[secdir] SecDir review of draft-ietf-sipping-cc-framework
Magnus Nyström <magnus@rsa.com> Sun, 14 June 2009 21:36 UTC
Return-Path: <magnus@rsa.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1678E3A6878; Sun, 14 Jun 2009 14:36:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.299
X-Spam-Level:
X-Spam-Status: No, score=-6.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kqbNzNcQ9fzH; Sun, 14 Jun 2009 14:36:54 -0700 (PDT)
Received: from mexforward.lss.emc.com (mexforward.lss.emc.com [128.222.32.20]) by core3.amsl.com (Postfix) with ESMTP id 0C1833A689C; Sun, 14 Jun 2009 14:36:53 -0700 (PDT)
Received: from hop04-l1d11-si02.isus.emc.com (HOP04-L1D11-SI02.isus.emc.com [10.254.111.55]) by mexforward.lss.emc.com (Switch-3.3.2/Switch-3.1.7) with ESMTP id n5ELax5d021430 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 14 Jun 2009 17:36:59 -0400
Received: from mailhub.lss.emc.com (numailhub.lss.emc.com [10.254.144.16]) by hop04-l1d11-si02.isus.emc.com (Tablus Interceptor); Sun, 14 Jun 2009 17:36:53 -0400
Received: from corpussmtp1.corp.emc.com (corpussmtp1.corp.emc.com [128.221.10.43]) by mailhub.lss.emc.com (Switch-3.3.2/Switch-3.3.2) with ESMTP id n5ELaq6L003050; Sun, 14 Jun 2009 17:36:52 -0400
Received: from CORPUSMX50B.corp.emc.com ([128.221.62.39]) by corpussmtp1.corp.emc.com with Microsoft SMTPSVC(6.0.3790.3959); Sun, 14 Jun 2009 17:36:51 -0400
Received: from W-JNISBETTEST-1.tablus.com ([10.4.144.11]) by CORPUSMX50B.corp.emc.com with Microsoft SMTPSVC(6.0.3790.3959); Sun, 14 Jun 2009 17:36:49 -0400
Date: Sun, 14 Jun 2009 23:37:10 +0200
From: Magnus Nyström <magnus@rsa.com>
To: iesg@ietf.org, secdir@ietf.org, rjsparks@nostrum.com, fluffy@cisco.com
In-Reply-To: <Pine.WNT.4.64.0905032241410.5248@W-JNISBETTEST-1.tablus.com>
Message-ID: <Pine.WNT.4.64.0906142309020.632@W-JNISBETTEST-1.tablus.com>
References: <Pine.WNT.4.64.0805121031000.2612@W-JNISBETTEST-1.tablus.com> <Pine.WNT.4.64.0811051802030.7640@W-JNISBETTEST-1.tablus.com> <Pine.WNT.4.64.0812101529200.3888@W-JNISBETTEST-1.tablus.com> <Pine.WNT.4.64.0902161338530.5224@W-JNISBETTEST-1.tablus.com> <Pine.WNT.4.64.0905032241410.5248@W-JNISBETTEST-1.tablus.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-OriginalArrivalTime: 14 Jun 2009 21:36:50.0098 (UTC) FILETIME=[39D4F920:01C9ED38]
X-EMM-EM: Active
Cc: rohan@ekabal.com, jdrosen@cisco.com, secdir-secretary@ietf.org, dpetrie@sipez.com, alan@sipstation.com, rjsparks@nostrum.com
Subject: [secdir] SecDir review of draft-ietf-sipping-cc-framework
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Jun 2009 21:36:55 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Background ---------- This document describes a framework for call control and multi-party usage of SIP (while the abstract also talks about requirements, I did not see any strong requirements - at least there are no normative statements in the RFC 2119 sense in the document). Comments -------- Although brief, the Security Considerations section reads well (a more comprehensive trust/threat model analysis for the proposed framework would have been nice though). It could be useful to add a sentence or two on anonymity aspects in the context of the proposed framework. The body of the text mentions this aspect in passing once (2.6.4) but there is no mentioning in the Security Considerations section. In the sixth paragraph, an explicit method for replay attack prevention is recommended (lower-case "should"). I am not sure about the reason for this and could potentially see other ways to mitigate such attacks. Hence, one suggestion could be to replace the current "In the case of features initiated by a former participant, these should be protected against replay attacks by using a unique name or identifier per invocation" with: "In the case of features initiated by a former participant, these should be protected against replay attacks, e.g. by using a unique name or identifier per invocation." For clarity, I also suggest changing this section's last sentence to: "These credentials may for example need to be passed transitively or fetched in an event body." A question: The third paragraph in the Security Considerations section refers to Section 3.2 - might this be Section 2.3? General/editorial: - Abstract states "This framework also describes other goals that embody the spirit of SIP applications as used on the Internet" - it would have been useful if this sentence at least had identified a few of these goals. - Section 2.3: "peers can take advantage of end-to-end message integrity or encryption" - I would say this applies only when certain conditions are met and hence perhaps something like "peers may take advantage..." or similar would be better. - Section 2.6.7.2: Acronym "IVR" introduced without explanation. An early "Acronyms" section would be useful. - Section 3: The sentence "One means of accomplishing this is through the ability to define and obtain URIs for these actions as described in section ." seems to be missing the final section reference. -- Magnus
- [secdir] Review of draft-ietf-vrrp-unified-spec-02 Magnus Nyström
- Re: [secdir] Review of draft-ietf-vrrp-unified-sp… Stephen Nadas
- [secdir] Review of draft-freed-sieve-ihave-03 Magnus Nyström
- [secdir] SecDir review of draft-ietf-avt-rtp-uemc… Magnus Nyström
- [secdir] SecDir review of draft-ietf-mpls-p2mp-te… Magnus Nyström
- Re: [secdir] SecDir review of draft-ietf-mpls-p2m… Adrian Farrel
- [secdir] SecDir review of draft-ietf-sipping-cc-f… Magnus Nyström
- Re: [secdir] SecDir review of draft-ietf-sipping-… Alan Johnston
- [secdir] SecDir review of draft-ietf-opsawg-syslo… Magnus Nyström
- Re: [secdir] SecDir review of draft-ietf-opsawg-s… Romascanu, Dan (Dan)
- Re: [secdir] SecDir review of draft-ietf-opsawg-s… David Harrington