Re: [secdir] secdir review of draft-ietf-sipcore-sip-push-21

Benjamin Kaduk <kaduk@mit.edu> Sun, 06 January 2019 18:05 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 842581200B3; Sun, 6 Jan 2019 10:05:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fz5KfcjGkGxO; Sun, 6 Jan 2019 10:05:27 -0800 (PST)
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-eopbgr750099.outbound.protection.outlook.com [40.107.75.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F9A8127B4C; Sun, 6 Jan 2019 10:05:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oK2zvbCKSWr/6y6OtKXUybAmqNtGp3pXbcc5QPwenuQ=; b=rewQJ14r9QdjCSOVghQ2fVguBO90gKyWcmgNMMs+m4+IFhdey8McuunwU/yTRlErYTRM9hrBvGUIiARoidCV4AmCzxasaXCLTSM60qJCU70Z5DGdPoSzSXqb86nSxuDiyPCWmgtYoOiqUc7FKNlzz2NOquL4u9mKnv2FHDWFwcw=
Received: from DM5PR0102CA0006.prod.exchangelabs.com (2603:10b6:4:9c::19) by DM6PR01MB4025.prod.exchangelabs.com (2603:10b6:5:2e::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1495.6; Sun, 6 Jan 2019 18:05:19 +0000
Received: from CO1NAM03FT023.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e48::202) by DM5PR0102CA0006.outlook.office365.com (2603:10b6:4:9c::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1495.6 via Frontend Transport; Sun, 6 Jan 2019 18:05:19 +0000
Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by CO1NAM03FT023.mail.protection.outlook.com (10.152.80.157) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1471.13 via Frontend Transport; Sun, 6 Jan 2019 18:05:19 +0000
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x06I5FjY023682 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 6 Jan 2019 13:05:17 -0500
Date: Sun, 6 Jan 2019 12:05:15 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: Christer Holmberg <christer.holmberg@ericsson.com>
CC: Ben Campbell <ben@nostrum.com>, "Scott G. Kelly" <scott@hyperthought.com>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-sipcore-sip-push.all@ietf.org" <draft-ietf-sipcore-sip-push.all@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
Message-ID: <20190106180514.GM28515@kduck.kaduk.org>
References: <1546285539.44113084@apps.rackspace.com> <DB7PR07MB56286B4A2702A5FF1915D1D6938D0@DB7PR07MB5628.eurprd07.prod.outlook.com> <1546631184.64914945@apps.rackspace.com> <215DF6BE-69A3-4394-9BE2-EE7751957E07@nostrum.com> <20190105182119.GA28515@kduck.kaduk.org> <B02C0483-E53F-4C3E-8541-6FC3F2AB9DCC@nostrum.com> <20190105193346.GC28515@kduck.kaduk.org> <8D02428A-AC2F-4D80-A108-CE55833CFAFE@nostrum.com> <VI1PR07MB31674B4B0085EC2B6F4B385B93880@VI1PR07MB3167.eurprd07.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <VI1PR07MB31674B4B0085EC2B6F4B385B93880@VI1PR07MB3167.eurprd07.prod.outlook.