[secdir] Review of draft-ietf-simple-msrp-cema-03
Nico Williams <nico@cryptonector.com> Wed, 14 December 2011 05:51 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 318CB11E80BB for <secdir@ietfa.amsl.com>; Tue, 13 Dec 2011 21:51:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.924
X-Spam-Level:
X-Spam-Status: No, score=-1.924 tagged_above=-999 required=5 tests=[AWL=0.053, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i4b+CiueZiBy for <secdir@ietfa.amsl.com>; Tue, 13 Dec 2011 21:51:18 -0800 (PST)
Received: from homiemail-a29.g.dreamhost.com (caiajhbdcaid.dreamhost.com [208.97.132.83]) by ietfa.amsl.com (Postfix) with ESMTP id 641FC11E80BA for <secdir@ietf.org>; Tue, 13 Dec 2011 21:51:18 -0800 (PST)
Received: from homiemail-a29.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a29.g.dreamhost.com (Postfix) with ESMTP id 26E16674059 for <secdir@ietf.org>; Tue, 13 Dec 2011 21:51:18 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :date:message-id:subject:from:to:content-type; q=dns; s= cryptonector.com; b=ePohLPqxwcroRXdXqktUzVfWpQ08/bM2zVuHrVuKknxU 9e6RRGB1tu6St2rdUMHbR9chrgvr131azCG79n4WQ/N3MbBQTFdEuZIgmPgF3vkD ZlQvFdLFhxkbLQRtq67l5HhOaH9562ACVjonc0CpxTQw0lVf4QpcaUA4FP6WK8Q=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:date:message-id:subject:from:to:content-type; s= cryptonector.com; bh=jLgMVsGNGPRI/RnanW4nKLHuw6E=; b=P6TGESpCZ6C a+3/CtKZlqz+j7d6HxC+tMkFHpnb3u78kL83zS72N+Owz+Nzt7cxxyw/wa1DhKse 2ddbqBloKs36CxknbVo+jQprVHfJ+JI3LyBH+FbwALoVR957d+WGWg1nwV8Gjohl P31ZWobTAhMSXxZCVAjo6Vak9cadZTvY=
Received: from mail-vx0-f172.google.com (mail-vx0-f172.google.com [209.85.220.172]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a29.g.dreamhost.com (Postfix) with ESMTPSA id EED2E674058 for <secdir@ietf.org>; Tue, 13 Dec 2011 21:51:17 -0800 (PST)
Received: by vcbfy13 with SMTP id fy13so369576vcb.31 for <secdir@ietf.org>; Tue, 13 Dec 2011 21:51:17 -0800 (PST)
MIME-Version: 1.0
Received: by 10.52.34.167 with SMTP id a7mr3043470vdj.123.1323841877297; Tue, 13 Dec 2011 21:51:17 -0800 (PST)
Received: by 10.220.155.197 with HTTP; Tue, 13 Dec 2011 21:51:17 -0800 (PST)
Date: Tue, 13 Dec 2011 23:51:17 -0600
Message-ID: <CAK3OfOgGTbzo6=Ob=iRabkA=Sr-botD=2TfcvDeg5=m8iGA2pA@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: secdir@ietf.org, draft-ietf-simple-msrp-cema.all@tools.ietf.org
Content-Type: text/plain; charset="UTF-8"
Subject: [secdir] Review of draft-ietf-simple-msrp-cema-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Dec 2011 05:51:19 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. CEMA is an SDP/MSRP extension that enables the "anchoring" of MSRP traffic through middleboxes that do not act as MITMs. This is a good thing if such anchoring is needed at all. The security considerations seems complete enough to me, and I believe it matches the media anchoring mechanism described in section 4, though I'm not sufficiently familiar with MSRP to say so for certain. In general it seems that CEMA improves security here (by allowing proxies to anchor media without having to act as MITMs) without making it worse in any way: in particular security generally depends on signaling security in SIP. Nico --
- [secdir] Review of draft-ietf-simple-msrp-cema-03 Nico Williams
- Re: [secdir] Review of draft-ietf-simple-msrp-cem… Christer Holmberg