IETF Logo Mail Archive

Re: [secdir] secdir review of draft-ietf-sipcore-sip-push-21

Benjamin Kaduk <kaduk@mit.edu> Sat, 05 January 2019 18:21 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4EFEC130E91; Sat, 5 Jan 2019 10:21:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LwqED3LyJsoo; Sat, 5 Jan 2019 10:21:26 -0800 (PST)
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (mail-eopbgr700106.outbound.protection.outlook.com [40.107.70.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4220C130E84; Sat, 5 Jan 2019 10:21:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=a+gESwFNR6wqz9t549F7qHpwgSV3oQrpj4jr0QKgRcA=; b=I2CQmChHuZHHGnBIPJzEoON9IwoIsQp0NoBZjSX5cZm6ZY2aR1YriJbOdktvNaWwFQqcsFG3Bmkut9YxpjBLqGRhWVt9hpmjVH+++YxiZLBcei+CYy6sO9q8+NH+6D45+jWxjZ/FnbDrkzf8b4+6fFZ1XOxzScNP7j22LvvIoeo=
Received: from SN6PR0102CA0001.prod.exchangelabs.com (2603:10b6:805:1::14) by BL0PR01MB4804.prod.exchangelabs.com (2603:10b6:208:7c::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1495.6; Sat, 5 Jan 2019 18:21:24 +0000
Received: from CO1NAM03FT021.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e48::207) by SN6PR0102CA0001.outlook.office365.com (2603:10b6:805:1::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1495.6 via Frontend Transport; Sat, 5 Jan 2019 18:21:24 +0000
Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; ericsson.com; dkim=none (message not signed) header.d=none;ericsson.com; dmarc=bestguesspass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by CO1NAM03FT021.mail.protection.outlook.com (10.152.80.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1471.13 via Frontend Transport; Sat, 5 Jan 2019 18:21:23 +0000
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x05ILJCD024897 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 5 Jan 2019 13:21:21 -0500
Date: Sat, 05 Jan 2019 12:21:19 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: Ben Campbell <ben@nostrum.com>
CC: "Scott G. Kelly" <scott@hyperthought.com>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-sipcore-sip-push.all@ietf.org" <draft-ietf-sipcore-sip-push.all@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, Christer Holmberg <christer.holmberg@ericsson.com>
Message-ID: <20190105182119.GA28515@kduck.kaduk.org>
References: <1546285539.44113084@apps.rackspace.com> <DB7PR07MB56286B4A2702A5FF1915D1D6938D0@DB7PR07MB5628.eurprd07.prod.outlook.com> <1546631184.64914945@apps.rackspace.com> <215DF6BE-69A3-4394-9BE2-EE7751957E07@nostrum.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <215DF6BE-69A3-4394-9BE2-EE7751957E07@nostrum.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(39860400002)(346002)(376002)(396003)(136003)(2980300002)(199004)(189003)(4326008)(1076003)(8936002)(8676002)(246002)(6246003)(6916009)(55016002)(9686003)(305945005)(356004)(26826003)(93886005)(508600001)(106466001)(336012)(33656002)(54906003)(7696005)(76176011)(88552002)(14444005)(50466002)(316002)(486006)(956004)(786003)(11346002)(126002)(476003)(36906005)(446003)(58126008)(53416004)(426003)(47776003)(2486003)(104016004)(86362001)(186003)(75432002)(2870700001)(2906002)(23676004)(26005)(106002)(5660300001)(53546011)(229853002)(18370500001); DIR:OUT; SFP:1102; SCL:1; SRVR:BL0PR01MB4804; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; A:1; MX:1;
