IETF Logo Mail Archive

[secdir] SecDir review of draft-ietf-sip-certs-09

"Laganier, Julien" <julienl@qualcomm.com> Wed, 21 October 2009 00:50 UTC

Return-Path: <julienl@qualcomm.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5B51A3A6991; Tue, 20 Oct 2009 17:50:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.663
X-Spam-Level:
X-Spam-Status: No, score=-105.663 tagged_above=-999 required=5 tests=[AWL=0.936, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ldUfqJWOxfDC; Tue, 20 Oct 2009 17:50:30 -0700 (PDT)
Received: from wolverine01.qualcomm.com (wolverine01.qualcomm.com [199.106.114.254]) by core3.amsl.com (Postfix) with ESMTP id 71B2A3A696C; Tue, 20 Oct 2009 17:50:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qualcomm.com; i=julienl@qualcomm.com; q=dns/txt; s=qcdkim; t=1256086239; x=1287622239; h=from:to:date:subject:thread-topic:thread-index: message-id:accept-language:content-language: x-ms-has-attach:x-ms-tnef-correlator:acceptlanguage: content-type:content-transfer-encoding:mime-version: x-ironport-av; z=From:=20"Laganier,=20Julien"=20<julienl@qualcomm.com> |To:=20"secdir@ietf.org"=20<secdir@ietf.org>,=0D=0A=20=20 =20=20=20=20=20=20"draft-ietf-sip-certs@tools.ietf.org" =0D=0A=09<draft-ietf-sip-certs@tools.ietf.org>,=0D=0A=20 =20=20=20=20=20=20=20"iesg@ietf.org"=20<iesg@ietf.org> |Date:=20Tue,=2020=20Oct=202009=2017:49:23=20-0700 |Subject:=20SecDir=20review=20of=20draft-ietf-sip-certs-0 9|Thread-Topic:=20SecDir=20review=20of=20draft-ietf-sip-c erts-09|Thread-Index:=20AcpR6FThXyKfBp67R2K2ZM1BoMekew=3D =3D|Message-ID:=20<BF345F63074F8040B58C00A186FCA57F1C648C A04C@NALASEXMB04.na.qualcomm.com>|Accept-Language:=20en-U S|Content-Language:=20en-US|X-MS-Has-Attach: |X-MS-TNEF-Correlator:|acceptlanguage:=20en-US |Content-Type:=20text/plain=3B=20charset=3D"us-ascii" |Content-Transfer-Encoding:=20quoted-printable |MIME-Version:=201.0|X-IronPort-AV:=20E=3DMcAfee=3Bi=3D"5 300,2777,5777"=3B=20a=3D"25705831"; bh=LWRVoi9Jv/2pqAiHtzjKAwOPJB0NBf9jLJMuCVkTCXM=; b=ngRVR88oNQ9Xt+1GyFVSSyBOgX3j7ro40V2YWoK1EdsH9AzGFSDMtX8Z h7wT9QzCGox+kDo3tCBXhRxX08VAw7BCJfkCNTvDZe63BqO+DtX3pEzta mXNbdqtZrJuiLl6QfykyMG4IOgSkhwrENaygHq6PYk79TAzsQ8jWLlvAE Y=;
X-IronPort-AV: E=McAfee;i="5300,2777,5777"; a="25705831"
Received: from pdmz-ns-mip.qualcomm.com (HELO ithilien.qualcomm.com) ([199.106.114.10]) by wolverine01.qualcomm.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 20 Oct 2009 17:50:38 -0700
Received: from msgtransport04.qualcomm.com (msgtransport04.qualcomm.com [129.46.61.156]) by ithilien.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id n9L0oc6k018943 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 20 Oct 2009 17:50:38 -0700
Received: from nasanexhub05.na.qualcomm.com (nasanexhub05.na.qualcomm.com [129.46.134.219]) by msgtransport04.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id n9L0oStp003314 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Tue, 20 Oct 2009 17:50:38 -0700
Received: from nalasexhc01.na.qualcomm.com (10.47.129.185) by nasanexhub05.na.qualcomm.com (129.46.134.219) with Microsoft SMTP Server (TLS) id 8.2.176.0; Tue, 20 Oct 2009 17:49:25 -0700
Received: from NALASEXMB04.na.qualcomm.com ([10.47.7.114]) by nalasexhc01.na.qualcomm.com ([10.47.129.185]) with mapi; Tue, 20 Oct 2009 17:49:25 -0700
From: "Laganier, Julien" <julienl@qualcomm.com>
To: "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-sip-certs@tools.ietf.org" <draft-ietf-sip-certs@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
Date: Tue, 20 Oct 2009 17:49:23 -0700
Thread-Topic: SecDir review of draft-ietf-sip-certs-09
Thread-Index: AcpR6FThXyKfBp67R2K2ZM1BoMekew==
Message-ID: <BF345F63074F8040B58C00A186FCA57F1C648CA04C@NALASEXMB04.na.qualcomm.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [secdir] SecDir review of draft-ietf-sip-certs-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Oct 2009 00:50:31 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors.  Document editors and WG chairs should treat these
comments just like any other last call comments.

This draft defines a credential service that allows SIP user
agents store their certificates and to retrieve the certificates of 
other users. These user agents certificates are not required to be signed
by well known certificate authorities and can possibly be self-signed. 
The mechanism leverages on the SIP Identity framework to provide the
required features. 

I have found this document to be especially well written and easily 
understandable, even by a non-SIP expert such as myself. The security 
considerations section is comprehensive and seems to analyze the
protocol adequately.

--julien

v2.23.0 | Report a Bug | By Email