[secdir] a few brief comments on raft-ietf-speermint-voip-consolidated-usecases-14

Sandra Murphy <sandy@sparta.com> Thu, 08 October 2009 17:10 UTC

Return-Path: <Sandra.Murphy@cobham.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 6772228C0E6 for <secdir@core3.amsl.com>; Thu, 8 Oct 2009 10:10:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.483
X-Spam-Status: No, score=-2.483 tagged_above=-999 required=5 tests=[AWL=0.116, BAYES_00=-2.599]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id XoLGWcninGZb for <secdir@core3.amsl.com>; Thu, 8 Oct 2009 10:10:26 -0700 (PDT)
Received: from M4.sparta.com (M4.sparta.com []) by core3.amsl.com (Postfix) with ESMTP id 2AF0128C1B0 for <secdir@ietf.org>; Thu, 8 Oct 2009 10:10:25 -0700 (PDT)
Received: from Beta5.sparta.com (beta5.sparta.com []) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id n98HC6Be017736; Thu, 8 Oct 2009 12:12:06 -0500
Received: from nemo.columbia.ads.sparta.com (nemo.columbia.sparta.com []) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id n98HC5uU004833; Thu, 8 Oct 2009 12:12:05 -0500
Received: from SANDYM-LT.columbia.ads.sparta.com ([]) by nemo.columbia.ads.sparta.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Thu, 8 Oct 2009 13:12:05 -0400
Date: Thu, 8 Oct 2009 13:12:02 -0400 (Eastern Daylight Time)
From: Sandra Murphy <sandy@sparta.com>
To: secdir@ietf.org
Message-ID: <Pine.WNT.4.64.0910081254130.3532@SANDYM-LT.columbia.ads.sparta.com>
X-X-Sender: sandy@nemo.columbia.sparta.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-OriginalArrivalTime: 08 Oct 2009 17:12:05.0276 (UTC) FILETIME=[75A87DC0:01CA483A]
Cc: adam.uzelac@globalcrossing.com, yiu_lee@cable.comcast.com
Subject: [secdir] a few brief comments on raft-ietf-speermint-voip-consolidated-usecases-14
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Oct 2009 17:10:27 -0000

I am reviewing this document 
draft-ietf-speermint-voip-consolidated-usecases-14 as part of the security 
directorate's ongoing effort to review all IETF documents being processed 
by the IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments (that you received 
well after last call). Feel free to forward to any appropriate forum.

This document covers use cases for voip to guide development of work in 
the speermint wg.  As such, it introduces no security concerns.  It points 
to the threats document for discussion of threats related to peering.

I did have questions, and attempted to contact the authors at the last 
IETF, but one author did not attend and the other author and I were not 
able to meet (and as I missed the last call they wanted to consider only 
minor changes).

The draft discusses five different use cases, some of which have security 

The comments below could be covered in the threats document.

Static Direct Peering
Static Direct Peering (with an assisting LUF and LRF )
Static Indirect Peering (with han assisting LUF and LRF)
Static Indirect Peering
On-demand Peering

The indirect peering cases say that there may be multiple intermediate 
SSPs between the originating and terminating SSP.  There's no discussion 
of the trust environment for that model (though there is a bit of 
discussion of the trust involved in outsourcing to an assigting LUF or 
LRF in the second case).  I found mentions in the terminology draft of 
federations, and imagine that these indirect cases would require a 
federation model.  If that is the case, it should be mentioned here.

The terminology draft talks of indirect peering as a single transit SSP, 
not the multiple intermediate SSPs mentioned here.  Some of the discussion 
of the indirect case here seem to consider only a single transit (so the 
origin and termination SSPs would both be directly connected to all 
tansits involved), but section 5.4 says there may be multiple.  A 
federation with a common trust model would work.

The direct peering -assisting LUF/LRF case says the the assisting SSP 
might have other customers and would have to be trusted to separate them 
all.  The common LUF/LRF function uses DNS, which has no mechanism for 
providing searation like that.  However, I'm told that there are 
implementations that do provide that service.  I presume it is OK to rely 
on an implementation feature and negotiation between the origin and 
assisting LUF to require such a feature?