Re: [secdir] secdir review of draft-ietf-sipcore-invfix-01

Robert Sparks <> Wed, 23 June 2010 21:34 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B12963A6867; Wed, 23 Jun 2010 14:34:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.133
X-Spam-Status: No, score=-2.133 tagged_above=-999 required=5 tests=[AWL=0.467, BAYES_00=-2.599, SPF_PASS=-0.001]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id cutFwh170K02; Wed, 23 Jun 2010 14:34:39 -0700 (PDT)
Received: from ( [IPv6:2001:470:1f03:267::2]) by (Postfix) with ESMTP id EE4423A69FD; Wed, 23 Jun 2010 14:34:35 -0700 (PDT)
Received: from ( []) (authenticated bits=0) by (8.14.3/8.14.3) with ESMTP id o5NLYUo9001834 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Wed, 23 Jun 2010 16:34:35 -0500 (CDT) (envelope-from
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: text/plain; charset="us-ascii"
From: Robert Sparks <>
In-Reply-To: <>
Date: Wed, 23 Jun 2010 16:34:29 -0500
Content-Transfer-Encoding: 7bit
Message-Id: <>
References: <>
To: Joseph Salowey <>
X-Mailer: Apple Mail (2.1081)
Received-SPF: pass ( is authenticated by a trusted mechanism)
Subject: Re: [secdir] secdir review of draft-ietf-sipcore-invfix-01
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 23 Jun 2010 21:34:44 -0000

Joseph -

As one of the document editors, I'd like to thank you for your review.

As the document notes, the additional state that is being maintained
is necessary for correct operation, and that state is taken on only when
the server has decided to accept the INVITE request with a 200 OK.  
The techniques you point to would be useful if applied before getting to 
this point, and the concept is called out in the security considerations
section of RFC3261 in section I will suggest adding a pointer
to that section in the security considerations in this document.



On Jun 21, 2010, at 5:53 PM, Joseph Salowey (jsalowey) wrote:

> I have reviewed this document as part of the security directorate's 
> ongoing effort to review all IETF documents being processed by the 
> IESG.  These comments were written primarily for the benefit of the 
> security area directors.  Document editors and WG chairs should treat 
> these comments just like any other last call comments.
> The document fixes a real problem and seems to address some existing
> security issues, namely the forwarding of stray responses.  This is
> good.  It does introduce more of a possibility of denial of service
> since state must be maintained to track valid responses and this is
> noted in the security considerations as well.  I'm not all that familiar
> with SIP, but there are techniques used in other protocols to avoid
> "flood" type of attacks by delaying committing state until the client
> has successfully processed a server message.   TCP cookies, IKEv2 and
> DTLS have examples of this. This would be something to consider if
> implementations were vulnerable to flood type attacks in deployments.  
> Joe