[secdir] SECDIR review of draft-ietf-pmol-sip-perf-metrics-04
Phillip Hallam-Baker <hallam@gmail.com> Wed, 07 October 2009 01:59 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0DD0F28C0E4 for <secdir@core3.amsl.com>; Tue, 6 Oct 2009 18:59:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.811
X-Spam-Level:
X-Spam-Status: No, score=-1.811 tagged_above=-999 required=5 tests=[AWL=-1.071, BAYES_20=-0.74]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7jya4V8qXO41 for <secdir@core3.amsl.com>; Tue, 6 Oct 2009 18:59:09 -0700 (PDT)
Received: from mail-yw0-f185.google.com (mail-yw0-f185.google.com [209.85.211.185]) by core3.amsl.com (Postfix) with ESMTP id 1874C3A6876 for <secdir@ietf.org>; Tue, 6 Oct 2009 18:59:09 -0700 (PDT)
Received: by ywh15 with SMTP id 15so4218561ywh.5 for <secdir@ietf.org>; Tue, 06 Oct 2009 19:00:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=V8bTMCC4uOr9zNcpraG30rhMzba29VMgC8S9eoP89zE=; b=g5KLwXDzQTuRChqt+4dC/mZhhZXryku/ocXVLLqG2TfswUChZZ+0S47X+OKLEdQwgZ pEhDCjIVvr21wC/+iBpOBBPQoPp1e7ep1NN3vA9MqnzjwQtDebFMrDtSZEgR5Jlf4/BW vzlQzMOsfU9uRmekJDswIFGzXgne3sfQ8HJjY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=wrGDGN5C8PVSjK6yMR+UXRgHx/FuysY+sPvc8Ylc5fIQK+nlYaPQE0T4K4b/aT10rc ZL+OtTeVC6RS/72b4glG0asddxl2AXqPc1KIrK9eUL2jL5tLfRgSQ+nMKb2OEINbp2lz zng3dcddaVOV6T10ukfQrtn0YFDr6kuXSM3ow=
MIME-Version: 1.0
Received: by 10.90.23.21 with SMTP id 21mr1110329agw.59.1254880843962; Tue, 06 Oct 2009 19:00:43 -0700 (PDT)
Date: Tue, 06 Oct 2009 22:00:43 -0400
Message-ID: <a123a5d60910061900s8d467f5p79997ff55c548082@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: secdir@ietf.org, d.malas@cablelabs.com, acmorton@att.com
Content-Type: text/plain; charset="ISO-8859-1"
Subject: [secdir] SECDIR review of draft-ietf-pmol-sip-perf-metrics-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Oct 2009 01:59:12 -0000
I am reviewing this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Feel free to forward to any appropriate forum. This document defines metrics for measuring the performance of SIP systems but not a protocol for their exchange. As such it is entirely appropriate that this document relies on the security section in the main SIP protocol which is extensive. One small area of concern is that the security considerations section appears to operate under the assumption that the chief security concern would be confidentiality. While it is possible that this might be the case, it is also quite likely that any metrics system would be employed for purposes in connection with billing. Hence there is likely to be an integrity concern with one party or another manipulating metrics for the purpose of avoiding payments due or for imposing unjustified payments or penalties. -- New Website: http://hallambaker.com/ View Quantum of Stupid podcasts, Tuesday and Thursday each week, http://quantumofstupid.com/
- [secdir] SECDIR review of draft-ietf-pmol-sip-per… Phillip Hallam-Baker