Re: [secdir] secdir review of draft-ietf-sipcore-info-events

Sandra Murphy <sandra.murphy@sparta.com> Tue, 27 April 2010 21:00 UTC

Return-Path: <Sandra.Murphy@cobham.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 51D2C3A6A6C for <secdir@core3.amsl.com>; Tue, 27 Apr 2010 14:00:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.832
X-Spam-Level:
X-Spam-Status: No, score=-0.832 tagged_above=-999 required=5 tests=[AWL=-0.833, BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WlxIkX5QDnjw for <secdir@core3.amsl.com>; Tue, 27 Apr 2010 14:00:24 -0700 (PDT)
Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by core3.amsl.com (Postfix) with ESMTP id 115E33A6A53 for <secdir@ietf.org>; Tue, 27 Apr 2010 14:00:23 -0700 (PDT)
Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id o3RL06K8006661; Tue, 27 Apr 2010 16:00:06 -0500
Received: from nemo.columbia.ads.sparta.com (nemo.columbia.sparta.com [157.185.80.75]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id o3RL03lp024713; Tue, 27 Apr 2010 16:00:04 -0500
Received: from SMURPHY-LT.columbia.ads.sparta.com ([157.185.81.132]) by nemo.columbia.ads.sparta.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Tue, 27 Apr 2010 16:52:36 -0400
Date: Tue, 27 Apr 2010 16:52:36 -0400 (Eastern Daylight Time)
From: Sandra Murphy <sandra.murphy@sparta.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>
In-Reply-To: <FF84A09F50A6DC48ACB6714F4666CC74632A83788E@ESESSCMS0354.eemea.ericsson.se>
Message-ID: <Pine.WNT.4.64.1004271649291.3436@SMURPHY-LT.columbia.ads.sparta.com>
References: <4BCD7169.9020701@cs.tcd.ie> <4BCDAB7A.7080208@nostrum.com> <Pine.WNT.4.64.1004250334040.3436@SMURPHY-LT.columbia.ads.sparta.com> <FF84A09F50A6DC48ACB6714F4666CC74632A83788E@ESESSCMS0354.eemea.ericsson.se>
X-X-Sender: sandy@nemo.columbia.sparta.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-OriginalArrivalTime: 27 Apr 2010 20:52:36.0849 (UTC) FILETIME=[91520E10:01CAE64B]
Cc: "secdir@ietf.org" <secdir@ietf.org>, "sipcore-chairs@tools.ietf.org" <sipcore-chairs@tools.ietf.org>, "draft-ietf-sipcore-info-events@tools.ietf.org" <draft-ietf-sipcore-info-events@tools.ietf.org>, Adam Roach <adam@nostrum.com>
Subject: Re: [secdir] secdir review of draft-ietf-sipcore-info-events
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Apr 2010 21:00:25 -0000

On Mon, 26 Apr 2010, Christer Holmberg wrote:

>
> Hi Sandy,
>
>>>> This specification sort-of provides a SIP-based tunnel for
>>>> application protocols.
>>>>
>>>> 1: What prevents (or allows detection of) insertion of bogus Info
>>>> Package specifications? (e.g. by a proxy). If nothing, then why is
>>>> this ok?
>>>>
>>>
>>> This is the general way that SIP works, and it applies to all the SIP
>>> header fields. It's not great, but proxies are implicitly
>>> trusted to do the right thing. If it's a problem for INFO, then it's a problem
>>> for everything that has ever used or will ever use SIP.
>>
>> Aye, and therein lies the rub.  ;-}
>>
>> In my usual broken-record nagging, insider failures are hard
>> to protect against, sometimes impossible.  But knowing just
>> how bad things might get (how much damage an insider failure
>> could potentially cause) might be a good idea. It might
>> inspire people to put strong operational controls in place.
>> Buy a bigger liability policy. Abandon all hope ye who enter
>> here. etc.
>>
>> When I made some similar comments on a different SIP draft a
>> while back, there was a discussion on the sip wg list of
>> writing down somewhere what the wg chair called the "please
>> molest me" security model. I didn't follow the discussion to
>> the end, so I don't know if that ever got past the good
>> intention stage and if so where the written down text ended up.
>
> I guess Adam can comment on the status about that.
>
> However, I see that as a generic work, and not something that should be done in the Info-Events draft.

I wasn't intending to comment strictly on the info draft.  I was agreeing 
with Adam's comment that this problem was common to all of SIP.  If the 
sip wg did work or is doing work on cautionary tales about proxies in 
general, then that work could and should be noted in the info draft. 
That's the scope of impact on the info draft.

--Sandy


>
> Section 10.10 talks about the usage of some security mechanism in order to protect the data, and I am not sure what more we could say in this draft.
>
> Regards,
>
> Christer
>