[secdir] Secdir last call review of draft-ietf-stir-passport-divert-07
Phillip Hallam-Baker via Datatracker <noreply@ietf.org> Sun, 01 December 2019 02:07 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 99D57120047; Sat, 30 Nov 2019 18:07:05 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Phillip Hallam-Baker via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-ietf-stir-passport-divert.all@ietf.org, last-call@ietf.org, stir@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.111.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Phillip Hallam-Baker <hallam@gmail.com>
Message-ID: <157516602555.14564.17709496168683829956@ietfa.amsl.com>
Date: Sat, 30 Nov 2019 18:07:05 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/W4SAX3ULRunvER1SJTvrOtXyLP0>
Subject: [secdir] Secdir last call review of draft-ietf-stir-passport-divert-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Dec 2019 02:07:05 -0000
Reviewer: Phillip Hallam-Baker Review result: Has Issues Section 1: Introduction "If Alice calls Bob, for example, Bob might attempt to ..." Alice, Bob and Carol are people. People do not emit JSON strings, create signatures or do any of the things they are described as being engaged in. Only the machines the people might possess can do such things. Anthropomorphising Turing machines results in language that is hard to follow at best and renders any attempt to consider UI issues impossible. Section 12: Security Considerations Is this going to create new means of injecting spam? It looks like it might. Consider the case in which Sue the spammer sets up a single genuine call between X and Y, then creates forwarding associations for 10,000 endpoints Z0-9999. Also consider reflection type attacks in which callers responding to spam have their numbers harvested for spoof source addresses for further spam.
- [secdir] Secdir last call review of draft-ietf-st… Phillip Hallam-Baker via Datatracker
- Re: [secdir] Secdir last call review of draft-iet… Peterson, Jon