IETF Logo Mail Archive

Re: [secdir] secdir review of draft-ietf-sipcore-sip-push-21

Benjamin Kaduk <kaduk@mit.edu> Sat, 05 January 2019 19:33 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 073F6130DD7; Sat, 5 Jan 2019 11:33:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kdGC95HLfrlr; Sat, 5 Jan 2019 11:33:53 -0800 (PST)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-eopbgr810119.outbound.protection.outlook.com [40.107.81.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38FA112872C; Sat, 5 Jan 2019 11:33:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=F9apMGvKodqsZiWQRGboulzoofoLpOYieycsA9v11SY=; b=ChIqNgr5qWqe3c5zz1WeuXbW+QEqBd/CJR0xXE26ZrU9hcu5i4Qr40c767e/Scc4Y0efoTavxcNA8N/UvMCRpvqd/pvEYJ0we+Mm0WSxdE4Rn0OX/IGQScRW+9PBmiFPL8tkg+cYKsYF05Ni7Xj/rmxVTHaTPpMeaosH9Vky2Ts=
Received: from BL0PR0102CA0061.prod.exchangelabs.com (2603:10b6:208:25::38) by BL0PR01MB4018.prod.exchangelabs.com (2603:10b6:208:41::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1495.7; Sat, 5 Jan 2019 19:33:51 +0000
Received: from DM3NAM03FT050.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e49::205) by BL0PR0102CA0061.outlook.office365.com (2603:10b6:208:25::38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1495.6 via Frontend Transport; Sat, 5 Jan 2019 19:33:51 +0000
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by DM3NAM03FT050.mail.protection.outlook.com (10.152.82.252) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1471.13 via Frontend Transport; Sat, 5 Jan 2019 19:33:50 +0000
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x05JXkBH007985 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 5 Jan 2019 14:33:48 -0500
Date: Sat, 05 Jan 2019 13:33:46 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: Ben Campbell <ben@nostrum.com>
CC: "Scott G. Kelly" <scott@hyperthought.com>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-sipcore-sip-push.all@ietf.org" <draft-ietf-sipcore-sip-push.all@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, Christer Holmberg <christer.holmberg@ericsson.com>
Message-ID: <20190105193346.GC28515@kduck.kaduk.org>
