[secdir] secdir review of draft-ietf-sipcore-content-id-06
Radia Perlman <radiaperlman@gmail.com> Fri, 23 June 2017 01:00 UTC
Return-Path: <radiaperlman@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0DAB126C83; Thu, 22 Jun 2017 18:00:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VaeqQbDlhnNj; Thu, 22 Jun 2017 18:00:51 -0700 (PDT)
Received: from mail-oi0-x230.google.com (mail-oi0-x230.google.com [IPv6:2607:f8b0:4003:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC4EF129BBD; Thu, 22 Jun 2017 18:00:50 -0700 (PDT)
Received: by mail-oi0-x230.google.com with SMTP id p66so18097199oia.0; Thu, 22 Jun 2017 18:00:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=paq7hmN+QPPBZyg5NFO0TrgTneqTGfgZkyfZJdILZ4k=; b=ir22b0eLLD/HNIbidQYbWz/OAAFNBmRCEwsty0nPpCJX6eH0nLGhdllsFhu4xTPnXs A/xfhlUAFXnWTskEAjDeIfbnNhBNowG3wpCmb6D0ErjuxlJE18eDC9S5fdICyN6MO0qR Y3/YtNVz6udqfIdH23MwREZdjV5PVh3/2bry4lcWhuFj2l+dxTHI9Dv1WvllsspXaR+p B8YDAa04tH/SjvLXY5BYDZROkuwyyDIl6Y0xByGiwVvPs056LEQvKHden8BuqssykW1J NMQDZkxTPGpSW2NWcp2ptgzV4j9pZE1HPuLgMkeRJLZk7fJo1hQrzdX3qWv2DYMsXbBt mPLg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=paq7hmN+QPPBZyg5NFO0TrgTneqTGfgZkyfZJdILZ4k=; b=fLPHTwgJndXWyaP5wGAg8u+NyIgBJq30C5ER3TNB7kHAzAYZdqbPLnTEuVD1df3d2s X1HTi4egOFRiH3svlgO/5J5F84+Y41tvcn9EUCfvHtIwDIjbccUT1WKVwQItqKOsGEpe TXch2mRqehUVpksjaZnFXmfLVNfY33d/8QSoB1dl0atlIG1ePu4GmEdswgb8eSVOLjgT wU3xWkWdMgwsp0Ld+hRyo/VYA7oDSg8UdojaqB4Xb/Toj62CNEUMly/cvjOq9gGGZQRI 7ww7ywZOIsmRwQcO5Iw+ekg6BtK+O/e2M9LVePL7603mSI37VtTi/gRPF733W9Hqpasc kr3w==
X-Gm-Message-State: AKS2vOzq3tBe8PLtBv6c/U1sn8ZeXAKWqPzxKl0GYA8ktUhfRPv83az9 4M+MIsVPLRjRchv5kw68eaB31gspf+//
X-Received: by 10.202.237.199 with SMTP id l190mr2442606oih.128.1498179649900; Thu, 22 Jun 2017 18:00:49 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.182.145.37 with HTTP; Thu, 22 Jun 2017 18:00:49 -0700 (PDT)
From: Radia Perlman <radiaperlman@gmail.com>
Date: Thu, 22 Jun 2017 18:00:49 -0700
Message-ID: <CAFOuuo7aRATmho-VrnTBC5soQjGBfD416TyOY2qjFA6fG0+9ig@mail.gmail.com>
To: draft-ietf-sipcore-content-id.all@ietf.org, The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Content-Type: multipart/alternative; boundary="001a113d265ad7a2cd055296217b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/1BCbKPkUC-SEWDAw_8AIl8-Bt5Q>
Subject: [secdir] secdir review of draft-ietf-sipcore-content-id-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Jun 2017 01:00:53 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. What this RFC does is define a syntax that allows a part of a SIP message to refer to another part of the SIP message. This was previously possible only if the referred-to-part was a body part and this spec generalizes that to allow references to an entire body. It is very difficult to read this by itself, even though it is very short. I'd think it would be better to just make this minor modification to the base RFC. And if we want to have these tiny RFCs, I understand that it's unusual for someone to just read one rather than the whole group...it's really the case of a SECDIR person being assigned a specific RFC that might not be caught up on all the jargon for that WG. However, I think each RFC should be understandable. There ought to be a "context", that includes what other RFCs should be read first, and in particular, either an acronym dictionary or a pointer to an RFC that has explanations for all the acronyms in the little RFC. I found one technical point that seems like an important inconsistency: Section 3.2 says the Content-ID header field must be unique in the context of a given SIP message, while section 3.4.1 says it must be globally unique. The difference is important; globally unique is hard and ugly. I hope that section 3.4.1 is wrong. More examples - with annotations - would be helpful, as would an explanation of how people work around this limitation today. Perhaps also an explanation understandable to an ordinary human as to what problem they are trying to solve and the context in which that problem comes up. Perhaps also worth asking is how the sender of a SIP message is supposed to know whether the recipient of the SIP message can handle this new syntax, and perhaps what it would do if it couldn’t. I suspect they have a good answer to these questions, but they would be worth stating. The security considerations section says "The Content-ID header field value MUST NOT reveal sensitive user information. If the message-body associated with the Content-ID header field is an encrypted body, it MUST NOT be possible to derive a key that can be used to decrypt the body from the Content-ID header field value." It seems to me that that text should be in the body of the RFC, because it is specifying what must be done, rather than what I usually think of for security considerations, which would say "if you didn't do what we said in section XXX, the following bad things could happen." But as long as people read the security considerations section, it's OK. Radia
- [secdir] secdir review of draft-ietf-sipcore-cont… Radia Perlman
- Re: [secdir] secdir review of draft-ietf-sipcore-… Christer Holmberg
- Re: [secdir] secdir review of draft-ietf-sipcore-… Ben Campbell
- Re: [secdir] secdir review of draft-ietf-sipcore-… Christer Holmberg
- Re: [secdir] secdir review of draft-ietf-sipcore-… Ben Campbell
- Re: [secdir] secdir review of draft-ietf-sipcore-… Radia Perlman
- Re: [secdir] secdir review of draft-ietf-sipcore-… Ben Campbell
- Re: [secdir] secdir review of draft-ietf-sipcore-… Christer Holmberg