Re: [secdir] secdir review of draft-ietf-mmusic-sdp-cs-17

Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com> Tue, 07 May 2013 11:02 UTC

Message-ID: <5188DF4B.1030402@ericsson.com>
Date: Tue, 07 May 2013 14:02:35 +0300
From: Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: Samuel Weiler <weiler@watson.org>
References: <alpine.BSF.2.00.1302011241020.47827@fledge.watson.org>
In-Reply-To: <alpine.BSF.2.00.1302011241020.47827@fledge.watson.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: ietf@ietf.org, iesg@ietf.org, draft-ietf-mmusic-sdp-cs@tools.ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-mmusic-sdp-cs-17
Precedence: list

Hi Samuel,

the authors of this draft have reviewed it in order to address your
comments:

http://tools.ietf.org/html/draft-ietf-mmusic-sdp-cs-18

Could you please have a look at this revision and let them know whether
you are happy with it?

Thanks,

Gonzalo


On 04/02/2013 9:08 PM, Samuel Weiler wrote:
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
> 
> This document allows SIP endpoints to negotiate the use of a
> circuit-switched (e.g. PSTN) channel.  It presents a mechanism for
> correlating an incoming circuit-switched connection with a given SDP/SIP
> session by sending a nonce or a static string.
> 
> Summary: I would like to see a stronger authentication mechanism
> defined to replace the static string or "plaintext password" nonce.
> 
> I am content with the analysis of security weaknesses: an attacker
> could trick someone into initiating a potentially expensive PSTN call,
> and the correlation mechanism is weak.
> 
> I am not content with the use of a mere nonce or static string for
> correlation.  That is the equivalent of sending plaintext passwords, and
> I suspect we have better mechanisms available that could allow for
> mutual endpoint authentication, making it statistically unlikely for a
> man-in-the-middle to participate successfully in the correlation
> exchange.  The document makes a case for using short strings/nonces
> (e.g. a caller-ID string or 10 DTFM digits).  I suspect both that those
> lengths could be extended without great pain and that some stronger
> authentication mechanisms could work with such short strings, especially
> given the ability to send longer keying material in the packet-switched
> SDP session.
> 
> Non-security observation: I'm worried that the architecture of the
> current correlation mechanism will have some unintended consequences.
>> From section 5.2.3:
> 
>    The endpoints should be able to correlate the circuit-switched bearer
>    with the session negotiated with SDP in order to avoid ringing for an
>    incoming circuit-switched bearer that is related to the session
>    controlled with SDP (and SIP).
> 
> As I understand it, some of the defined variants of the correlation
> scheme require answering the call (e.g. the DTMF scheme) before
> knowing whether or not the channel corresponds to a SIP session.  If
> it does not, then what?  The call is already answered, which gives a
> surprising user experience.  Feel free to tell me I'm off base with
> this one.
> 
> -- Sam
> 
>

[secdir] secdir review of draft-ietf-mmusic-sdp-c… Samuel Weiler
Re: [secdir] secdir review of draft-ietf-mmusic-s… Gonzalo Camarillo