References: <1546285539.44113084@apps.rackspace.com> <DB7PR07MB56286B4A2702A5FF1915D1D6938D0@DB7PR07MB5628.eurprd07.prod.outlook.com> <1546631184.64914945@apps.rackspace.com> <215DF6BE-69A3-4394-9BE2-EE7751957E07@nostrum.com> <20190105182119.GA28515@kduck.kaduk.org> <B02C0483-E53F-4C3E-8541-6FC3F2AB9DCC@nostrum.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <B02C0483-E53F-4C3E-8541-6FC3F2AB9DCC@nostrum.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(346002)(39860400002)(396003)(376002)(136003)(2980300002)(189003)(199004)(9686003)(14444005)(86362001)(356004)(104016004)(126002)(58126008)(476003)(93886005)(956004)(6246003)(229853002)(11346002)(446003)(106466001)(426003)(1076003)(53416004)(55016002)(7696005)(2906002)(305945005)(23676004)(47776003)(2486003)(6916009)(76176011)(246002)(88552002)(26826003)(4326008)(2870700001)(33656002)(508600001)(8676002)(336012)(8936002)(106002)(36906005)(54906003)(316002)(486006)(786003)(6346003)(53546011)(50466002)(26005)(5660300001)(186003)(75432002)(18370500001); DIR:OUT; SFP:1102; SCL:1; SRVR:BL0PR01MB4018; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; MX:1; A:1;
X-Microsoft-Exchange-Diagnostics: 1; DM3NAM03FT050; 1:h2t8S5Gri5Xoi/kUF/sqSWyKOMUGtw6o6+qYoo/d3mKhvj9UaTcuQIBDTWveYU8SvlvNfObyHbjPLT9XYbAqGpFAy6AHTyI+oGKwQ7Uqa6mHe//RougUQrs+9aSYzYvm
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: f4a670e0-76ac-404f-4c03-08d67344b87e
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600109)(711020)(4608076)(4709027)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060); SRVR:BL0PR01MB4018;
X-Microsoft-Exchange-Diagnostics: 1; BL0PR01MB4018; 3:VeWoN7cb/t0f9hPcuZPMs+QkYh4KuZdMrgq8v1wFoqOFemzqUQegi/4v/vlAjpEjNq0GeMF0Qu9HlHntQd6lJAIckiKzvCHwUcRv1H86Bv+Sn5+O/Z07S4VpTxd9+7a0IdKVEKql7p6VSb5TmyAmrIfy4Gia+tfo31nWx2AgBkE84Nr2Vl0dlHtxbQW/n9XdHFjjO7zSpY5EJ7O+wA2L2Xq2d6fst0ggV93YBf+TgnSXVdpZz193ikvhIePKRm6jLlMQJuU7EXBqsyXm39iiy/ra46f9vLEob1Ifev77l8CFuj/uPOa0LxeeOTiDKvO98hKV0GTtf5VK2z5mJs8W8XbuqWrQZbbcfWgui2sBDk5WVQps5q05zRZ0O0OqpgpG; 25:qbtvyAfeC2hpPlw3eStSW4R/7XKNxJZWBOs15GlSwVZ09EdlMcyAzfYxL28/OsgT1nEVfEMSJbL/I6qc9vJYXw/Mm8LYkHbflOac0tOi/JKvFJ7+gY7fJFDkZu+r1rW0FL5dabtilfE41otVeZGDvZWc+R7tqe7ykbTZEBP0pNo16DjHO4wVRr+5RoeAPvB5hD2Tn5wwhUS9+lVpO/z2IqDX5rjJEVKaa9h6TSQHYd5Kxjc9SUIm1HRhv8IcLNcVK/cLYM3JQ9BpsuSIwiYDl4rAOjRcvMeEcLnca65WBOi5bcw1LiPf0OPCyZdgRJwkeaai+U5OUdiOWb0aeQdQfQ==
X-MS-TrafficTypeDiagnostic: BL0PR01MB4018:
