[secdir] secdir review of draft-ietf-sipcore-keep-10.txt
Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Tue, 21 December 2010 08:53 UTC
Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 500E23A680F; Tue, 21 Dec 2010 00:53:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.107
X-Spam-Level:
X-Spam-Status: No, score=-103.107 tagged_above=-999 required=5 tests=[AWL=0.142, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PWkXRC-VVAKG; Tue, 21 Dec 2010 00:53:04 -0800 (PST)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) by core3.amsl.com (Postfix) with ESMTP id 4EC773A67A8; Tue, 21 Dec 2010 00:53:04 -0800 (PST)
Received: from localhost (demetrius3.jacobs-university.de [212.201.44.48]) by hermes.jacobs-university.de (Postfix) with ESMTP id 74BC6C0003; Tue, 21 Dec 2010 09:54:59 +0100 (CET)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius3.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id qw646TQqz3-U; Tue, 21 Dec 2010 09:54:58 +0100 (CET)
Received: from elstar.local (elstar.iuhb02.iu-bremen.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id 43C56C0016; Tue, 21 Dec 2010 09:54:52 +0100 (CET)
Received: by elstar.local (Postfix, from userid 501) id 28A6516036BA; Tue, 21 Dec 2010 09:54:47 +0100 (CET)
Date: Tue, 21 Dec 2010 09:54:47 +0100
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-sipcore-keep.all@tools.ietf.org
Message-ID: <20101221085447.GA32839@elstar.local>
Mail-Followup-To: iesg@ietf.org, secdir@ietf.org, draft-ietf-sipcore-keep.all@tools.ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: [secdir] secdir review of draft-ietf-sipcore-keep-10.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Dec 2010 08:53:05 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document discusses how to negotiate the usage of keep-alive messages using a new SIP "keep" Via header field. The document appears to be well worked out and the security considerations seem to be adequate. I spotted to mostly editorial nits in the security considerations: a) [...] This specification does not specify a connection reuse mechanism, and it does it address security issues related to connection reuse. [...] s/it does it/it does not/ b) [...] They do not instruct the enity to place a value in a "keep" parameter of any request it forwards. [...] s/enity/entity/ /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany Fax: +49 421 200 3103 <http://www.jacobs-university.de/>
- [secdir] secdir review of draft-ietf-sipcore-keep… Juergen Schoenwaelder
- Re: [secdir] secdir review of draft-ietf-sipcore-… Christer Holmberg