[secdir] review of draft-ietf-sipcore-reinvite-06.txt
Stephen Kent <kent@bbn.com> Thu, 21 October 2010 02:16 UTC
Return-Path: <kent@bbn.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CA2483A68E3 for <secdir@core3.amsl.com>; Wed, 20 Oct 2010 19:16:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.46
X-Spam-Level:
X-Spam-Status: No, score=-102.46 tagged_above=-999 required=5 tests=[AWL=0.139, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t9CPab3kB1+P for <secdir@core3.amsl.com>; Wed, 20 Oct 2010 19:16:13 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by core3.amsl.com (Postfix) with ESMTP id 416DE3A6925 for <secdir@ietf.org>; Wed, 20 Oct 2010 19:16:13 -0700 (PDT)
Received: from dommiel.bbn.com ([192.1.122.15]:36733 helo=[10.84.131.15]) by smtp.bbn.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1P8kiv-000JYC-Rj; Wed, 20 Oct 2010 22:17:47 -0400
Mime-Version: 1.0
Message-Id: <p06240800c8e55027a17b@[128.89.89.159]>
Date: Wed, 20 Oct 2010 22:17:29 -0400
To: secdir@ietf.org
From: Stephen Kent <kent@bbn.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Cc: gao.yang2@zte.com.cn, pkyzivat@cisco.com, Christer.Holmberg@ericsson.com, Gonzalo.Camarillo@ericsson.com, tim.polk@nist.gov, rjsparks@nostrum.com
Subject: [secdir] review of draft-ietf-sipcore-reinvite-06.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Oct 2010 02:16:17 -0000
I reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document (draft-ietf-sipcore-reinvite-06.txt) provides clarification on how to process a re-invite in SIP. The notion of a re-invite is defined in RFC 3261 (SIP). This document was created to clarify the description provided in 3261, based on feedback from implementers. It includes a number of examples designed to clarify. It is fair to say that this document not only offers clarifications, but also makes some changes to SIP handling of re-INVITEs. For example, the document notes that "Section 4.3 specifies new rules for the handling of target-refresh requests." The document makes reference to "properly" authenticated requests in a couple of places (4.4 & 4.6), but provides no indication of what constitutes proper authentication. I think it would be appropriate to include references to whatever SIP security mechanisms are currently recommended for message/session authentication (as opposed to what 3261 said 8 years ago). The document has a trivial Security Considerations section: This document does not introduce any new security issue. It just clarifies how certain transactions should be handled in SIP. Security issues related to re-INVITEs and UPDATE requests are discussed in RFC 3261 [RFC3261] and RFC 3311 [RFC3311]. I checked 3261 and I agree that this document provides a decent review of security for SIP in general, but it makes no specific mention of UPDATE or (re)INVITE messages and attendant security concerns. RFC 3311 has an almost trivial Security Considerations section, but at least it does specifically refer to UPDATE and (re-)Invite messages, briefly, and the need for authentication. I think it would be appropriate to add a discussion of how these clarifications operate in various SIP security contexts, e.g., use of TLS for point-to-point SIP security or use of S/MIME for end-to-end SIP security. A statement that the security offered for SIP when the initial call setup was processed cannot be undermined by a later re-INVITE or UPDATE would be reassuring (if accompanied by a rationale for that statement :).
- [secdir] review of draft-ietf-sipcore-reinvite-06… Stephen Kent
- Re: [secdir] review of draft-ietf-sipcore-reinvit… Gonzalo Camarillo
- Re: [secdir] review of draft-ietf-sipcore-reinvit… Gonzalo Camarillo
- Re: [secdir] review of draft-ietf-sipcore-reinvit… Stephen Kent
- Re: [secdir] review of draft-ietf-sipcore-reinvit… Gonzalo Camarillo
- Re: [secdir] review of draft-ietf-sipcore-reinvit… Gonzalo Camarillo