Re: [secdir] secdir review of draft-ietf-mmusic-sdp-cs-17
Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com> Tue, 07 May 2013 11:02 UTC
Return-Path: <gonzalo.camarillo@ericsson.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23D2321F8E9A; Tue, 7 May 2013 04:02:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.249
X-Spam-Level:
X-Spam-Status: No, score=-106.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rFscTgM7X3RX; Tue, 7 May 2013 04:02:39 -0700 (PDT)
Received: from mailgw2.ericsson.se (mailgw2.ericsson.se [193.180.251.37]) by ietfa.amsl.com (Postfix) with ESMTP id 3BCDA21F8733; Tue, 7 May 2013 04:02:38 -0700 (PDT)
X-AuditID: c1b4fb25-b7f396d000007d06-94-5188df4da9ac
Received: from esessmw0184.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw2.ericsson.se (Symantec Mail Security) with SMTP id 36.67.32006.D4FD8815; Tue, 7 May 2013 13:02:37 +0200 (CEST)
Received: from [131.160.126.23] (153.88.115.8) by esessmw0184.eemea.ericsson.se (153.88.115.82) with Microsoft SMTP Server id 8.3.279.1; Tue, 7 May 2013 13:02:36 +0200
Message-ID: <5188DF4B.1030402@ericsson.com>
Date: Tue, 07 May 2013 14:02:35 +0300
From: Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: Samuel Weiler <weiler@watson.org>
References: <alpine.BSF.2.00.1302011241020.47827@fledge.watson.org>
In-Reply-To: <alpine.BSF.2.00.1302011241020.47827@fledge.watson.org>
X-Enigmail-Version: 1.4.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrELMWRmVeSWpSXmKPExsUyM+Jvra7v/Y5Ag53nBCw2rv3MZDHjz0Rm i2cb57NYfFj4kMWi/etzNgdWjyVLfjJ5fLn8mc1jacNu9gDmKC6blNSczLLUIn27BK6MU68e MRZMEat4PWMjewPjA8EuRk4OCQETif4JLxkhbDGJC/fWs3UxcnEICZxilPh4tZ8JwlnNKLH/ 5SMWkCpeAW2JZQ9mAdkcHCwCKhJP2t1BwmwCFhJbbt0HKxEViJL493Y3I0S5oMTJmU/A4iIC qhIX/n9nBbGZBWIldkz/zwRiCwtYSjyYeA5spJCAs8SV+wkgJqeAi0TPMn2I0yQlFk3rZIHo 1JOYcrWFEcKWl9j+dg4ziC0EdNjyZy0sExiFZiFZPAtJyywkLQsYmVcxsucmZuaklxttYgSG 88Etv1V3MN45J3KIUZqDRUmcN5mrMVBIID2xJDU7NbUgtSi+qDQntfgQIxMHp1QDo1d8r4+r 09PI9Rf0pR43bLUpjW8otpj+O1be5sQW7Y3brabu5IxM6v9uq1DJaB2ls9cy422fji2PyLTm HxuYVnq5v745Sbdbp7pMb/bv2M+JBlON/swXcwjVkv7p+t/ud2iuNneYs9mZEM5SHuE7W9Iz Zt7LL2prmWfz/+68Kbpb/9lFykUpsRRnJBpqMRcVJwIAahmkXTUCAAA=
Cc: ietf@ietf.org, iesg@ietf.org, draft-ietf-mmusic-sdp-cs@tools.ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-mmusic-sdp-cs-17
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 May 2013 11:02:44 -0000
Hi Samuel, the authors of this draft have reviewed it in order to address your comments: http://tools.ietf.org/html/draft-ietf-mmusic-sdp-cs-18 Could you please have a look at this revision and let them know whether you are happy with it? Thanks, Gonzalo On 04/02/2013 9:08 PM, Samuel Weiler wrote: > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > > This document allows SIP endpoints to negotiate the use of a > circuit-switched (e.g. PSTN) channel. It presents a mechanism for > correlating an incoming circuit-switched connection with a given SDP/SIP > session by sending a nonce or a static string. > > Summary: I would like to see a stronger authentication mechanism > defined to replace the static string or "plaintext password" nonce. > > I am content with the analysis of security weaknesses: an attacker > could trick someone into initiating a potentially expensive PSTN call, > and the correlation mechanism is weak. > > I am not content with the use of a mere nonce or static string for > correlation. That is the equivalent of sending plaintext passwords, and > I suspect we have better mechanisms available that could allow for > mutual endpoint authentication, making it statistically unlikely for a > man-in-the-middle to participate successfully in the correlation > exchange. The document makes a case for using short strings/nonces > (e.g. a caller-ID string or 10 DTFM digits). I suspect both that those > lengths could be extended without great pain and that some stronger > authentication mechanisms could work with such short strings, especially > given the ability to send longer keying material in the packet-switched > SDP session. > > Non-security observation: I'm worried that the architecture of the > current correlation mechanism will have some unintended consequences. >> From section 5.2.3: > > The endpoints should be able to correlate the circuit-switched bearer > with the session negotiated with SDP in order to avoid ringing for an > incoming circuit-switched bearer that is related to the session > controlled with SDP (and SIP). > > As I understand it, some of the defined variants of the correlation > scheme require answering the call (e.g. the DTMF scheme) before > knowing whether or not the channel corresponds to a SIP session. If > it does not, then what? The call is already answered, which gives a > surprising user experience. Feel free to tell me I'm off base with > this one. > > -- Sam > >
- [secdir] secdir review of draft-ietf-mmusic-sdp-c… Samuel Weiler
- Re: [secdir] secdir review of draft-ietf-mmusic-s… Gonzalo Camarillo