IETF Logo Mail Archive

Re: [secdir] Secdir review of draft-ietf-sipcore-refer-explicit-subscription-02

Robert Sparks <rjsparks@nostrum.com> Mon, 22 June 2015 15:43 UTC

Return-Path: <rjsparks@nostrum.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EE151B2B20; Mon, 22 Jun 2015 08:43:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nhKStRgukr2f; Mon, 22 Jun 2015 08:43:42 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC2451B2F78; Mon, 22 Jun 2015 08:43:42 -0700 (PDT)
Received: from unnumerable.local (pool-71-170-237-80.dllstx.fios.verizon.net [71.170.237.80]) (authenticated bits=0) by nostrum.com (8.15.1/8.14.9) with ESMTPSA id t5MFhfrN035331 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=OK); Mon, 22 Jun 2015 10:43:41 -0500 (CDT) (envelope-from rjsparks@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host pool-71-170-237-80.dllstx.fios.verizon.net [71.170.237.80] claimed to be unnumerable.local
Message-ID: <55882D28.3020701@nostrum.com>
Date: Mon, 22 Jun 2015 10:43:36 -0500
From: Robert Sparks <rjsparks@nostrum.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Vincent Roca <vincent.roca@inria.fr>, IESG <iesg@ietf.org>, secdir@ietf.org, draft-ietf-sipcore-refer-explicit-subscription@tools.ietf.org
References: <2E90B73E-0309-4C49-B208-C2E30A0B6B22@inria.fr>
In-Reply-To: <2E90B73E-0309-4C49-B208-C2E30A0B6B22@inria.fr>
Content-Type: multipart/alternative; boundary="------------090300070304050105040508"
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/d-oFDc3LW70pcFQ4T7D5wjHpoUE>
Subject: Re: [secdir] Secdir review of draft-ietf-sipcore-refer-explicit-subscription-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jun 2015 15:43:45 -0000

(I hit send too soon - the rest of the responses are inline)

On 6/22/15 8:37 AM, Vincent Roca wrote:
> Hello,
>
> I have reviewed this document as part of the security directorate’s 
> ongoing
> effort to review all IETF documents being processed by the IESG. These
> comments were written primarily for the benefit of the security area
> directors.  Document editors and WG chairs should treat these comments 
> just
> like any other last call comments.
>
>
> *Summary: almost ready*
>
> I have several questions and suggestions WRT the *Security Section*.
>
> It is said that: « With this update, there may multiple subscribers to 
> any given refer event state."
> So what? What are the implications from a security point of view?
>
>
> IMHO, the third paragraph does not make an appropriate use of the 
> normative vocabulary.
> For instance, it is said:
> "the URI should be constructed so that it is not easy to guess, and 
> should be protected against eavesdroppers"
> Shouldn’t the author use « SHOULD » on both occasions?
> The following sentence is ambiguous. It says:
> "For instance, SIP messages containing this URI SHOULD be sent using 
> TLS or DTLS..."
> "SHOULD" and "For instance" are contradictory. I suggest removing "For 
> instance".
> Similarly, next sentence says: "can redirect". I think "SHOULD" 
> redirect is more appropriate.
> Finally the same remark (i.e. use « SHOULD") can be done for the next 
> two sentences about additional authorization
> mechanisms.
>
>
> In the 4th paragraph, it is not clear to me why it is said that there 
> is « a factor of 11 amplification due to retransmissions
> of the request ». What are the foundations for this « 11 » factor? And 
> what happens if the victim is SIP aware?
>
>
starting here - see the previous response for everything above.
>
> Additionally, I have concerns about *backward compatibility*.
> The mechanisms introduced by this extension may not be backward 
> compatible with RFC 3515 (see section 7).
> However I don’t see any discussion in the current document.
> There are some guidelines in RFC 6656 (8.3.1) concerning the 202 
> response code, but what is described in the first
> paragraph is new to this document.
Our AD already noted that the second paragraph should actually be 
removed from this document - it is covered in refer-clarifications.

For the first paragraph - backwards compatibility is ensured by the base 
SIP extension mechanism.
An implementation of 3515 that is not aware of this extension (and the 
update to 3515 established by this document) would reject any requests 
that tried to invoke the extension (if either of the tokens defined here 
appeared in a Require: header field, that implementation would reject 
them with a 420 response.
>
>
> Typo, section 8: « be » is missing in the following sentence:
> « With this update, there may multiple subscribers to any given refer 
> event state."
ack.
>
>
> Cheers,
>
>    Vincent
>
>
> _______________________________________________
> secdir mailing list
> secdir@ietf.org
> https://www.ietf.org/mailman/listinfo/secdir
> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview

v2.23.0 | Report a Bug | By Email