[secdir] Secdir review of draft-holmberg-dispatch-iotl

Paul Hoffman <paul.hoffman@vpnc.org> Wed, 14 January 2015 21:50 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 4C2901ACD59 for <secdir@ietfa.amsl.com>; Wed, 14 Jan 2015 13:50:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.347
X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id e5SX5miBHkQI for <secdir@ietfa.amsl.com>; Wed, 14 Jan 2015 13:50:18 -0800 (PST)
Received: from proper.com (Opus1.Proper.COM []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2DA0F1ACCEB for <secdir@ietf.org>; Wed, 14 Jan 2015 13:50:18 -0800 (PST)
Received: from [] (50-1-98-91.dsl.dynamic.fusionbroadband.com []) (authenticated bits=0) by proper.com (8.15.1/8.14.7) with ESMTPSA id t0ELoGYd021343 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <secdir@ietf.org>; Wed, 14 Jan 2015 14:50:17 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: proper.com: Host 50-1-98-91.dsl.dynamic.fusionbroadband.com [] claimed to be []
From: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Message-Id: <34534088-F80A-4FF1-A859-5CFA456A737A@vpnc.org>
Date: Wed, 14 Jan 2015 13:50:16 -0800
To: secdir <secdir@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\))
X-Mailer: Apple Mail (2.1993)
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/6pSLaLrBcIaUJFydNpuXiQZql0s>
Subject: [secdir] Secdir review of draft-holmberg-dispatch-iotl
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jan 2015 21:50:19 -0000

Greetings again. draft-holmberg-dispatch-iotl describes a new SIP URI parameter that indicates "indicate that the entity associated with the address, or an entity responsible for the host part of the address, represents the end of a specific traffic leg (or multiple traffic legs)". The security considerations are short:

   The information SHOULD only be used for making policy decisions based
   on the role by nodes within the same trust domain [RFC3325].  In
   addition, there MUST exist an agreement between the operators for
   usage of the roaming role information.

URIs passed are protected as well as anything in SIP: completely if you're actually using TLS, not at all if you're not. A MITM fiddling with this parameter on SIP-without-TLS can cause problems, but those problems are approximately the same as for all other parts of the unprotected URI.

I'm not a fan of having every SIP document say "if you aren't using TLS like we said you should, you're in danger", so I think it is fine that this one doesn't say that. There are no other significant security considerations beyond the one above.

--Paul Hoffman