Re: [secdir] secdir review of draft-groves-megaco-pkgereg-02
Christian Groves <Christian.Groves@nteczone.com> Fri, 13 February 2009 00:58 UTC
Return-Path: <secdir-bounces@mit.edu>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4D9A728C15C for <secdir@core3.amsl.com>; Thu, 12 Feb 2009 16:58:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.602
X-Spam-Level:
X-Spam-Status: No, score=-4.602 tagged_above=-999 required=5 tests=[AWL=1.997, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eyPSOKpmEFOi for <secdir@core3.amsl.com>; Thu, 12 Feb 2009 16:58:40 -0800 (PST)
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by core3.amsl.com (Postfix) with ESMTP id 44ACA28C157 for <secdir@ietf.org>; Thu, 12 Feb 2009 16:58:40 -0800 (PST)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id n1D0wjVD025984 for <secdir@ietf.org>; Thu, 12 Feb 2009 19:58:45 -0500
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id n1D0wf38025957 for <secdir@PCH.mit.edu>; Thu, 12 Feb 2009 19:58:41 -0500
Received: from mit.edu (M24-004-BARRACUDA-3.MIT.EDU [18.7.7.114]) by pacific-carrier-annex.mit.edu (8.13.6/8.9.2) with ESMTP id n1D0wXav028610 for <secdir@mit.edu>; Thu, 12 Feb 2009 19:58:34 -0500 (EST)
Received: from ipmail05.adl2.internode.on.net (ipmail05.adl2.internode.on.net [203.16.214.145]) by mit.edu (Spam Firewall) with ESMTP id 6231A12A9E45 for <secdir@mit.edu>; Thu, 12 Feb 2009 19:57:56 -0500 (EST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AjsBAFZSlEl5LNjE/2dsb2JhbAAIxUAJjmcBgmKBNQY
X-IronPort-AV: E=Sophos;i="4.38,199,1233495000"; d="scan'208";a="317262561"
Received: from ppp121-44-216-196.lns10.mel4.internode.on.net (HELO [192.168.0.4]) ([121.44.216.196]) by ipmail05.adl2.internode.on.net with ESMTP; 13 Feb 2009 11:27:48 +1030
Message-ID: <4994C57F.2090008@nteczone.com>
Date: Fri, 13 Feb 2009 11:57:35 +1100
From: Christian Groves <Christian.Groves@nteczone.com>
User-Agent: Thunderbird 2.0.0.19 (Windows/20081209)
MIME-Version: 1.0
To: Catherine Meadows <catherine.meadows@nrl.navy.mil>
References: <8716AA45-149F-4E94-86DA-8953D4AA73C4@nrl.navy.mil>
In-Reply-To: <8716AA45-149F-4E94-86DA-8953D4AA73C4@nrl.navy.mil>
X-Scanned-By: MIMEDefang 2.42
X-BeenThere: secdir@mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: secdir-bounces@mit.edu
Errors-To: secdir-bounces@mit.edu
X-Mailman-Approved-At: Sun, 15 Feb 2009 19:06:57 -0800
Cc: fluffy@cisco.com, secdir@mit.edu, linyangbo@huawei.com, iesg@ietf.org
Subject: Re: [secdir] secdir review of draft-groves-megaco-pkgereg-02
X-BeenThere: secdir@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Feb 2009 00:58:41 -0000
Hello Catherine, Thankyou for the review of the draft. You are correct that the draft basically introduces a formal review step for PackageID allocations. In developing the draft I took the assumption that the use of packages (and associated PackageID allocation) has been a long established practice. Therefore I didn't delve into protocol operation. Whilst packages may define extra procedures and codepoints these are done within the framework of the core protocol specfication. It is not possible to update the core protocol through a package specification. The use of the H.248.1 core protocol is agreed between a MGC/MG. H.248 ServiceChange procedures establish a H.248 control association between the MGC/MG. To establish an association there must be a level of trust between the MGC/MG. In the context of this control association (and trust) the elements (properties/signals/events/statistics) from the Packages are conveyed between the MGC and MG. An MGC/MG will only act upon elements that it knows. If it does not understand an PackageID or package element then an error response is returned only in the context of the control association. So if someone wrote a malicious Package Specification and implemented it in a MGC or MG it would be unlikely to cause problems. As H.248 is a master slave protocol if the malicious package was implemented in the MGC and not the MG there would be no action because the MG would not understand the PackageID (and elements). If the malicious package was implemented on the MG there would be no affect because the MGC would never command the MG to use it. If the malicious package was implemented in both the MGC and MG then there's a wider non-H.248 issue that someone has managed to install software on both the MGC and the MG. It is highly unlikely for such a person to ask IANA for a PackageID when they could use any one they want. Indeed the allocation of "Private" PackageIDs with little review is allowed. Keeping this is mind I'm not sure that I understand your point with regards to ambiguity leading to spoofing. Could you elaborate? Please see some further comments below. Regards, Christian Catherine Meadows wrote: > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > > This draft concerns the H.248/MEGACO IANA Package Registration > procedures. It updates the procedure so that a formal review step, > since the IETF Megaco > working group, which previously did an informal review, is now > disbanded. > > Since this merely updates the package review process to include a > formal review, the ID claims > that this introduces no extra security concerns, other than to require > that the requester of a review > and registration of a package is authorized to do so. However, I > wonder if it would be appropriate > to include some language saying that the review process should address > any potential security > concerns a package may introduce. [CNG] I can add some general text to say that the reviewer should address any potential security concerns. > I am not an expert on this protocol, but packages appear to be fairly > complex structures that support terminations, which are sources and/or > sinks. Ambiguity in packages > would be a security concern (possibly allowing spoofing, if I > understand this correctly); this > is already covered in the review process recommended in this ID. [CNG] Please see my initial comments. > I would like to see more justification > in the security concerns section that this is the *only* security > concerned introduced by new packages > before I feel comfortable with this. [CNG] I can add something based on the outcome of our discussions. > > The ID says that security concerns for the H.248/MEGACO protocol > are discussed in H.248.1 section 10. Note that this itself > appears to be a draft . Also, it only discusses security in an IP > setting. That should presumably not be a problem > for the IETF, since that is what we are concerned about, but it should > still be mentioned, so that the > reader doesn't think that document covers security in general. [CNG] With regards to H.248.1 being a draft, it is an approved document. It is state "pre-published" for editorial reasons i.e. translation must be done etc. The technical content does not change. With regards to H.248.1 section 10 being IP specific yes I agree I can add some text to this effect. > > > Catherine Meadows > Naval Research Laboratory > Code 5543 > 4555 Overlook Ave., S.W. > Washington DC, 20375 > phone: 202-767-3490 > fax: 202-404-7942 > email: catherine.meadows@nrl.navy.mil > <mailto:catherine.meadows@nrl.navy.mil> > _______________________________________________ secdir mailing list secdir@mit.edu https://mailman.mit.edu/mailman/listinfo/secdir
- [secdir] secdir review of draft-groves-megaco-pkg… Catherine Meadows
- [secdir] Fwd: secdir review of draft-groves-megac… Catherine Meadows
- Re: [secdir] secdir review of draft-groves-megaco… Christian Groves