[secdir] Secdir review of draft-ietf-stir-rfc4474bis-14
"Xialiang (Frank)" <frank.xialiang@huawei.com> Mon, 24 October 2016 18:44 UTC
Return-Path: <frank.xialiang@huawei.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B79A9127076; Mon, 24 Oct 2016 11:44:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.651
X-Spam-Level:
X-Spam-Status: No, score=-4.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RbmQN4IgzxSk; Mon, 24 Oct 2016 11:44:55 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E952A1294E2; Mon, 24 Oct 2016 11:44:54 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml703-cah.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CYY16901; Mon, 24 Oct 2016 18:44:52 +0000 (GMT)
Received: from SZXEMA411-HUB.china.huawei.com (10.82.72.70) by lhreml703-cah.china.huawei.com (10.201.5.104) with Microsoft SMTP Server (TLS) id 14.3.235.1; Mon, 24 Oct 2016 19:44:51 +0100
Received: from SZXEMA502-MBS.china.huawei.com ([169.254.4.86]) by szxema411-hub.china.huawei.com ([10.82.72.70]) with mapi id 14.03.0235.001; Tue, 25 Oct 2016 02:44:43 +0800
From: "Xialiang (Frank)" <frank.xialiang@huawei.com>
To: "draft-ietf-stir-rfc4474bis.all@tools.ietf.org" <draft-ietf-stir-rfc4474bis.all@tools.ietf.org>
Thread-Topic: Secdir review of draft-ietf-stir-rfc4474bis-14
Thread-Index: AdIuJqzqa24rxCLVS2WDDiesiKtk9w==
Date: Mon, 24 Oct 2016 18:44:42 +0000
Message-ID: <C02846B1344F344EB4FAA6FA7AF481F12B0220CC@SZXEMA502-MBS.china.huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.201.117.67]
Content-Type: multipart/alternative; boundary="_000_C02846B1344F344EB4FAA6FA7AF481F12B0220CCSZXEMA502MBSchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020201.580E56A5.00C2, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.4.86, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 55e684ed2dc6a72131ec68ddb763bcfa
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/088cI_MX4VJtCR_6O3ntyYz_nQM>
Cc: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: [secdir] Secdir review of draft-ietf-stir-rfc4474bis-14
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Oct 2016 18:45:00 -0000
Hello, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document defines a mechanism for securely identifying originators of SIP requests. It does so by defining a SIP header field for conveying a signature used for validating the identity, and for conveying a reference to the credentials of the signer. In general, this draft is the update of previous RFC4474 with some improvements like: better support of telephone numbers as identifiers, reducing the material scope of the Identity signature to those not changed by the intermediaries, replacing previous signed-identity-digest format with PASSporT (signing algorithms now defined in a separate specification) and so on. This draft already includes a very comprehensive and detailed consideration about privacy and security threats, I have no more security issues in addition to them. Summary: this document appears in reasonably good shape, and is written well. I think it is ready. Thanks! B.R. Frank
- [secdir] Secdir review of draft-ietf-stir-rfc4474… Xialiang (Frank)