[secdir] secdir review of draft-ietf-straw-b2bua-stun-05

Sam Hartman <hartmans-ietf@mit.edu> Mon, 11 May 2015 20:42 UTC

Return-Path: <hartmans@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 258BE1A9031; Mon, 11 May 2015 13:42:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.165
X-Spam-Level:
X-Spam-Status: No, score=0.165 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n4yz69rgfZJW; Mon, 11 May 2015 13:42:32 -0700 (PDT)
Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC8121A7035; Mon, 11 May 2015 13:42:32 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id CF85C206F9; Mon, 11 May 2015 16:41:03 -0400 (EDT)
Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4iXT1Tf_8uhk; Mon, 11 May 2015 16:41:03 -0400 (EDT)
Received: from carter-zimmerman.suchdamage.org (unknown [62.232.113.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS; Mon, 11 May 2015 16:41:03 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id AA0C887E77; Mon, 11 May 2015 16:42:21 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: secdir@ietf.org,ietf@ietf.org
Date: Mon, 11 May 2015 16:42:21 -0400
Message-ID: <tslfv72ongy.fsf@mit.edu>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/QVQNqHH898RnpBe8z6hiU1TuJh4>
Subject: [secdir] secdir review of draft-ietf-straw-b2bua-stun-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 May 2015 20:42:34 -0000

I've been selected as the secdir reviewer for this draft.  These
comments are intended for the security ADs (and other ADs); authors
please treat them as any other last call comments.

I have one major issue.
This draft is sufficiently unclear in its introductory material that I
found it very challenging to review.
What it's trying to do is to specify behavior for  handling of  ICE by
B2BUAs.
However, the introduction never says that; the introduction talks a lot
about the background for B2BUAS, ICE, STUN and related parts of the SIP
infrastructure.
Coming back to reading SIP documents after a number of years, the
bibliography provided in the introduction was useful, but the
introduction needs to describe what this document does.

The abstract sort of tries to describe what the document does.  However,
our process requires that the document and abstract stand independent of
each other.  The reader cannot be expected to read the abstract before
reading the document.
Also, the abstract claims that  this document specifies the handling of
STUN messages inside ICE.
Section 3 and 4 actually provide requirements for handilg of SDP
attributes, ICE processing and other things far beyond handling of STUN
messages.

My recommendation for addressing this issue is:

1) Update the abstract to make it clear that this is overall
requirements for B2BUAs interacting with ICE, not just requirements for
handling STUN messages.

2) Make sure everything the abstract says is near the front of the
introduction.  After introducing what STUN, ICE, and B2BUAs are, it's
important to explain the role of this document.

Once I understood what this document was trying to do I was able to
think about the security implications.
There really don't seem to be any new security implications with this
document.  The security considerations section is fairly lite, but the
introduction does point to the existing discussions of security of ICE
and B2BUAs and various latching techniques.
I don't think this protocol introduces or even really changes the
security landscape.
It gives guidance which if followed will mean that good actors don't
break the security mechansisms.  That is valuable because if the
frequency of good actors breaking security mechanisms is low enough, we
can actually rely on the security mechanisms.
So, I think the security considerations section is fine as-is, although
the security ADs may wish to ask for a couple of references to be copied
from the introduction.