Re: [secdir] secdir review for draft-holmberg-dispatch-rfc7315-updates-07
Christer Holmberg <christer.holmberg@ericsson.com> Tue, 12 July 2016 09:31 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB9EC12B026; Tue, 12 Jul 2016 02:31:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QPdi-URvslug; Tue, 12 Jul 2016 02:31:33 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC45A128874; Tue, 12 Jul 2016 02:31:32 -0700 (PDT)
X-AuditID: c1b4fb3a-f79386d00000467b-f8-5784b8f13c26
Received: from ESESSHC003.ericsson.se (Unknown_Domain [153.88.183.27]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id 91.D6.18043.1F8B4875; Tue, 12 Jul 2016 11:31:29 +0200 (CEST)
Received: from ESESSMB208.ericsson.se ([169.254.8.19]) by ESESSHC003.ericsson.se ([153.88.183.27]) with mapi id 14.03.0294.000; Tue, 12 Jul 2016 11:31:29 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: "Steve.Hanna@infineon.com" <Steve.Hanna@infineon.com>, "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "draft-holmberg-dispatch-rfc7315-updates.all@tools.ietf.org" <draft-holmberg-dispatch-rfc7315-updates.all@tools.ietf.org>
Thread-Topic: secdir review for draft-holmberg-dispatch-rfc7315-updates-07
Thread-Index: AQHR1+8cuqB1sCfCAE+GA8aRMX4gMaAMMLswgAhxqwA=
Date: Tue, 12 Jul 2016 09:31:28 +0000
Message-ID: <D3AA8258.BB26%christer.holmberg@ericsson.com>
References: <a390c5a2-e225-4343-5054-fdee4f0e02f1@hannas.com> <fc93928b765a40bfa92117f3c1585eee@KLUSE610.infineon.com>
In-Reply-To: <fc93928b765a40bfa92117f3c1585eee@KLUSE610.infineon.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.5.160527
x-originating-ip: [153.88.183.18]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <4656BEC50D7B8944B3CC2AC991E77F39@ericsson.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrHIsWRmVeSWpSXmKPExsUyM2K7tO7HHS3hBpe/WlusfuxrMePPRGaL DwsfslhcmDaL3YHFY8mSn0wes3dNYvH4cvkzWwBzFJdNSmpOZllqkb5dAlfGh70N7AUNwhWz JjYwNzDO4O9i5OCQEDCRWHytsIuRE8gUk7hwbz1bFyMXh5DAEUaJU42f2SGcxYwSZ19vYQJp YBOwkOj+pw0SFxFoYJK43d3MDtItLOApMbV1AxuILSLgJXG/7TmUbSWxsusZE4jNIqAqsWv1 LhYQmxcovqf9GDOILSRQIXH/0i4wm1PAVeLiq14wmxHoou+n1oD1MguIS9x6Mp8J4lIBiSV7 zjND2KISLx//YwWxRQX0JL5/nQ0VV5T4+GofI0SvnsSNqVPYIGxriXu/t7FD2NoSyxa+Zoa4 R1Di5MwnLBMYxWchWTcLSfssJO2zkLTPQtK+gJF1FaNocWpxcW66kZFealFmcnFxfp5eXmrJ JkZgLB7c8ttqB+PB546HGAU4GJV4eBfcaw4XYk0sK67MPcQowcGsJMK7Zn1LuBBvSmJlVWpR fnxRaU5q8SFGaQ4WJXFe/5eK4UIC6YklqdmpqQWpRTBZJg5OqQbGOe9S2m7EpKybM6GaNTfm 28YOeRs17o3WqyZocjy2LlqVfcI25Y90/P6q1GW7bP1O3M7zUGG8+2AuI/e+ZZfZdiVm8fGy L3XcW/iE5+7JP5N0ln5/3dXf3rHLzuaNXJ2ouDyrrZzwJN6Lfm4OnVXT1p7Pm+dVFePtN/2h 4fvDbMtu2U00PW2qxFKckWioxVxUnAgAiXfzYMECAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/CJQw330pKYRMMwKg6Wlvys_aKMg>
Subject: Re: [secdir] secdir review for draft-holmberg-dispatch-rfc7315-updates-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jul 2016 09:31:35 -0000
Hi Steve, Thanks for your comments! Please see inline. >I have reviewed this document as part of the security directorate's >ongoing effort to review all IETF documents being processed by the >IESG. These comments were written primarily for the benefit of the >security area directors. Document editors and WG chairs should treat >these comments just like any other last call comments. > >This document updates RFC 7315 by changing restrictions on where >certain SIP private header extensions may be included, in order to >address new 3GPP use cases. > >This document is Ready with nits. > >I know little about SIP or 3GPP. I do know security, though. > >After reading this document and also reading the Security >Considerations section of RFC 7315, I believe that this document >is OK from a security standpoint. Few new security issues are >raised by this document and those that arise are properly >documented in the Security Considerations section of this >document. However, there are a few typos in the Security >Considerations section. > >* The second sentence of the Security Considerations section > ends with "the security considerations and assumptions (e.g. > regarding only sending information to trusted entities) also > to those messages." This clause is missing a verb. Maybe the > word "apply" should appear before "to those messages². Also, > greater clarity could be achieved by changing "the security > considerations and assumptions" in that sentence fragment to > "the security considerations and assumptions described in > RFC 7315". I¹ll fix as suggested: NEW: "This specification allows some header fields to be present in messages where they were previously not allowed, and the security considerations and assumptions described in [RFC7315] (e.g. regarding only sending information to trusted entities) also apply to those messages." > >* In the third sentence of the Security Considerations section, > "disallow" should be "disallows" and "message" should be > "messages". I¹ll fix as suggested. >* In the fourth sentence of the Security Considerations section, > "if a header field occur" should be "if a header field occurs". I¹ll fix as suggested. >With these minor changes, I think the document will be ready >to go from a security standpoint. Thanks! Regards, Christer
- [secdir] secdir review for draft-holmberg-dispatc… Steve.Hanna
- Re: [secdir] secdir review for draft-holmberg-dis… Christer Holmberg