X-Microsoft-Exchange-Diagnostics: 1; CO1NAM03FT021; 1:+dVYgmEsVU7k9HO6BreAzRxUWZCsOkHtH/vZXmiEeL+SQ085DeR6AOtzYscVptzfiGHyemkMBnPWnfK8aaRlwYPdiI+ojHC/nd6LiPthSd3++0JgATmU7bcYnI9U/MXc
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: f6e41800-4599-4088-a4f7-08d6733a999b
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600109)(711020)(4608076)(4709027)(2017052603328)(7153060); SRVR:BL0PR01MB4804;
X-Microsoft-Exchange-Diagnostics: 1; BL0PR01MB4804; 3:wdzI3nVYxE8FQeNh7DKVJLtmCad3h+CDNkBENZ07xfDr8Cl72ie8jJzbNKH6MvNRTJCYjwlMwSOkSXfoAkQPfVJL+NdVaqRvxC156rJ6rbMv/iEyUizjBCfcbIF5uCuy2sPd0+miPNAt3d6fbhFXnbi+50u96NbEXFXWM+HFrCK1JYNvVHwxI+8Yc66jNGq4kWTmwmICrpjSy8WV5jZiE3GmTj7aEFgyN6z24Ir7JDAeOhV9sEhEXY+x7JV9oZaa0PsZMNVpzBjyP3HVfRkoO8lXMgpmcuwCl61P9h26IUcXlcDHcdvjADybPbLCh95tqz3GR+ZYWj/eyy3t1ZQTpkCqM7KaWFqfyCf8O0wRgwtE8/yl3MQ1UZWBtou2pRIE; 25:lO92BC/M2+e3E3/g0B2JlybDkoY5aQyRUvSaUywCB+MKQ07kgoAlgLlZKPldKWlDe08EuAZoblfwN7BpHKcjVGx722Mz/AUNeoIBoZ8TITfDyrP3IJt1KO1nusxKj85ZT6Y51ZLssERX00VnaptNGhgvjOB9oH6zr90po2H92trHKe+2xYaJUtEl6xEEGtCgwsKoKcGw3+Dsff0Lwm4RJipEWaEHfwBxojdRJ1rdgqAC1qrmryS7tZZluZevSDC/eD6TZyvxn9modR/sZHsyeN7rbFdijiKgFN6VdluBfYL+kA06yaOokZuDhKEd72jsM7Tusl8VGEyq1IHeSJ85tQ==
X-MS-TrafficTypeDiagnostic: BL0PR01MB4804:
X-Microsoft-Exchange-Diagnostics: 1; BL0PR01MB4804; 31:dxCN0Qv4oV5thuIvy2GaS7TZtorddbxamvBN677BGHdDK1RTh7YToSXyLpHxcyi7xUWHKQ2to9PANICRTLSvdUTtLHljCiDTp5GwXIwqQEFHxThcG9ggSZXFnLeERl7fxzq+/AVj8R4cYoQq5ET1+D6yU1SABf3Df1qf3yNRHzWXj6su7E2YUEpVCh+660RjBpxJyOZPBqN7meMIJ6AP6zsjFGZO0P5P6LPwQrUtlHw=; 20:Ty3TlSNf/vyfhyVI5xxPlq7ya2UGwX+CurCON3M177jeJOawlB7YUVBt1asXLlo4PgTMqoIB+8w6WYxB/+BlPUQf3xkdDYuBfkp/fal6OcTWvPurX6/mVI5Os4Q8rcS4vUbsPHKd519Uf1EcBl5PFARF8fW4XYOyyJi6axt3RJpnkKva+DjG1H+ExGDOtKotiAsxcpmZIoAltLJSrc4hKf8lhS2FwZywXTXncakzG1WaxuybaRoDGaAttUuyxsnDjq7w2kUu53n+0uvR2kphOsxEgP+PUqfEQkT/oYa9DxbbKkaJqbFWENv7YMfwytYbOHyk1F0ir4EAYvplKFpzWnB1hENfog1/7R8YLd/joEXRuK8ibm9akTaL1Cobb5mGVHi3KUWgf8mhQMpVmnl3g/rokMroMdQcgIU1MpLPera6IfAfxbJPwt0CVdldbV6egA5ttrPxONQv7EdVKfS2fPucQqUwi0aO49Zjst+N9Jb+w+Jh4tZsetmRpIR/oRgN
X-Microsoft-Antispam-PRVS: <BL0PR01MB48043075158A74CCC3B02B19A08F0@BL0PR01MB4804.prod.exchangelabs.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(3230021)(908002)(999002)(5005026)(6040522)(8220060)(2401047)(8121501046)(3231475)(944501520)(4982022)(52105112)(3002001)(10201501046)(93006095)(93004095)(6041310)(201703131423095)(201702281529075)(201702281528075)(20161123555045)(201703061421075)(20161123564045)(20161123560045)(20161123558120)(20161123562045)(201708071742011)(7699051)(76991095); SRVR:BL0PR01MB4804; BCL:0; PCL:0; RULEID:; SRVR:BL0PR01MB4804;
X-Microsoft-Exchange-Diagnostics: 1; BL0PR01MB4804; 4:uoffL5BBEeuyNGrIHPQDk0FDaccg2Gk1McVhTWFQGj8XxArJt4jQo78nG5orp7lVUhfb+ChDX0eW4+AedaDgJgeZqFVDeuXnS+ashDhnBZ4NT/znBKJ+nV6a2o0Ib8JfR2CYytsUSJAclIgDYU4ce+W97k24BZzFYNMRTf7PZ5ZGX44danUE0OI6Zp6Xi/6Wa0BIzsGg/NopDG5z1D3adPPENCpQ98bNIujXnSo1lVLC1DmmLqHv0QVIpfzZvig69IFSs78dcNig/Z6Q8pvAmmVAU1WkwRKKZ0uJleJGcvyKVv6NLr1rythEKm/YCde3