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(396003)(376002)(39860400002)(346002)(136003)(2980300002)(199004)(189003)(786003)(26826003)(14444005)(50466002)(58126008)(54906003)(229853002)(26005)(86362001)(47776003)(316002)(5660300001)(36906005)(486006)(8676002)(9686003)(8936002)(93886005)(336012)(106466001)(53416004)(2906002)(106002)(33656002)(478600001)(186003)(476003)(6916009)(1076003)(305945005)(6246003)(246002)(76176011)(356004)(88552002)(11346002)(2870700001)(426003)(956004)(104016004)(446003)(55016002)(75432002)(4326008)(2486003)(23676004)(126002)(7696005)(18370500001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR01MB4025; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; A:1; MX:1;
X-Microsoft-Exchange-Diagnostics: 1; CO1NAM03FT023; 1:kZ5ZpKEukuvaBXBYVpvxD1zgTZKz213/JAp4Ma2vdovSfIJv90yUq7x2C1rEYKWmFHeh+k+CAiM28xk6Ltpqgz9olpTDvhtKoNnfKGn8raUYYH1mYyd2xx0tNTLwQ6/E
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 5ea75551-e944-4934-b345-08d67401850a
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600109)(711020)(4608076)(4709027)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060); SRVR:DM6PR01MB4025;
X-Microsoft-Exchange-Diagnostics: 1; DM6PR01MB4025; 3:cRv9gOQfrT6HKj11N3cEnO0vc7oBq1RMTHuj+epdN8AWkMyhhsF+kQWOtlbvPbfis3yiwTjzP9k3gIhHBO5Sg2m0dXHtJwG+aoHF2r9zkiu47yqY0SCx2u+WyHF7C7Fb8sS6Qm9azMaj6h6gVH/SDiXnkse8XyHqjnvh1giiY+xspQ/+xw7DPwI5udr+EqXoNNhCMEu2+FlxydWep/CX/h4dwj9M/Wfz7LainR0+471rqinredxj/xi6CafnPGp1MW4cbzSw0rXO4qwv0CxOBSUAygycmPWkNANS6cbtuA42fXrTlZ8tVPbFPM8Vytx3TAHyqP1DJLFLyTUZhhwzsfqVlGp+zFIRf744mDAMUuVAiz650mj7kJeoygMwerv2; 25:k3PFETf2bNtbp8h9N6uGAOXFraWMP4n37K1s3ScBagsB7qLUbUgCktaVS+qXTWnNystsBmA2m0YhCT0xaCmJUuVtht68ki99MtpqcROXLAl6V7xBEsaLCT2zIbK4H1JiwMWaza0gtKfcz6eDgtQps53wV8QlfkGncGYZIPsJzyubNxbnSlDjmrzdfYkXRh4fn2xl9lnTJeMz6IlANE0z/MZdJjCaGFfGwahKhN14RaCAaBk6ZcB8ywShgqCHyGKa25ikVqKYqAyu5Z+0LfyftpvepAdpBviAoExwGHPW2TR0nOrgay35dxeyEiDJSzVav7CqJkPzQYuGbJCyvP+KzA==
X-MS-TrafficTypeDiagnostic: DM6PR01MB4025:
X-Microsoft-Exchange-Diagnostics: 1; DM6PR01MB4025; 31:0fwopJpJP/th+c6Xs+4x6zrv3+EwaBvrs2T+2Pr0EGKdvPsZDcUwCiR6EHZWowwYaHNHFSbNPsYRd7UFd+KqxD8jEuI2CkwusDZQnd77pi/5Ko3s9FIALfd2wGrAI9thETQa3WpLFbYDLQFQMFpdx1cP7j9s1UZpOM4N/I6uf3fSBIRR2E4wTx+xLlfVfzYsDWKd/eH+91OWWgtJ/veXLtXgjSi0OZ4q3zDbg1gsTks=; 20:1PZ3JNNbMT8dBfVwXb1DwUivGgaC5/utRlGwyrLnSgpjnE4eaQJxdLkKaywbZR/1enLqWViB2zToFyJ7J87wZxwqXExNmtySWKp+4C7w2DeJ8xscYnPIlzDRBRc27U7zM+GASksHnmT9J0e2UVvEFNgSrogAoK567OEz3sWGXjKD57YOKo0BpaF50+r0M89MXmIqH5U6MzUKrmEvOLDoTU2ZrPkT8tUtDfSjrbhjxP2veJS+4T/BjVU1bEYxPZcVKF6UGeRsWHUsHIiaNk1peZGCXjNq+LHOk1H15cB80SfWbi+NeNpMhlLFH0KgGSm6Gm2uB/LCMpRAKsn4/pOUCvO0PEzL3+TaWZRJ9jt/PUTKy2fKnjzNi3PrjGJTyzS8gMgrSlyXQ44BhwpyjBT10piKESI0qB6qA0yz3SnrNwXE4xMLtR1xbT6HH150dwdXqmFtz6u8RcxrMBd7gUc7pRHgFLRsOoChQ8Bhhl2GJYHp4Dy81a1ykbpxVwv7xgHw
