IETF Logo Mail Archive

[secdir] secdir review of draft-ietf-sipcore-keep-10.txt

Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Tue, 21 December 2010 08:53 UTC

Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 500E23A680F; Tue, 21 Dec 2010 00:53:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.107
X-Spam-Level:
X-Spam-Status: No, score=-103.107 tagged_above=-999 required=5 tests=[AWL=0.142, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PWkXRC-VVAKG; Tue, 21 Dec 2010 00:53:04 -0800 (PST)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) by core3.amsl.com (Postfix) with ESMTP id 4EC773A67A8; Tue, 21 Dec 2010 00:53:04 -0800 (PST)
Received: from localhost (demetrius3.jacobs-university.de [212.201.44.48]) by hermes.jacobs-university.de (Postfix) with ESMTP id 74BC6C0003; Tue, 21 Dec 2010 09:54:59 +0100 (CET)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius3.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id qw646TQqz3-U; Tue, 21 Dec 2010 09:54:58 +0100 (CET)
Received: from elstar.local (elstar.iuhb02.iu-bremen.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id 43C56C0016; Tue, 21 Dec 2010 09:54:52 +0100 (CET)
Received: by elstar.local (Postfix, from userid 501) id 28A6516036BA; Tue, 21 Dec 2010 09:54:47 +0100 (CET)
Date: Tue, 21 Dec 2010 09:54:47 +0100
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-sipcore-keep.all@tools.ietf.org
Message-ID: <20101221085447.GA32839@elstar.local>
Mail-Followup-To: iesg@ietf.org, secdir@ietf.org, draft-ietf-sipcore-keep.all@tools.ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: [secdir] secdir review of draft-ietf-sipcore-keep-10.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Dec 2010 08:53:05 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This document discusses how to negotiate the usage of keep-alive
messages using a new SIP "keep" Via header field. The document appears
to be well worked out and the security considerations seem to be
adequate. I spotted to mostly editorial nits in the security
considerations:

a) [...]  This specification does not specify a connection
   reuse mechanism, and it does it address security issues related to
   connection reuse.  [...]

   s/it does it/it does not/

b) [...]  They do not instruct the enity to
   place a value in a "keep" parameter of any request it forwards.  [...]

   s/enity/entity/

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>

v2.23.0 | Report a Bug | By Email