X-Forefront-PRVS: 09086FB5C5
X-Microsoft-Exchange-Diagnostics: 1;BL0PR01MB4804;23:yGXO9MGabwbWlNRS9ltAoV3wgoy3MB2W0W7ORsUkHwi/+/1ZYKDMttuvF8wfHJIiH/oTCZSgJOcmMffV0c32Gkg6tpJCR+a9FUqtChfhe4GzfWu3FZXMFLa96u/9z/nUcXaBMCOy8VknVxvhcS8sGBn7YNNK9eNofW9H87pEuor0TOPPSAmgv4BI+6ewwRYrtwsrb5Gf9k5BKlYI7aGtvPHcclXPc/Tk0pMZP3KO6a9WBmjeb7o1sr1HCdL0JfTtNo9yx8ksJt3M4y/zG1sdH8BMo13BEztgCNobeFVQf5ABs4M691oXeygNviHAnIvsb/gn7Did4ME+cAduKYOCPCxFEbtvPcJgK3/B2CwAsqHHjgR5giA6UiB8IYqNsuPq+T9tL6ZSA1b9QBOQ/4W7TRYxxxNQPSx8KYd+MNr1Pkd+4cym8biE5P+GqEsmMkZ0kx1WsNrbRXJKMjyZdxkV1p0gGSXAntKMpSNb5/r68qLLvu4EQqLH6YcO876apwiRQpgahfQzg1gQZJPYj07i3UTnddeydXLkT80IgAAYN245SAJevirK4kmk1bc99bB0HNoSA8jgojcYpLHGZPKU2KYh0Ue3yxVYF6FMUFyHpKjAqiYcEWpatQFZKFpQm+4fTMCwK1/hyf1Ej6vnoCING9akRwoWBYMAkMR37zlwzbRc3q8QZTTSfpOgR+17pwuNqCEjTh68X/aYqywR8RP884dpQTe1J63DhW69GhX00Xihzm2bY+2aXIoUk9apOrSNz0WBcx+JSb2vDBwcWGaJ8+X8bBhv0e9WscaY1UjhzP9KseimcCTbBOugpBkjIi+OBJEMu11UOk7LyPpmN45qAd32lrC9V1NMbKCazNTiEtwySwqKNqV9K+ZyKYbJRvDZDai1EWg19ehd27G5CQqbSwyXe/NBDdmpIHoIrpZO/NnXGoLgx2KmRHWFjLlcRyz8En9qodhpmnow1Q4yVDGq9k6bhB7+rzBtC5mIGDGjrZO/D6sEoqQav7uRj0u2tLVAckUi9hFXbyQrEdiD34EyeHdKe6RFuJlUpRzzRpa7nP3Gx8lPeHv5dBirQjHL+IGDs+xzGYKkVlS+eb+UYURwOqo6l0KWUob1mqqEZdu97BRSjXNZni0TFWpTb6TdpWHOCZuGf2cLBRIiNShe1V0nVXK+Tzthx7/N4FcMXVVRUaqmp2InegcP+C9PW1zPcQzuKW5fQQ5W/D8vf0W4qXlOVqEkyAepS1yT1MVoibdob4rAUpP+Ahrbjc2InHi3MALb
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: MFjPOjDCvxeVu+ldM6HWL5P4QmMqXLW1v1KCsj0DMAdLKfc2XxAn9IeTIpZT4VrD95Xl3M8dvil1lZV9tLQTu/3OXTMcQvfiAMkAdHHh2p8x/lKsxwJkF6CZ21mY2HSKPl/FasITfdcuJnqnyAYOOeN5Sp4TCcNylbiPGGrd+noYje2z0s0hyd8KR6ds1V7cqMmi0B3bG8F73zQUiQ6jULOXxaBg86izWhbNdFAdTygvj7+RJWtc0zzxAsIKA5Qyjui2UNJ6ZztNEIqcU4j0NJSAMMrKp1xTQyfLlW7ifXqjxt9UeXkX3K5///1IVujZ
X-Microsoft-Exchange-Diagnostics: 1; BL0PR01MB4804; 6:1EFJirS1AGYyfWoZ7GN5gXBCJGBEODxxVc5pue72UF5D/O01zLwJopoYkHGoJgXplE4C52BnaVhk9wE6e3pUpoqwRdypmwUmum3lVlcnfnS1ZF+zZP3Xs0saGS9tn3t1RwgYIBcb+yVCn4WnMFIDEDr5y/5lglzhPA9lqgsPAQ58XGI0bKP/AbS5BfcSJOkhn8VMSAzEA+x6qTJcG28k0FTFQ+M0FLnd7gAcJmLyXedZWJKnzIGaJw3p9xAjnYgk0xKcVwjNlB+zNvscskWofx/nBHtzWIuOSyhZQsJMZBCd9E4kPAfZSWht1mL6e/93r4pHL8lRFHC8LZe5eh8lEmLyDvW1l3iIgktzgCAXGbJxExFOIY4nV0DG81Y2q8n/oYx62tvGJOI0QEgXxxtb2lX0wPMH2EDb5rBlGlk8Qwzy2YMH5LSsvLv+NJ37Tby5GgbKcl6x74VH1TQjce9zvA==; 5:/14q+AJgGhEaATMwVkMP6GPwaEIlVdLX0dDIutDlhBDtCk+QZ+hQL+6i9XP655+JyXaewpinm0I9RWGx+TViq6i7TWLPgulOipVzBUNJku6eTjzziU7ZU7+1/p+YxuwHhdreJZ1rgnwIHJq+EsFmaW+QhgVAuyT10bxciiu2bNt3ZIxNap8+bBfSfYSulLVuTiChd0/TOfLN3OV2HVPxog==; 7:BV5vNQF15O4iSZd5TAne2lXGNO2mK8UhRA/IqF6LqEXIGhnkTH3zN8tQZUkueCtdPtbrAhgzkDcqjDGNQOvsMzxCUJj+OUKTLBs7xOmEhlvBDNqh36pcTr2HCAbatTN52x+rNJ2jbl1jzHa47jOTjw==
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Jan 2019 18:21:23.7696 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f6e41800-4599-4088-a4f7-08d6733a999b
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR01MB4804
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/mJqDFbTzudwnWzDTYofr2gKwLAU>
Subject: Re: [secdir] secdir review of draft-ietf-sipcore-sip-push-21
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Jan 2019 18:21:28 -0000

