Re: [secdir] Secdir review of draft-ietf-sipcore-refer-explicit-subscription-02
Robert Sparks <rjsparks@nostrum.com> Mon, 22 June 2015 15:43 UTC
Return-Path: <rjsparks@nostrum.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EE151B2B20; Mon, 22 Jun 2015 08:43:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nhKStRgukr2f; Mon, 22 Jun 2015 08:43:42 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC2451B2F78; Mon, 22 Jun 2015 08:43:42 -0700 (PDT)
Received: from unnumerable.local (pool-71-170-237-80.dllstx.fios.verizon.net [71.170.237.80]) (authenticated bits=0) by nostrum.com (8.15.1/8.14.9) with ESMTPSA id t5MFhfrN035331 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=OK); Mon, 22 Jun 2015 10:43:41 -0500 (CDT) (envelope-from rjsparks@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host pool-71-170-237-80.dllstx.fios.verizon.net [71.170.237.80] claimed to be unnumerable.local
Message-ID: <55882D28.3020701@nostrum.com>
Date: Mon, 22 Jun 2015 10:43:36 -0500
From: Robert Sparks <rjsparks@nostrum.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Vincent Roca <vincent.roca@inria.fr>, IESG <iesg@ietf.org>, secdir@ietf.org, draft-ietf-sipcore-refer-explicit-subscription@tools.ietf.org
References: <2E90B73E-0309-4C49-B208-C2E30A0B6B22@inria.fr>
In-Reply-To: <2E90B73E-0309-4C49-B208-C2E30A0B6B22@inria.fr>
Content-Type: multipart/alternative; boundary="------------090300070304050105040508"
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/d-oFDc3LW70pcFQ4T7D5wjHpoUE>
Subject: Re: [secdir] Secdir review of draft-ietf-sipcore-refer-explicit-subscription-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jun 2015 15:43:45 -0000
(I hit send too soon - the rest of the responses are inline) On 6/22/15 8:37 AM, Vincent Roca wrote: > Hello, > > I have reviewed this document as part of the security directorate’s > ongoing > effort to review all IETF documents being processed by the IESG. These > comments were written primarily for the benefit of the security area > directors. Document editors and WG chairs should treat these comments > just > like any other last call comments. > > > *Summary: almost ready* > > I have several questions and suggestions WRT the *Security Section*. > > It is said that: « With this update, there may multiple subscribers to > any given refer event state." > So what? What are the implications from a security point of view? > > > IMHO, the third paragraph does not make an appropriate use of the > normative vocabulary. > For instance, it is said: > "the URI should be constructed so that it is not easy to guess, and > should be protected against eavesdroppers" > Shouldn’t the author use « SHOULD » on both occasions? > The following sentence is ambiguous. It says: > "For instance, SIP messages containing this URI SHOULD be sent using > TLS or DTLS..." > "SHOULD" and "For instance" are contradictory. I suggest removing "For > instance". > Similarly, next sentence says: "can redirect". I think "SHOULD" > redirect is more appropriate. > Finally the same remark (i.e. use « SHOULD") can be done for the next > two sentences about additional authorization > mechanisms. > > > In the 4th paragraph, it is not clear to me why it is said that there > is « a factor of 11 amplification due to retransmissions > of the request ». What are the foundations for this « 11 » factor? And > what happens if the victim is SIP aware? > > starting here - see the previous response for everything above. > > Additionally, I have concerns about *backward compatibility*. > The mechanisms introduced by this extension may not be backward > compatible with RFC 3515 (see section 7). > However I don’t see any discussion in the current document. > There are some guidelines in RFC 6656 (8.3.1) concerning the 202 > response code, but what is described in the first > paragraph is new to this document. Our AD already noted that the second paragraph should actually be removed from this document - it is covered in refer-clarifications. For the first paragraph - backwards compatibility is ensured by the base SIP extension mechanism. An implementation of 3515 that is not aware of this extension (and the update to 3515 established by this document) would reject any requests that tried to invoke the extension (if either of the tokens defined here appeared in a Require: header field, that implementation would reject them with a 420 response. > > > Typo, section 8: « be » is missing in the following sentence: > « With this update, there may multiple subscribers to any given refer > event state." ack. > > > Cheers, > > Vincent > > > _______________________________________________ > secdir mailing list > secdir@ietf.org > https://www.ietf.org/mailman/listinfo/secdir > wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview
- [secdir] Secdir review of draft-ietf-sipcore-refe… Vincent Roca
- Re: [secdir] Secdir review of draft-ietf-sipcore-… Robert Sparks
- Re: [secdir] Secdir review of draft-ietf-sipcore-… Robert Sparks
- Re: [secdir] Secdir review of draft-ietf-sipcore-… Vincent Roca
- Re: [secdir] Secdir review of draft-ietf-sipcore-… Ben Campbell
- Re: [secdir] Secdir review of draft-ietf-sipcore-… Vincent Roca
- Re: [secdir] Secdir review of draft-ietf-sipcore-… Robert Sparks