[secdir] secdir review of draft-hanes-dispatch-fax-capability-06

Tom Yu <tlyu@MIT.EDU> Thu, 27 December 2012 04:37 UTC

Return-Path: <tlyu@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E7E521F8C68; Wed, 26 Dec 2012 20:37:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.299
X-Spam-Level:
X-Spam-Status: No, score=-102.299 tagged_above=-999 required=5 tests=[AWL=-1.300, BAYES_50=0.001, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GChSocWGkc4Z; Wed, 26 Dec 2012 20:37:57 -0800 (PST)
Received: from dmz-mailsec-scanner-7.mit.edu (DMZ-MAILSEC-SCANNER-7.MIT.EDU [18.7.68.36]) by ietfa.amsl.com (Postfix) with ESMTP id B1CD321F8BF1; Wed, 26 Dec 2012 20:37:55 -0800 (PST)
X-AuditID: 12074424-b7f4e6d0000004ca-86-50dbd0a272a9
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id 9E.B7.01226.2A0DBD05; Wed, 26 Dec 2012 23:37:54 -0500 (EST)
Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id qBR4brgA003567; Wed, 26 Dec 2012 23:37:54 -0500
Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id qBR4boYi020177 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 26 Dec 2012 23:37:52 -0500 (EST)
Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id qBR4bos2009438; Wed, 26 Dec 2012 23:37:50 -0500 (EST)
To: iesg@ietf.org, secdir@ietf.org, draft-hanes-dispatch-fax-capability.all@tools.ietf.org
From: Tom Yu <tlyu@MIT.EDU>
Date: Wed, 26 Dec 2012 23:37:50 -0500
Message-ID: <ldv7go4glep.fsf@cathode-dark-space.mit.edu>
Lines: 16
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrDIsWRmVeSWpSXmKPExsUixG6norvowu0Ag5WTZC2Ove5jt5jxZyKz xYeFD1kcmD2WLPnJ5PHl8me2AKYoLpuU1JzMstQifbsEroxJhz4xFTxjq7h16BNjA+MZ1i5G Tg4JAROJ7XueskDYYhIX7q1n62Lk4hAS2Mco8ezLHUYIZwOjROver0wgVUICV5gkXsw2h0h0 MUosWPadHSQhIpAscfzcazBbWMBB4s7HBiCbg4NNQFri6OIykDCLgKrE0hMtzCA2r4CFxPon P5hASngEOCVuv3aECAtKnJz5BOwgZgEtiRv/XjJNYOSbhSQ1C0lqASPTKkbZlNwq3dzEzJzi 1GTd4uTEvLzUIl1zvdzMEr3UlNJNjOBAc1HZwdh8SOkQowAHoxIPr4L17QAh1sSy4srcQ4yS HExKoryTDwOF+JLyUyozEosz4otKc1KLDzFKcDArifBO3wyU401JrKxKLcqHSUlzsCiJ815P uekvJJCeWJKanZpakFoEk5Xh4FCS4H1+HqhRsCg1PbUiLTOnBCHNxMEJMpwHaDjbBZDhxQWJ ucWZ6RD5U4yKUuK8x0CaBUASGaV5cL2wRPCKURzoFWHeOyBVPMAkAtf9CmgwE9DgWL4bIINL EhFSUg2MjnL6z5VSTK6IVGrxr7F0nf7iXmrwok6poE8CTVqCXHvrp7xPXWjE2a2Qm7F5hkns JpW/q1ZG89mZ851m/nr61hErhsO9llmaE/0ijmq+9au7IhUi4rnr8ey+XXYl/pP/lFxWfqEt 1XBG7Nn91AU9v1sm1n34Gjb35o6ddhsE4itCPHtfb01XYinOSDTUYi4qTgQAwg28Z98CAAA=
Subject: [secdir] secdir review of draft-hanes-dispatch-fax-capability-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Dec 2012 04:37:57 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This document describes a SIP media feature tag for indicating support
for fax calls.

The Security Considerations section of this document refers to the
Security Considerations documented in Section 11.1 of RFC 3840.  This
seems mostly adequate.  One additional question (which might be
irrelevant because of my unfamiliarity with SIP) is whether an
explicit indication of fax content would make it easier for an
eavesdropper to target fax image data (which might contain sensitive
information such as credit card numbers).