[with the caveat that I've only read the security considerations and not
the whole document, yet...]

On Fri, Jan 04, 2019 at 05:15:43PM -0600, Ben Campbell wrote:
> (Speaking as responsible ART AD)
> 
> I will let Christer work through most of the comments, but I want to comment on one in particular:
> 
> > On Jan 4, 2019, at 1:46 PM, Scott G. Kelly <scott@hyperthought.com> wrote:
> > 
> > I don't know what other documents have been produced by the WG, so maybe this is covered elsewhere, but there are generic security considerations that apply abstractly to this use case. I think this document should either point to documents that describe them, or explicitly describe them here. For example, 8030 lists confidentiality with respect to the PNS, privacy considerations, authorization, DoS, and logging risks. All of those apply here.
> 
> 
> This draft is about how to carry some parameters in SIP that get used with an external PNS. It should definitely document security considerations related to carrying those parameters. But I don’t think it’s reasonable to expect this draft to document security considerations for PNSs in general. That’s up to the spec for the PNS itself. I recognize that two of the mentioned PNSs are proprietary; but I still don’t think that puts the onus on the IETF to document their security considerations.

I agree that we don't need to document all general PNS security
considerations here, but just because an interaction is PNS-specific does
not excuse us from stating what requirements we place on that interaction.
It is rather unreassuring to read statements like "[d]ifferent mechanisms
exist for authenticating and authorizing devices and users registering with
a PNS" and "[t]ypically, the PNS also requires the SIP proxy requesting
push notifications to be authenticated and authorized by the PNS" with no
requirement that such authentication and authorization actually occur.
I would expect to see either a requirement for such
authentication/authorization, or some indication of what risks are present
when they do not (e.g., excessive resource consumption, DoS)

> The categories you mention from 8030 do seem generic, but the text in the respective sections of 8030 seems fairly specific to HTTP(S) Push.
> 
> That all being said, I would be happy to see something to the effect of the following in this draft: “The security considerations for the use and operation of any particular PNS is out of scope for this document. [RFC8030] documents the security considerations for HTTP Push. Security considerations for other PNSs are left to their respective specifications.”

That seems like a pretty nice way to say it.

-Benjamin

v2.23.0 | Report a Bug | By Email