X-Microsoft-Exchange-Diagnostics: 1; BL0PR01MB4018; 31:p4o37T9HMKHJCLMvNBpq9R2cSDlIkmwwiczG0PR1jCaJc75N02SwtRBzDKWWlMwr+OotB5F/MVYPOBQQe7fODFTZktbwRq60EK61VWJsFnAfC8HjxZdt2h/QbfPNOaaVsSX5kaukmwDeCwVFFRWFnSEulnlB9C/6SCiTXblIOLd1SUrVTZ24/mktUZYOweEzNOe4bzDiPQCq0fMjBLJll7WEYIgx/ksZAP+OsAPeux8=; 20:xtbozoXlnoPi7dz8SbFv6rd1BnBvDgLRMXdxdx1PH/h084JtowRwCEAs5MVo5zXYVOAW6BvlwzfKUvsfNmFtYO5f7vgcBOxAc1lTmi26LAXrecyfLgGeuYwyBS3UXresVCv/OiQj5KExRfDV5sZzMlpKEM7mEtmsKfRApf4z82r3Ht49PfaUV/ueEzutupZO2ScMmdXHJ8Y8I78OZ3IVG8MurTJ9NldcNoavCDP6KW0DE5aQvsIzzXhzNqvH0GacUeIL/UXIL4uT1Gnr66I25vkBBF9+4WiZMHDC2TF8/u2rzwjGSJqRU09GJRqgw0AqJePAGqMek6rH9Jc4y53VMkR+NWiKqt7R9kArlkyuvN98q5twVgZfXDAw5oTKvIGDVeL68zVMunF+AOER5o7nFd+GMdJgX9R1h59vEtvBKG/Z6xOwNkUYCF6MeBXNDTmATzSyrQMrFVfSPUR173Hi37IPXxdEvhi/lUIGhJmPTuwpnMI8yKihwJVB5R8w+DaF
X-Microsoft-Antispam-PRVS: <BL0PR01MB401876B4EEE1E3D7888E45D3A08F0@BL0PR01MB4018.prod.exchangelabs.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(3230021)(908002)(999002)(5005026)(6040522)(8220060)(2401047)(8121501046)(10201501046)(3002001)(93006095)(93004095)(3231475)(944501520)(4982022)(52105112)(6041310)(20161123562045)(20161123560045)(20161123558120)(20161123564045)(201703131423095)(201702281528075)(201702281529075)(20161123555045)(201703061421075)(201708071742011)(7699051)(76991095); SRVR:BL0PR01MB4018; BCL:0; PCL:0; RULEID:; SRVR:BL0PR01MB4018;
X-Microsoft-Exchange-Diagnostics: 1; BL0PR01MB4018; 4:x/ujCYhaXliL+l2TCgGPWjznYN3b1tYFFUkjZ54GlerwG43vI8VsLPT6RZPJbMN3MI8yaoYCRxwHLJyqew19XyPDD93gHhs2amenW0NrMohUrk6DyXuTc/hIPvF8of2MHK8V75aPnre+z9rALpbhHssLildiaDbadfzeigfw3YCx3iNDjSjdcRmPmQ8w8cP2iugwpEIIkFgHgonyiTw6uXJruN+/RxLPwTb8KvZPtXqcN85SfYVD98BSdjRY4ufXjXbvxFoto3BdOK+IELqpcfUr0Jt8sI+rF6ZktqP095o=
X-Forefront-PRVS: 09086FB5C5
X-Microsoft-Exchange-Diagnostics: 1;BL0PR01MB4018;23:y5Pmg26EPi52jBbwcVQ4eH8ob48+syOMjIfz3LrvqJfCrgmHT56p/vEdj8tx16+odYlE4r6qpGVBw5xkSw5PoTEnxgWqkxyFpXz9189iZcIH4fGHX8ZxfzmFYZZB1AU+piQo6sBvU1lQhifuV82lYsni+s6d3AYZAvL8AYrTHbbm3FI//2mKPii/Vz8rTYJD1wjwZNhPPIyXl0Pa5cXqQdxidG757oKgMOGfr7cbuRA1nAp49ifGWF3HIT4RrkYH9yx1mrSvNXDbTlwbQ5DRD7yO5oUlTOmhYR9T8uDqFms+ocoAkCt2utpLRX8vebshk6A6EAOrxzb9/Dbci+TZQTIBqTZSSldpwXtC0qCdBQrG7OUyZ9MsCXNe5y93KnMcK36WrC/SvHGQiFAzsTCpIG6aQqkfcJR6PnQPWZmi4jK7GNivONcteKK8k6fqgIoKDthGJzj+KmkujE/CRXZYbX64ovBl+vBr8poGiuLMg/bMKOW6zSZ4U1Vri0+YP5mxtIZCn1oivsRCO4Xu2t3AsHqCXx4dB/7C860k62j27Me0+B2IS1qRnX3M3mnVDvnwaGB+p9xkNs5e7cswPZWquqWI+Et+58jo2oU3t42ARYZsFIjWEU0pNXeY+92/DogIV8pblbX/hJuFVcNAcvvjK8kB6VImQU5R9j0u4w89lmIpQ3RK+sqlLLOVLdBLH++XLU3OoFpqxE1CyVtSNuC+HIs1yxDqMViCnqo5lzTif2WvKBbvItfjEZGUip13ND4060/++7o2flRJxmicPoBS+Uxx+82HNugqIfGVbPIK0lXbQSIqyknd34EsTZfZeQd/vQ74mnpehED8neYe7lNltXyyj4gAfBdy8bN35o0wQ1FVmFLFDRELq5rekjx9+MCs19p2JhT1NGmK6o6gZiXuIWJEV5vBugGvyW00lxjkVaZV2UrqOy0oYRCWBb5QtVN+10apqdXeM6IZzwH3tYBE3f6Ekk0rZIqgHWlUulS2NwC6tKirInxqYsXrI4NMkVMWiSxdPzkFRlIXaL71YDcB0dUJVVcdnmE2tYeKndXlF06xsHI+fu85uIu4whZeigLlocc6bLdmTrNmUKwkuHhN0E+ZbNtz3vd1XJfr9UEnX4Ek0M4Y8wQ3XWStYJjCxq+Lf/WEyG92injayEHDrj8EO1WaWd+C7G+vFepDtROddZItsWJb6mgnrJ8LMs1u/rn/u9+lKr6KIYefKZMaMNMCSE3H3tZMRnQFqa65ILzv+vbYGtxzXk7XRAXAdI9EVuatfpQOa9ugs4OwXGPYkBuiIQ==
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: unaPHBXqufEflZi2O2tModX8xvpVCse7TZtxvZEc+hyszXN1ptZUCO/JxDyQT/SiK+8NwAdR9KbK3Eto7yqtzaF4ix9VqbOHG/XdNM5KZK4sq4LEgMB8ydLgnni20hiZLFr2NHEnZt7ykYYoHREdbKBK442IU3bAia+gGtSGuNygYhGQuhYdknbwcEgyVMLTmPCfY/6Xe1fbsrsbAlcg3xfve6/e77md5pLexcMrvyEwvD36s9zWM+EEA3OywT662oxkebZ5yrrUfh2CiXt05MfWw6AHVwwcf2MZwt3BPJvHAis9pujAqsZgKnTFvrpl
X-Microsoft-Exchange-Diagnostics: 1; BL0PR01MB4018; 6:MdvIVLnq83Ezwn0SnAyEPvUPmyX1Utbc5clUKK5Gl8mC+K7aXXrENX/YuOUGdQjFFjO84eA8Et8Sw4dTsnsV50G7RMi9QyYLkGgBkArrMhYtbF3v7Bq0h2TYGUu/H/ECJK6M2y0hO0ks10JpKFAfSBo7mYD/0iUpiMpJUR9zPVWp2yq7bjiNNeBEwjxANCIlDrx8P1EdukHrbwFmPr1vsD0psRCONbYqDIX46YhEHUX81Qk4e6WqwpEgp23BiT78K4Q03ZRHhNtPhyt/BjvYKsu1wFd9GkL4gIazZBrrTv/MDRvmwvHs5kSyzcufzvlzecRS2b9Ak5iCphC6dTjqMlYWKz7E1swAOIykpxNhBFfVlvYegNE6sAnlBh4Lq8Jf2bIS5X+KvBn6tA8K8Nky0KDEyR9kvzMdR+z5Y7+zMbYF9o8xn9nEQVjm/UeeqG7PaDMji9gHrICQH3uJQHFpRA==; 5:MhKZnG7lO9RbVxbNuYOYNW/8ndj6eKa8yZQuQiz/C3pGjtANuTh1X2/vhdJnzzTwbILySjd5S4VGVvjkBbi27VXZiMqPvoobxv+Aj0BmuHe//Mj/WjazMr6UyXtCbigNKKP3YBsho3yZj+j2npakml8LNxZnrirfwxyp5jAYW+Jw3xZuTkf8ADzzvQCfDPL/riCsPIE19gbA6tAYvo5g9Q==; 7:yXpe1J+p07pybjy25j96WIXP88Dj1kjfBlOTIPK7sRyj0WVVZbF7bH6LjRXL37rZklmdGI2A/4oGH+tUc61h5L0MfTWlYFRMcM0jVodcPBLJSijaJSKF8P7j3xQOzt2K1jZq0drJv+iDlYyc673gHg==
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Jan 2019 19:33:50.4758 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f4a670e0-76ac-404f-4c03-08d67344b87e
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR01MB4018
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/XrlEDz86lujMl5Y-83kUUhgOwmE>
Subject: Re: [secdir] secdir review of draft-ietf-sipcore-sip-push-21
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Jan 2019 19:33:56 -0000

On Sat, Jan 05, 2019 at 01:19:27PM -0600, Ben Campbell wrote:
> 
> 
> > On Jan 5, 2019, at 12:21 PM, Benjamin Kaduk <kaduk@mit.edu> wrote:
> > 
> > [with the caveat that I've only read the security considerations and not
> > the whole document, yet...]
