[secdir] Secdir last call review of draft-ietf-sipcore-rejected-08

Nancy Cam-Winget via Datatracker <noreply@ietf.org> Tue, 02 July 2019 16:15 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B6D92120412; Tue, 2 Jul 2019 09:15:36 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Nancy Cam-Winget via Datatracker <noreply@ietf.org>
To: <secdir@ietf.org>
Cc: sipcore@ietf.org, draft-ietf-sipcore-rejected.all@ietf.org, ietf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.98.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Nancy Cam-Winget <ncamwing@cisco.com>
Message-ID: <156208413663.23908.7643344599862494056@ietfa.amsl.com>
Date: Tue, 02 Jul 2019 09:15:36 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/HCAUcITqnY1pZaLkwSomkWmxIhA>
Subject: [secdir] Secdir last call review of draft-ietf-sipcore-rejected-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jul 2019 16:15:37 -0000

Reviewer: Nancy Cam-Winget
Review result: Has Nits

SECDIR review of draft-ietf-sipcore-rejected-08

Reviewer: Nancy Cam-Winget
Review result: Ready with Nits

I have reviewed this document as part of the security directorate'sÊ
ongoing effort to review all IETF documents being processed by theÊ
IESG.ÊÊThese comments were written primarily for the benefit of theÊ
security area directors.ÊÊDocument editors and WG chairs should treatÊ
these comments just like any other last call comments.

This document defines the use of value 608 as the "rejected" SIP response code.
More specifically, the intent is to define a code such that an intermediary
(e.g. an analytics engine versus the target user server) can signal that it is
rejecting the call.

The following are general comments and suggestions (and editorial nits at the
end):

3.1 "Proxies need to be mindful that a downstream intermediary may reject....",
this seems  too imply that there are other nodes in the path that can generate
the 608 reject.  What is the underlying key used to sign the JWT and how can
this be validated as being a proper and identifiably authorized intermediary to
issue such a 608 signal?  What happens if multiple intermediaries want to
reject the call? Perhaps adding a sentence here would be helpful.

6. "Yet another risk is a malicious intermediary.....strongly recommend the
recipient validates to whom they are communicating"; it seems like perhaps this
should be a MUST in that the recipient should validate that both the message is
valid but also the sender can be trusted. Signing the jCard is actually a MUST.
This paragraph is a bit long and hard to discern, it could benefit from
breaking it into the different considerations: the need to at minimum sign the
jCard, the need to also trust (verify the authorization or validity of the
source).
  - there should also be considerations or how to handle multiple
  intermediaries sending the sip.608 signals

Editorial nits:

- I presume the [RFCXXXX] refers to this draft once it is RFC'ed....

3.4 "The simple rule is a network element ....", this should be a stronger MUST
that is the network element that is sip.608 "MUST convey at a minimum..."