[secdir] SECDIR review of draft-worley-service-example-13

Stephen Kent <kent@bbn.com> Thu, 22 August 2013 15:51 UTC

Return-Path: <kent@bbn.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 35D2011E8211 for <secdir@ietfa.amsl.com>; Thu, 22 Aug 2013 08:51:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.563
X-Spam-Status: No, score=-106.563 tagged_above=-999 required=5 tests=[AWL=0.035, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 28iDI69PJpXn for <secdir@ietfa.amsl.com>; Thu, 22 Aug 2013 08:51:42 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com []) by ietfa.amsl.com (Postfix) with ESMTP id A463121F99F4 for <secdir@ietf.org>; Thu, 22 Aug 2013 08:51:32 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([]:53446) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VCXAW-000DTr-Up; Thu, 22 Aug 2013 11:51:29 -0400
Message-ID: <52163380.5070005@bbn.com>
Date: Thu, 22 Aug 2013 11:51:28 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: secdir <secdir@ietf.org>, worley@ariadne.com, Mary Barnes <mary.ietf.barnes@gmail.com>, fluffy@iii.ca, gonzalo.camarillo@ericsson.com
Content-Type: multipart/alternative; boundary="------------000107060007080509050304"
Subject: [secdir] SECDIR review of draft-worley-service-example-13
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Aug 2013 15:51:50 -0000

SECDIR review of draft-worley-service-example-13

I reviewed this document as part of the security directorate's ongoing 
effort to review all IETF documents being processed by the IESG.These 
comments were written primarily for the benefit of the security area 
directors.Document editors and WG chairs should treat these comments 
just like any other last call comments.

This document describes how to provide music on old (MOH) in a VoIp 
environment, an obviously critical capability needed to preserve feature 
compatibility with the PSTN. Callers who are not subjected to MOH might 
otherwise not be exposed to classical music, in many contexts, a tragic 

This document is intended to be Informational. The author notes that 
this status is appropriate because there are other methods for providing 
MOH, and they interoperate. He believes that the proposed method is 
superior, but not so much as to warrant BCP status.

The document seems to be well-written, clear, and it contains numerous 
examples (and diagrams) to help illustrate the mechanism details. I was 
surprised to see that all the references to RFCs (normative and 
informative) use labels other than RFC numbers. This an unusual 
convention that I hope the RFC editor will fix.

It is hard to overstate the importance of appropriate security 
mechanisms for this critical aspect of VoIP. Consistent with this 
observation, the Security Considerations section of this document 
consists of just one paragraph. The paragraph addresses one security 
concern, i.e., the ability of the UA of a caller to filter incoming 
media based on the address of the source of the media. The design in 
this document provides the source address of the MOH server, via SDP (in 
a re-INVITE), to the caller who is on hold, and thus satisfies this concern.

In a more serious vein, I'd like to see the Security Considerations 
section mention whether UAs are expected to use SDP and SIP security 
mechanisms for MOH, IF these mechanisms were employed for the original 
call. Another paragraph could be added to discuss the desirability of 
maintaining an equivalent level of security when a caller is switched 
over to MOH, and to cite the relevant RFCs, or to explain why this is 
not appropriate.