X-Microsoft-Antispam-PRVS: <DM6PR01MB4025B3EB6A445CB6D7E61801A0880@DM6PR01MB4025.prod.exchangelabs.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(3230021)(908002)(999002)(5005026)(6040522)(8220060)(2401047)(8121501046)(93006095)(93004095)(3231475)(944501520)(4982022)(52105112)(3002001)(10201501046)(6041310)(20161123558120)(201703131423095)(201702281528075)(201702281529075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123564045)(201708071742011)(7699051)(76991095); SRVR:DM6PR01MB4025; BCL:0; PCL:0; RULEID:; SRVR:DM6PR01MB4025;
X-Microsoft-Exchange-Diagnostics: 1; DM6PR01MB4025; 4:nLl4Bd8gjfgQ3PuxhMZftbIZknVx96RbWSHBVRytawCH9oVQ03r1KuUmQHyuoTimjoFGdBaXnLdMiNlOfd/8kmrxaXfW+HnQq+0hNluWPZ8hMuYdMWgB8Gy2swzj2otgqsFOhMq/eGDAdaLQMrminBCLmPF068xoq77vh+b0mS/5cYlCU7fcNhQwAD+w0VKt3eS9fvOwD1zRZ/Nth7JjKPYBx2zTj5aD6meeMZzV/SkMRXIm/T5ey4K/kYe51pAZXOi3SfBFbUus9HvbK53LW3dR1sOHkRd9Q9kQ8foX+40+eeOGoKikTxuo4rBlp6/U
X-Forefront-PRVS: 09090B6B69
X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTZQUjAxTUI0MDI1OzIzOkZJR1BRaENQTkdTMzFyc3NXZXZyR0w2UjRk?= =?utf-8?B?aEp6S0hLZkFLa3dZR2lVNktDRW9VS1l5SE80WTh5N1RiSXZsYmU5VnBsZEMy?= =?utf-8?B?WGlsTDNoeDhYcmZsS2NWdTUzTWlEdUZqajh5QmFNMGFkSmJlS09NSVZGQ0dQ?= =?utf-8?B?c0Z2WFptWjBLM0lhM1FLTTVZOFl0YTE1SS9VWk8zSlJoRk1TaGxUS2FSbXJY?= =?utf-8?B?Rnl6RjlTU0dqYnBHRlJLYndhKzI5dWtYY2REZEh6eFdNaDM5SzNwSXppS25E?= =?utf-8?B?RTA5d1BJamUvdmtvSlBFcTd3VUh1OEtpNzVGZzZiUm9ESUVER0ZWYm1yb3NT?= =?utf-8?B?NXQwMFBNdGMzWFdsa2JxYkMrZjhvTFV5dFVjVEZXQjFGbnNkK2hpczhpQ2I2?= =?utf-8?B?N0VmbGFLUzh1SlFVSVhrWjZIRDlsQ0JlM04reS92ZnBVZ1g2a28wdlV1SXZo?= =?utf-8?B?ZjRGVHg3dnh5TlNEd2xkNjZxSE14MG5aZmgrWGpnV2cxMURpWklkV3lZWG9h?= =?utf-8?B?WHZ3Y2VPYVZYeldzNDJiQmxRUDI4bEZkSGxCaytxY1hlT1hnUlpDZEFIcm1G?= =?utf-8?B?UktpejdyemhFY0VyTHNsbGtpTXJ4UlBVNXNxb1RjQzY4SFpxU201NTM0SnYy?= =?utf-8?B?dGp6QmlvamdyZ3doVEFLNS9jVTVKSjQ4WlFLbk9DZVFEL0pMUGYxamhkVFFi?= =?utf-8?B?SW5LTjBidWFiUnM2bWxCQjJMS1pzNkQrV0ZRSkt1TjJkNFd4d01sdnFvREFQ?= =?utf-8?B?bjNqNWZaS0dsNHZka1BkNEFuSFJhdzYxdVllS0krdXg4V2YvbnQ1K2hXQWdZ?= =?utf-8?B?TGZhOVpSb1Z3a01RUWl6SmdxU1pFR1FwS3Zpbi80ZTljaVcrZnh0TW9lQVlN?= =?utf-8?B?YktBNmJWQ0tqYXlET1ZRV2RqNmwxOGlxM0NLWWZndVE2Mjl5eWpvL0VkVHgr?= =?utf-8?B?SXNtL1BMZ3ZqZFQ3cjQzY05tSUZJOVNObjl2THlUNzVVZXhhLzVPS1lEN2Nh?= =?utf-8?B?MTl4U3JqOWV6Vk1JVFhsK2VHT2J3M3ZzTDJLQ25wZGlpU0NrT1B1Qm0yVk1m?= =?utf-8?B?TS9KbXM5U2lUMEpLUHJZcnY1eDRrSEFXUlVCdGtUd29IcDJKdnlWbHpjb0FL?= =?utf-8?B?WndKSkxOT0J3enlubUJ4YWc5ZmhoYkN4NE0vNGVOM2VnbUVsY3RoemV6bFV0?= =?utf-8?B?a0dUa2NZd3RwNTM4OUEraFE5MnJvOGZjMFhabUt4bXFlelVsbzNuK0R2ajRF?= =?utf-8?B?TnNtSVd2QWxjNjQ2L0Z3Q2tYYTBYeVV4aWNZZG9BS3phTHpaaklOODdoS0xw?= =?utf-8?B?bnBrOUIxWGVMa0VUeCtCWmd4b2VNMHlJa2dHUUZmN0lnTUFOQkdqWmxENnQ5?= =?utf-8?B?SHhzZmh4NkJRbFEvUDk0MjdIMjMxazBMOTY1STMvRVU3eDEyWXJRM3B6NnQ2?= =?utf-8?B?SkViWHBEd1hjWGkrOGJ1aWx2WDZMZk1sYUVZeXdaKzNxRFNRTTZKNkRRc2Fi?= =?utf-8?B?c0NIMVpQREJQdFlFMjArb3Rpb0R4N2E1YmQrZVlRNzVjSkl5QzdFbHhoa3Y5?= =?utf-8?B?SWF2OTRyNHU5K25wNzJ0a1hMeHMzRGxTY3A2T2Y3aXh2bk1NZTZCb2xiditm?= =?utf-8?B?MmFiNUZYY1N0eWlsTDdyVmd5WnU0c0lWdldQRFBENnNrMDRrNGVoUGcvN2Ex?= =?utf-8?Q?6BdZXQsGcxe45cO2Cc=3D?=
