[secdir] Secdir review of draft-ietf-p2psip-concepts-08
Radia Perlman <radiaperlman@gmail.com> Thu, 10 March 2016 17:57 UTC
Return-Path: <radiaperlman@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 637C212DAB9; Thu, 10 Mar 2016 09:57:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q1eJLRFFKsy5; Thu, 10 Mar 2016 09:57:35 -0800 (PST)
Received: from mail-ob0-x231.google.com (mail-ob0-x231.google.com [IPv6:2607:f8b0:4003:c01::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7BF312DAE6; Thu, 10 Mar 2016 09:57:34 -0800 (PST)
Received: by mail-ob0-x231.google.com with SMTP id m7so88437666obh.3; Thu, 10 Mar 2016 09:57:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to; bh=u/dqbUmPeYK343M/McJzCS2nIAKR7T2Bo5UEGzxNi1M=; b=KQCpfxpAe6O0NfWjhCdFEt7uMPChlcOCxrDauL1a2tUhVd+RHrYcwTJk13qb1CHa5T NdLzZXnM3gFUsQQ5rzUbqyuHcgorjadMZIQFsCeDvIWciPGPHSzT8zBHRv8myzPnDDO9 qCxwmDxSgUYjo6P90DR53nPTyg+NIxQoJXKQy5WiCI4JfzT2v8aQatnLABOzbFdH8bYR ef3eEySl9WLzBMPlIGulqnRXVQ+e9q2XbgcUZmqcNGOrYD9pn8TN5mEiGoarKRNN6HN9 IZCJtxQbKpJOd0uo9aJRCmC9Fap+XPeK/liKAimnX4sIPoRHMdRcHcHwtK1bLjZrkc8z Db3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to; bh=u/dqbUmPeYK343M/McJzCS2nIAKR7T2Bo5UEGzxNi1M=; b=eSlfY+gTsMIDi/w63Vj0p3j0OpN38KrQpDnKzufyX4RJDz7/0tJtJqFaAO6aDHcPmI 8y3hvuCZqLLJSt6aTh5qYUIOCyDbuV/8XmccEqvFCT8k4n5nKCy/lSAN1yeLIDi1fMSz rN2GMwMsdFf3hO4YxqDFRK0seXuoQj5zclba6uzYDatiSZx95zSqBRqq+pB7hDlA1FY3 Dduj6DAzYbE1dhbwPrPZai5+Anu2MynWlGC4RBbMGPIKHzQOQcLU5MfhcMuF2WX4T1l5 G/UpFy6Eiw0QT28AHmYJDWIu2VoaudnByI2+5SfMofFUN/rkaivZ5vDYVUyUdJFubQuF JChA==
X-Gm-Message-State: AD7BkJJbh6t0M8AX4/UdfO7hnbJGi+SaLGPLMd9x3+SGfnwFYwJR0zop3+PTdKv+YrWcbwXbGVdnXtZgVIJMmA==
MIME-Version: 1.0
X-Received: by 10.60.156.103 with SMTP id wd7mr2855921oeb.47.1457632654242; Thu, 10 Mar 2016 09:57:34 -0800 (PST)
Received: by 10.182.159.1 with HTTP; Thu, 10 Mar 2016 09:57:34 -0800 (PST)
Date: Thu, 10 Mar 2016 09:57:34 -0800
Message-ID: <CAFOuuo7MpSbTfMzAZgV1B1xVi0D4R7bwotbzTe=3RAY-O_vXhw@mail.gmail.com>
From: Radia Perlman <radiaperlman@gmail.com>
To: "secdir@ietf.org" <secdir@ietf.org>, The IESG <iesg@ietf.org>, draft-ietf-p2psip-concepts.all@tools.ietf.org
Content-Type: multipart/alternative; boundary="047d7bd6b3fc91c9cb052db58c3f"
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/PNFaSGrALWiRnJw4d8wnWXlmpoU>
Subject: [secdir] Secdir review of draft-ietf-p2psip-concepts-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2016 17:57:37 -0000
(Sorry...I'm resending because I mistyped and sent to draft-ietf-p2psip-concept.all@tools.ietf.org the first time) I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document is titled "Concepts and Terminology for Peer to Peer SIP", and as such would have no security considerations, as noted in the document. However, this document describes how to discover which host a client is at, instead of using a SIP proxy, by using a peer-to-peer network and DHT. I'd have liked a motivation for why this would be a preferable mechanism. It seems like it would be less secure, in that more things will need to be trusted. And furthermore, as this document says in section 5.4: "The P2PSIP WG does not impose a particular mechanism for how the peer-ID and the credentials are obtained, but the RELOAD protocol does specify the format for the configuration information." I'd think the hard problems would be things like who to get a credential from for joining the peer-to-peer group of proxies, and how that entity would decide whether you should be trusted to join the peer-to-peer group. And if there is such a trusted entity (a central administration), why wouldn't the whole discovery process be more centralized? Also, with a peer-to-peer DHT, it seems like there are more things that need to be trusted. Any of them acting maliciously can cause incorrect answers. Admittedly, I didn't read all the background documents. There's a minor typo in section 2.2, clearly a cut and paste error: "A special peer may be a member of the in the P2PSIP overlay" Radia
- [secdir] Secdir review of draft-ietf-p2psip-conce… Radia Perlman
- [secdir] Secdir review of draft-ietf-p2psip-conce… Radia Perlman
- Re: [secdir] Secdir review of draft-ietf-p2psip-c… Dean Willis
- Re: [secdir] Secdir review of draft-ietf-p2psip-c… Radia Perlman