[secdir] secdir review for draft-holmberg-dispatch-rfc7315-updates-07

<Steve.Hanna@infineon.com> Thu, 07 July 2016 01:39 UTC

Return-Path: <steve.hanna@infineon.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDC2612D507; Wed, 6 Jul 2016 18:39:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.347
X-Spam-Level:
X-Spam-Status: No, score=-3.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H-M6LfBwUHN1; Wed, 6 Jul 2016 18:39:43 -0700 (PDT)
Received: from smtp11.infineon.com (smtp11.infineon.com [217.10.52.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7FC1126579; Wed, 6 Jul 2016 18:39:42 -0700 (PDT)
X-SBRS: None
Received: from unknown (HELO mucxv002.muc.infineon.com) ([172.23.11.17]) by smtp11.infineon.com with ESMTP/TLS/AES256-GCM-SHA384; 07 Jul 2016 03:39:41 +0200
Received: from MUCSE609.infineon.com (unknown [172.23.7.110]) by mucxv002.muc.infineon.com (Postfix) with ESMTPS; Thu, 7 Jul 2016 03:39:40 +0200 (CEST)
Received: from KLUSE612.infineon.com (172.28.156.138) by MUCSE609.infineon.com (172.23.7.110) with Microsoft SMTP Server (TLS) id 15.0.1156.6; Thu, 7 Jul 2016 03:39:40 +0200
Received: from KLUSE610.infineon.com (172.28.156.137) by KLUSE612.infineon.com (172.28.156.138) with Microsoft SMTP Server (TLS) id 15.0.1156.6; Thu, 7 Jul 2016 03:39:39 +0200
Received: from KLUSE610.infineon.com ([172.28.148.8]) by KLUSE610.infineon.com ([172.28.148.8]) with mapi id 15.00.1156.000; Thu, 7 Jul 2016 03:39:39 +0200
From: <Steve.Hanna@infineon.com>
To: <secdir@ietf.org>, <iesg@ietf.org>, <draft-holmberg-dispatch-rfc7315-updates.all@tools.ietf.org>
Thread-Topic: secdir review for draft-holmberg-dispatch-rfc7315-updates-07
Thread-Index: AQHR1+8cuqB1sCfCAE+GA8aRMX4gMaAMMLsw
Date: Thu, 7 Jul 2016 01:39:38 +0000
Message-ID: <fc93928b765a40bfa92117f3c1585eee@KLUSE610.infineon.com>
References: <a390c5a2-e225-4343-5054-fdee4f0e02f1@hannas.com>
In-Reply-To: <a390c5a2-e225-4343-5054-fdee4f0e02f1@hannas.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.23.8.247]
x-tm-as-product-ver: SMEX-11.0.0.1191-8.000.1202-22436.004
x-tm-as-result: No--33.902700-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/jE3HS4nDrT7yARIjzqS6GzM6su8>
Subject: [secdir] secdir review for draft-holmberg-dispatch-rfc7315-updates-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jul 2016 01:39:45 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This document updates RFC 7315 by changing restrictions on where
certain SIP private header extensions may be included, in order to
address new 3GPP use cases.

This document is Ready with nits.

I know little about SIP or 3GPP. I do know security, though.

After reading this document and also reading the Security
Considerations section of RFC 7315, I believe that this document
is OK from a security standpoint. Few new security issues are
raised by this document and those that arise are properly
documented in the Security Considerations section of this
document. However, there are a few typos in the Security
Considerations section.

* The second sentence of the Security Considerations section
   ends with "the security considerations and assumptions (e.g.
   regarding only sending information to trusted entities) also
   to those messages." This clause is missing a verb. Maybe the
   word "apply" should appear before "to those messages". Also,
   greater clarity could be achieved by changing "the security
   considerations and assumptions" in that sentence fragment to
   "the security considerations and assumptions described in
   RFC 7315".

* In the third sentence of the Security Considerations section,
   "disallow" should be "disallows" and "message" should be
   "messages".

* In the fourth sentence of the Security Considerations section,
   "if a header field occur" should be "if a header field occurs".

With these minor changes, I think the document will be ready
to go from a security standpoint.

Thanks,

Steve