Re: [secdir] review of draft-ietf-sipcore-reinvite-06.txt

Stephen Kent <kent@bbn.com> Sun, 07 November 2010 03:26 UTC

Return-Path: <kent@bbn.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AECD03A69BD for <secdir@core3.amsl.com>; Sat, 6 Nov 2010 20:26:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.598
X-Spam-Level:
X-Spam-Status: No, score=-102.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D7JSHFyMtGtJ for <secdir@core3.amsl.com>; Sat, 6 Nov 2010 20:26:55 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by core3.amsl.com (Postfix) with ESMTP id E2DF43A67B6 for <secdir@ietf.org>; Sat, 6 Nov 2010 20:26:54 -0700 (PDT)
Received: from dommiel.bbn.com ([192.1.122.15]:51054 helo=[222.128.202.177]) by smtp.bbn.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1PEvuO-000PXX-Jz; Sat, 06 Nov 2010 23:27:09 -0400
Mime-Version: 1.0
Message-Id: <p06240801c8fbcc3b59d7@[222.128.202.177]>
In-Reply-To: <4CC81942.3060502@ericsson.com>
References: <p06240800c8e55027a17b@[128.89.89.159]> <4CC81942.3060502@ericsson.com>
Date: Sat, 6 Nov 2010 23:25:48 -0400
To: Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>
From: Stephen Kent <kent@bbn.com>
Content-Type: multipart/alternative; boundary="============_-923022067==_ma============"
Cc: "secdir@ietf.org" <secdir@ietf.org>, "gao.yang2@zte.com.cn" <gao.yang2@zte.com.cn>, "pkyzivat@cisco.com" <pkyzivat@cisco.com>, Christer Holmberg <christer.holmberg@ericsson.com>, "tim.polk@nist.gov" <tim.polk@nist.gov>, "rjsparks@nostrum.com" <rjsparks@nostrum.com>
Subject: Re: [secdir] review of draft-ietf-sipcore-reinvite-06.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Nov 2010 03:26:57 -0000

Gonzalo,

Sorry for my tardy reply.

I like your changes, with a minor edit at the end:

"In particular, in order not to reduce the security level for a given
session, re-INVITEs and UPDATE requests SHOULD be secured using a 
mechanism equivalent to or stronger than the initial INVITE request 
that created the
session. For example, if the initial INVITE request was end-to-end
integrity protected or encrypted, subsequent re-INVITEs and UPDATE
requests should also be so."


Steve