZXrRIIOHCa1YZuhykliRgq94Yiu82aTgN/gZej9tm6yhC3QZdyJPbadABc6x9zx7p72UjYTwxKFiplL1JNW5jbrbuntcCnhxg179sHMilbQA==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 7674955c-d787-451d-4ecf-08d6716ec1cb
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600109)(711020)(2017052603328)(7153060)(7193020); SRVR:DB7PR07MB4585;
x-ms-traffictypediagnostic: DB7PR07MB4585:
x-microsoft-antispam-prvs: <DB7PR07MB45859F7A6FAF98BBA62AC869938D0@DB7PR07MB4585.eurprd07.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(3230021)(908002)(999002)(5005026)(6040522)(8220060)(2401047)(8121501046)(10201501046)(3002001)(3231475)(944501520)(52105112)(93006095)(93001095)(6041310)(20161123560045)(20161123562045)(20161123564045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051)(76991095); SRVR:DB7PR07MB4585; BCL:0; PCL:0; RULEID:; SRVR:DB7PR07MB4585;
x-forefront-prvs: 0906E83A25
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(376002)(136003)(39860400002)(396003)(346002)(199004)(189003)(316002)(229853002)(53936002)(7696005)(3846002)(6116002)(55016002)(478600001)(68736007)(9686003)(33656002)(102836004)(71190400001)(71200400001)(76176011)(6606003)(74316002)(5660300001)(54896002)(345774005)(14444005)(256004)(2501003)(97736004)(7736002)(14454004)(106356001)(81166006)(6346003)(105586002)(81156014)(86362001)(476003)(99286004)(8676002)(2906002)(44832011)(486006)(2201001)(6246003)(8936002)(6506007)(110136005)(25786009)(11346002)(446003)(66066001)(19627405001)(26005)(186003)(6436002); DIR:OUT; SFP:1101; SCL:1; SRVR:DB7PR07MB4585; H:DB7PR07MB5628.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: uMatX84LYcuoB5JG0uwAJGbe6wJIUiBoN5hQoxtdIR72jZStTLSwG3nu+Mqd5gdicA6yz8hRZyRdslkDVblYWeddQ94LqwiTAn7fXxqj6Nfx92LYeT6hxSArZyQ6Ss8odnnvPzjkY6XWLXHJ9JWOxi65Lf0MieN1qXqIfHELLSh/JI3ti6RKNRpriX8BNJ+EolN8OQHqIenp+idLHqXDV2qDgM0Pbb4+cP8ORAI/qLZjTdR/aDpF4AtCL37ePIktojnAuLVgfrMGNsTK6Q4Ix/4hKihMitWHq7FLxJrDIaoKJhRyxFNMMD8VI9TOJE5H
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DB7PR07MB56286B4A2702A5FF1915D1D6938D0DB7PR07MB5628eurp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 7674955c-d787-451d-4ecf-08d6716ec1cb
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jan 2019 11:29:42.9921 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR07MB4585
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02SaUgUYRjHe2dm13Fz43W8nraEWuqDq+tV4SIaRgTSAdsXUVm0NccjdbUZ tbQQsSjUD62poYuwmkugZK33kYiZlUeUeXTYQaYYq1G6JZKK5DgWfvv9/8//eXn+8NIk0yxR 0MmGTJYz6FOVUhlVGdmepVbZ1Tr/kmKF5nvbINJUrJWQmqUWI9Is1ExRYVR4R8cQFW6x/CG0 RLQsJJ5NTc5mOb+j52RJhQ1eGf0nLv8s6SHz0bXgIuRIAz4M41UFkiIkoxncj+DGLysSxRKC fKuV+C/sd62kKGoJGCq0SQVBYSMJj758lAiPMbiEgJqx3WJqCsHQi88bKZqWYg0Ur3sLvise QTBQW7bpu+AQaBsIEnZdcShYi5akIgdCWaeJFJjCB+Dp4hgSWI510G60I2GV2Th8bpYSbEd8 BMwN9ZsnIOwOy0P3CYFJ7AGTM2ZC7InB0v2KFNkNbNPrEpH3wcRwq1RkTxg1F2/WB1zgAHUf upA4UMNCefnW8hmYHBwmxdBGl+KqOUocqKDpeu/WQgrYW6e3Qq9JeFAw5yBcDXgvfOqJEP1F CdwZN1JG5Gfadq3I6TDYXEeaNks7w2DlDCX6vvCuvEwqsjfcq5knRVZDxXoftd2vRg71yI1n +bi0xMBAX5ZLPs/z6QZfA5vZhDa+0uOWVf8OZPt2rA9hGimd5BOLah0j0WfzOWl9CGhS6Sp3 5310jDxen5PLcumxXFYqy/ehPTSl9JCvMc46BifqM9kUls1guX9TgnZU5COFlg485C4/Xn0w 76Jvc1CMHeJWRp/8YKaQdodBannusZyV4HlzMjZh/FLim5fzu/K7GlZrg9fuPrPVlpZqvX6f Mu8/OadOaJTaI51ur9yKino7e9qoujqWx/VyjRfeLz38yi+aOg3zodGuLnR5WGZM2E6yO9Qc cSVANjKc63NWSfFJ+gAVyfH6v0HFw0tGAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/069fgTgZdVI9vO0ZU1f4vPHguSo>
Subject: Re: [secdir] secdir review of draft-ietf-sipcore-sip-push-21
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Jan 2019 11:29:51 -0000