> > 
> > On Fri, Jan 04, 2019 at 05:15:43PM -0600, Ben Campbell wrote:
> >> (Speaking as responsible ART AD)
> >> 
> >> I will let Christer work through most of the comments, but I want to comment on one in particular:
> >> 
> >>> On Jan 4, 2019, at 1:46 PM, Scott G. Kelly <scott@hyperthought.com> wrote:
> >>> 
> >>> I don't know what other documents have been produced by the WG, so maybe this is covered elsewhere, but there are generic security considerations that apply abstractly to this use case. I think this document should either point to documents that describe them, or explicitly describe them here. For example, 8030 lists confidentiality with respect to the PNS, privacy considerations, authorization, DoS, and logging risks. All of those apply here.
> >> 
> >> 
> >> This draft is about how to carry some parameters in SIP that get used with an external PNS. It should definitely document security considerations related to carrying those parameters. But I don’t think it’s reasonable to expect this draft to document security considerations for PNSs in general. That’s up to the spec for the PNS itself. I recognize that two of the mentioned PNSs are proprietary; but I still don’t think that puts the onus on the IETF to document their security considerations.
> > 
> > I agree that we don't need to document all general PNS security
> > considerations here, but just because an interaction is PNS-specific does
> > not excuse us from stating what requirements we place on that interaction.
> > It is rather unreassuring to read statements like "[d]ifferent mechanisms
> > exist for authenticating and authorizing devices and users registering with
> > a PNS" and "[t]ypically, the PNS also requires the SIP proxy requesting
> > push notifications to be authenticated and authorized by the PNS" with no
> > requirement that such authentication and authorization actually occur.
> > I would expect to see either a requirement for such
> > authentication/authorization, or some indication of what risks are present
> > when they do not (e.g., excessive resource consumption, DoS)
> > 
> 
> The issue is, the IETF doesn't get to put requirements on proprietary PNSs mechanisms, and 2 of the 3 that we are considering are proprietary. The whole point of this is to allow SIP networks to work with the existing PNSs. They are what they are. SIP providers would not be able to use our recommendations to select which PNSs to use; rather they must use the ones that their customers’ devices already use.
> 
> Obviously we can say more for HTTP Push; RFC 8030 already does that.
> 
> >> The categories you mention from 8030 do seem generic, but the text in the respective sections of 8030 seems fairly specific to HTTP(S) Push.
> >> 
> >> That all being said, I would be happy to see something to the effect of the following in this draft: “The security considerations for the use and operation of any particular PNS is out of scope for this document. [RFC8030] documents the security considerations for HTTP Push. Security considerations for other PNSs are left to their respective specifications.”
> > 
> > That seems like a pretty nice way to say it.
> 
> Would that be sufficient to resolve your concern above?

I think I would still like to see some indication of the potential
consequences for the mechanism defined in this document, if a PNS does not
(properly) perform authentication and authorization between UA/proxy and
PNS.

(Having not yet read the whole spec I don't have a great picture of
exactly what those consequences are.)

-Benjamin

v2.23.0 | Report a Bug | By Email