Re: [secdir] SecDir review of draft-ietf-sipping-cc-framework
Alan Johnston <alan@sipstation.com> Wed, 24 June 2009 17:09 UTC
Return-Path: <alan@sipstation.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D62963A6CC8; Wed, 24 Jun 2009 10:09:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wx4popB8qpVm; Wed, 24 Jun 2009 10:09:08 -0700 (PDT)
Received: from mho-02-ewr.mailhop.org (mho-02-ewr.mailhop.org [204.13.248.72]) by core3.amsl.com (Postfix) with ESMTP id 9510B3A6BCE; Wed, 24 Jun 2009 10:08:39 -0700 (PDT)
Received: from [208.71.39.153] (helo=alan-johnstons-powerbook-g4-17.local) by mho-02-ewr.mailhop.org with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.68) (envelope-from <alan@sipstation.com>) id 1MJVUU-000Aqg-QA; Wed, 24 Jun 2009 16:38:30 +0000
X-Mail-Handler: MailHop Outbound by DynDNS
X-Originating-IP: 208.71.39.153
X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information)
X-MHO-User: U2FsdGVkX194tLRSuvPMndylLnXVIBnZeCm0xr+27Pg=
Message-ID: <4A42567E.3060106@sipstation.com>
Date: Wed, 24 Jun 2009 11:38:22 -0500
From: Alan Johnston <alan@sipstation.com>
User-Agent: Thunderbird 2.0.0.21 (Macintosh/20090302)
MIME-Version: 1.0
To: Magnus Nyström <magnus@rsa.com>
References: <Pine.WNT.4.64.0805121031000.2612@W-JNISBETTEST-1.tablus.com> <Pine.WNT.4.64.0811051802030.7640@W-JNISBETTEST-1.tablus.com> <Pine.WNT.4.64.0812101529200.3888@W-JNISBETTEST-1.tablus.com> <Pine.WNT.4.64.0902161338530.5224@W-JNISBETTEST-1.tablus.com> <Pine.WNT.4.64.0905032241410.5248@W-JNISBETTEST-1.tablus.com> <Pine.WNT.4.64.0906142309020.632@W-JNISBETTEST-1.tablus.com>
In-Reply-To: <Pine.WNT.4.64.0906142309020.632@W-JNISBETTEST-1.tablus.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Mailman-Approved-At: Thu, 25 Jun 2009 11:25:59 -0700
Cc: fluffy@cisco.com, rohan@ekabal.com, jdrosen@cisco.com, secdir@ietf.org, secdir-secretary@ietf.org, dpetrie@sipez.com, iesg@ietf.org, rjsparks@nostrum.com
Subject: Re: [secdir] SecDir review of draft-ietf-sipping-cc-framework
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jun 2009 17:09:09 -0000
Magnus, Thanks for your review of the document. See my comments below. Thanks, Alan Magnus Nyström wrote: > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > > Background > ---------- > This document describes a framework for call control and multi-party > usage of SIP (while the abstract also talks about requirements, I did > not see any strong requirements - at least there are no normative > statements in the RFC 2119 sense in the document). > > Comments > -------- > > Although brief, the Security Considerations section reads well (a more > comprehensive trust/threat model analysis for the proposed framework > would have been nice though). It could be useful to add a sentence or > two on anonymity aspects in the context of the proposed framework. The > body of the text mentions this aspect in passing once (2.6.4) but > there is no mentioning in the Security Considerations section. We could add a statement like: "Standard SIP privacy and anonymity mechanisms such as [RFC3323] and [RFC3325] used during SIP session establishment apply equally well to SIP call control operations. SIP call control mechanisms should address privacy and anonymity issues associated with that operation. For example, privacy during a transfer operation using REFER is discussed in Section 7.2 of [draft-ietf-sipping-cc-transfer]." > > > In the sixth paragraph, an explicit method for replay attack > prevention is recommended (lower-case "should"). I am not sure about > the reason for this and could potentially see other ways to mitigate > such attacks. Hence, one suggestion could be to replace the current > "In the case of features initiated by a former participant, these > should be protected against replay attacks by using a unique name or > identifier per invocation" with: > "In the case of features initiated by a former participant, these > should be protected against replay attacks, e.g. by using a unique > name or identifier per invocation." This is a good suggestion - I'm fine with this text. > > For clarity, I also suggest changing this section's last sentence to: > "These credentials may for example need to be passed transitively or > fetched in an event body." I'm fine with this change as well. > > A question: The third paragraph in the Security Considerations section > refers to Section 3.2 - might this be Section 2.3? Yes - we will fix this. > > General/editorial: > > - Abstract states "This framework also describes other goals that > embody the spirit of SIP applications as used on the Internet" - it > would have been useful if this sentence at least had identified a few > of these goals. We can list some like this: "This framework also describes other goals that embody the spirit of SIP applications as used on the Internet such as: definition of primitives, not services; invoker and participant oriented; signaling and mixing model independence, and others." > > > - Section 2.3: "peers can take advantage of end-to-end message > integrity or encryption" - I would say this applies only when certain > conditions are met and hence perhaps something like "peers may take > advantage..." or similar would be better. I'm fine with changing it to: "peers may take advantage of end-to-end message integrity or encryption" > > - Section 2.6.7.2: Acronym "IVR" introduced without explanation. An > early "Acronyms" section would be useful. We will expand IVR, and also 3PCC, URI, JTAPI, CSTA, B2BUA, UA, GSM, HTTP, RTSP, PSTN, W3C, and SDP when they are first mentioned in the text. I'd prefer not to introduce an Acronyms section as most of these acronyms are only used once or twice in the text, but I can if others feel strongly about it. > > - Section 3: The sentence "One means of accomplishing this is through > the ability to define and obtain URIs for these actions as described > in section ." seems to be missing the final section reference. > We will change it to: "One means of accomplishing this is through the ability to define and obtain URIs for these actions as described in Section 2.7.2." > -- Magnus >
- [secdir] Review of draft-ietf-vrrp-unified-spec-02 Magnus Nyström
- Re: [secdir] Review of draft-ietf-vrrp-unified-sp… Stephen Nadas
- [secdir] Review of draft-freed-sieve-ihave-03 Magnus Nyström
- [secdir] SecDir review of draft-ietf-avt-rtp-uemc… Magnus Nyström
- [secdir] SecDir review of draft-ietf-mpls-p2mp-te… Magnus Nyström
- Re: [secdir] SecDir review of draft-ietf-mpls-p2m… Adrian Farrel
- [secdir] SecDir review of draft-ietf-sipping-cc-f… Magnus Nyström
- Re: [secdir] SecDir review of draft-ietf-sipping-… Alan Johnston
- [secdir] SecDir review of draft-ietf-opsawg-syslo… Magnus Nyström
- Re: [secdir] SecDir review of draft-ietf-opsawg-s… Romascanu, Dan (Dan)
- Re: [secdir] SecDir review of draft-ietf-opsawg-s… David Harrington