[secdir] secdir review of draft-ietf-sipping-nat-scenarios-15

"Scott G. Kelly" <scott@hyperthought.com> Fri, 18 March 2011 23:22 UTC

Return-Path: <scott@hyperthought.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id ACAC23A6A96 for <secdir@core3.amsl.com>; Fri, 18 Mar 2011 16:22:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.74
X-Spam-Status: No, score=-1.74 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id jY1MqV3PPNU6 for <secdir@core3.amsl.com>; Fri, 18 Mar 2011 16:22:09 -0700 (PDT)
Received: from smtp152.iad.emailsrvr.com (smtp152.iad.emailsrvr.com []) by core3.amsl.com (Postfix) with ESMTP id 8C7443A6A9F for <secdir@ietf.org>; Fri, 18 Mar 2011 16:22:05 -0700 (PDT)
Received: from localhost (localhost.localdomain []) by smtp55.relay.iad1a.emailsrvr.com (SMTP Server) with ESMTP id 2A1BD2E0315; Fri, 18 Mar 2011 19:23:35 -0400 (EDT)
X-Virus-Scanned: OK
Received: from dynamic14.wm-web.iad.mlsrvr.com (dynamic14.wm-web.iad1a.rsapps.net []) by smtp55.relay.iad1a.emailsrvr.com (SMTP Server) with ESMTP id CB6F82E031E; Fri, 18 Mar 2011 19:23:34 -0400 (EDT)
Received: from hyperthought.com (localhost []) by dynamic14.wm-web.iad.mlsrvr.com (Postfix) with ESMTP id 89F2D2E9802E; Fri, 18 Mar 2011 19:23:34 -0400 (EDT)
Received: by apps.rackspace.com (Authenticated sender: scott@hyperthought.com, from: scott@hyperthought.com) with HTTP; Fri, 18 Mar 2011 16:23:34 -0700 (PDT)
Date: Fri, 18 Mar 2011 16:23:34 -0700
From: "Scott G. Kelly" <scott@hyperthought.com>
To: draft-ietf-sipping-nat-scenarios.all@tools.ietf.org, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Importance: Normal
X-Priority: 3 (Normal)
X-Type: plain
Message-ID: <1300490614.563813951@>
X-Mailer: webmail8
Subject: [secdir] secdir review of draft-ietf-sipping-nat-scenarios-15
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Mar 2011 23:22:12 -0000

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

This draft is a summary of best practices/recommendations for SIP session NAT traversal. It is well-written, although to say it is easy to understand (especially for someone not steeped in SIP NAT traversal lore) would be to significantly understate the ground it covers.

The security considerations is among the most concise I've ever seen, simply stating "There are no Security Considerations beyond the ones inherited by reference." My security geek hackles went up a little when I read that, but after looking at some of the referenced RFCs and thinking about it for a bit, I couldn't think of any attacks that aren't already covered in the security considerations of those documents. So, I don't have any concrete criticisms or concerns with this document.