Hi Scott,


Thank You for the review! Please see inline.


>The summary of the review is ready with issues.
>
>The document describes how to enable a push notification service (PNS) to
>wake a suspended SIP user agent.
>
>Due to the writing style, I found the document very difficult to understand. Maybe
>the RFC editor can help with this, but it might be better if someone from the working
>group helped out with word-smithing.

I have done quite a bit of word-smithing based on WGLC/AD reviews etc, but if something is unclear I am of course very happy to fix that.

>For security considerations, there are 3 entities involved in the communications defined by this document: the >user agent (UA), the PNS server, and the application server (in this case, a SIP proxy). The basic idea is that the >UA registers with the PNS, obtaining a Push Resource ID (PRID). The UA provides the PRID to the SIP proxy, and >then the SIP proxy presents the PRID to the PNS along with a message for the UA, and the PNS uses the PRID to >route the message to the right UA.

Correct.

Note, though, that the "message" is only a push notification in order to wake up the UA. The actual SIP message (that triggered the push notification) will then be routed to the UA using normal SIP procedures.

>The security considerations section mostly punts. With respect to UA-PNS interactions, it says "The mechanisms >for authorizing and authenticating the users are PNS-specific, and are outside the scope of this document." It >says nothing about how the UA authenticates the PNS.

The UA-PNS interactions, including how the UA authenticates the PNS, are PNS specific.

>For application server (SIP proxy) to PNS interactions, it mentions the fact that a PNS may requires some sort of >authz/authn for the SIP proxy, but it gives no requirements/recommendations here. It later mentions a JWT >mechanism for this purposes described in RFC8292, but again, no requirement, no recommendation.

The proxy-PNS interactions are also PNS specific, and not defined by this document. RFC8292 is an extension that can be used with the mechanism defined in RFC8030, but it cannot be applied to any PNS on the fly. A PNS would have to explicitly support it.

>Also, it says
>
  > Operators MUST ensure that the SIP signalling is properly secured,
   > e.g., using encryption, from malicious middlemen.  TLS MUST be used,
   > unless the operators know that the signalling is secured using some
   > other mechanism.
>
>I don't think there is a clear requirement stated here. If an operator chooses a proprietary
>scheme with weak crypto and claims that is "properly secured", have they met this requirement?

I could say something like: "is secured using some other mechanism that provides strong crypto properties".

>Finally, I think RFC8030 has a good description of the security considerations for this use case, and
>should be referenced here.

I can add a reference. However, while many of the security considerations in RFC8030 probably apply to any PNS, they are still written for a specific PNS.

Regards,

Christesr