IETF Logo Mail Archive

Re: [secdir] secdir review of draft-ietf-siprec-metadata-20

Paul Kyzivat <pkyzivat@alum.mit.edu> Mon, 15 February 2016 05:18 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 115611B2DC7 for <secdir@ietfa.amsl.com>; Sun, 14 Feb 2016 21:18:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Level:
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id giM_AHJeKngc for <secdir@ietfa.amsl.com>; Sun, 14 Feb 2016 21:18:52 -0800 (PST)
Received: from resqmta-po-03v.sys.comcast.net (resqmta-po-03v.sys.comcast.net [IPv6:2001:558:fe16:19:96:114:154:162]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A51CB1B2DAC for <secdir@ietf.org>; Sun, 14 Feb 2016 21:18:52 -0800 (PST)
Received: from resomta-po-14v.sys.comcast.net ([96.114.154.238]) by resqmta-po-03v.sys.comcast.net with comcast id JVJr1s00258ss0Y01VJsBc; Mon, 15 Feb 2016 05:18:52 +0000
Received: from Paul-Kyzivats-MacBook-Pro.local ([73.218.51.154]) by resomta-po-14v.sys.comcast.net with comcast id JVJq1s00D3KdFy101VJqFM; Mon, 15 Feb 2016 05:18:51 +0000
To: David Mandelberg <david@mandelberg.org>, iesg@ietf.org, secdir@ietf.org, draft-ietf-siprec-metadata.all@tools.ietf.org
References: <56C0EB89.4050409@mandelberg.org>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <56C15FB9.8030600@alum.mit.edu>
Date: Mon, 15 Feb 2016 00:18:49 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <56C0EB89.4050409@mandelberg.org>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1455513532; bh=hZiscENGrjqkc2TSxe4fZhXoDWo36Au1d0UMcwsswu0=; h=Received:Received:Subject:To:From:Message-ID:Date:MIME-Version: Content-Type; b=r/caXObbwPF/72Cx+XtgG7XphvirhJIgvOi46Ag15GLyOPHV4+4nRtjCSTvWGwcDc KlGexklVsW+FeMrViG2YHkd2tgoZtGpBrowd5zey9IjBN1gidQ3OvFlsZLYstODyHB 2qNAvePlmmDtQIfGYMX/psUImFc23TV0cbrUsyIkozLkOGd8i4E51dJGsBojeNbtYk dd12PtiYxImImNDF0SmhA6Q0i8xCYgvIck7D7bDxQZGxZVlSdr5XuKj0BnVK7k8dVe solyGgzzp14NbFRbyyc5zRNPDbgsJ+6G917YA1iccwDQWPeGJd8wqcMVmWHB7VDoAY 37YYHDxhStotA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/33MEJH9lDS8GaBs2_2v4K5GhMP0>
Subject: Re: [secdir] secdir review of draft-ietf-siprec-metadata-20
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Feb 2016 05:18:54 -0000

David,

Thank you for the review. I will try to respond. (Note that I haven't 
consulted with the other authors on this response, so they may have 
something else to say.) Please see inline below.

On 2/14/16 4:03 PM, David Mandelberg wrote:
> Hi,
>
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the IESG.
> These comments were written primarily for the benefit of the security
> area directors. Document editors and WG chairs should treat these
> comments just like any other last call comments.
>
> This document specifies a metadata format for information about recorded
> SIP sessions. The Security Considerations section has good text about
> the protection of metadata in this format, but I found one potential
> security issue with the way an SRS (server) is supposed to handle the
> metadata. I think this draft is ready with issues.
>
> Section 6.10 says that "multiple SRC's [clients] can refer to the same
> element/UUID (how each SRC learns the UUID here is out of scope of
> SIPREC)". But what happens if two clients try to define different
> objects with the same UUID? Does one of the objects take precedence for
> all clients? If all of the benign clients are relying on referencing an
> object A with UUID 1, and a malicious client is able to send an object B
> also with UUID 1, that might compromise the integrity of the metadata
> sent by the benign clients. This could be mitigated by requiring that
> UUIDs are generated (pseudo-)randomly and are kept confidential from
> potential adversaries, but I don't think the draft says either of these
> things.

The UUIDs used in the metadata are intended to be *unique*. Distinct 
SRCs that construct new UUIDs are expected to follow the rules for 
constructing them so that they are indeed unique.

If two SRCs use the same UUID it will be because they intentionally 
choose to do so. Typically this will be by some back channel to 
communicate among themselves. (I suppose there could potentially be some 
algorithmic way for them to construct UUIDs in a coordinated way, but I 
won't speculate on that.)

By design there should be no accidental reuse of UUIDs.

	Thanks,
	Paul

v2.23.0 | Report a Bug | By Email