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: tQsKDrpjszGs/fdFN/XFlWhDu9d78iIlzScGhuY3JYVTMVWy0hGOfdLjHo+miaSgK2XloIUM/3hjzBtXXcnfLFyYvbrkJZSNke9uCIogtsJAFYEnL8BZ+FPPCdSjSZByEWKfzArVl9Z+Myq/eNHbZo+puP+2Z38UMDRrSgqe7jVbJ2hHGILowvAKt820+OWRG5DHC725gLWDwZMzJswYrsicGGY4EzCQ2mGSVRRIQIQbGVdkXquvRTch/ew7227yC3HeswGFCOYlU7S/1qjB5vpFcg5Lff7hX8lwSl+dsSuBT4YJ0wRy72xtdc7+zK9a
X-Microsoft-Exchange-Diagnostics: 1; DM6PR01MB4025; 6:+vCEVpquKjo2xy01nWbByhFMDf5iyxRtRetqysHLtpgkOiNcrVmydpfvgkGi6b+LjQuWwVYRDA0EPJt0Cla5ni5WssvqP95Bs1CHpkLWP7ue4iMYRRXS/5dYWXZYaS2RLBTJpMhloup4DxvTprwKaezK5MCz+STSRnMYfCNu7eLVO5acRWQO19W+2psAlQP+LcLXLf1gyJE8RH7wAdLR/4R791lEiZJblabaD2DGoeKlAwwIkpZe9fsTp9otlXRKazqdXEi/B+E36/fSaB8EoDp/2D70T5q1iZfCuEJatPdvr/kreqi4PpEj2dXDChnWys6aI0KQdz4TZqn0wdTwtU+3P1UeSlcf+x9aXKcDx0a6QeQmT/BKJNC8twRsDwli39HjJzJSkIOQZE9lfqeHq4nhh5vaoBQGO18zITSySG1E9LNkMt3G1szLvqOtnEhqkC/Hw8ceYpAqQBVtA3Wq/Q==; 5:vikZ4KoKsxj7P5J2cGErGwWXIt6gMUtbqmj7rBWxpe+69jTQoYGHrKntpdSlpn9Qo5SXEEBeSkeG5QUEdkr+VSAmyaxM+nJIJWOcjLOY9288M01lK/JyGoJlSk1cH/WNwM74ZTxylT+mSRZLLKeOYIGJj6MmRl2xFp0p1xJitxI9uFT4njG5sucaWD2kKeEi6BQqAwxzaanijY39BP4v6Q==; 7:cBbKVmFZ6H2w1dPqQ+WUP1fuEWXi4H4wbfAdm3zBglz3YU6+K7ptz0NfKz/0LRn9RAFS6z0U29DBjtai0h4mFzlvK41wHsQdcH95MVjFSFNYDFJEGucGdgkeJyI3VFSAyoml3gzxhMf5M8EKeKlDEA==
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jan 2019 18:05:19.1301 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 5ea75551-e944-4934-b345-08d67401850a
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR01MB4025
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/zTzK8ht3ZdZq1Lp86SbsiMvtav4>
Subject: Re: [secdir] secdir review of draft-ietf-sipcore-sip-push-21
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Jan 2019 18:05:29 -0000

On Sun, Jan 06, 2019 at 04:10:11PM +0000, Christer Holmberg wrote:
> Hi,
> 
> 
> For some reasons all replies were not delivered to me yesterday, but I hope I am now replying to the latest one.
> 
> 
> …
> 
> 
> 
> >>>>> That all being said, I would be happy to see something to the effect of the following
> >>>>> in this draft: “The security considerations for the use and operation of any particular
> >>>>> PNS is out of scope for this document. [RFC8030] documents the security considerations
> >>>>> for HTTP Push. Security considerations for other PNSs are left to their respective specifications.”
> >>>>
> >>>> That seems like a pretty nice way to say it.
> 
> As indicated yesterday, I would be happy to add such text.
> 
> >>>>> Would that be sufficient to resolve your concern above?
> >>>>
> >>>> I think I would still like to see some indication of the potential
> >>>> consequences for the mechanism defined in this document, if a PNS does not
> >>>> (properly) perform authentication and authorization between UA/proxy and
> >>>> PNS.
> >>>
> >>> (Having not yet read the whole spec I don't have a great picture of
> >>> exactly what those consequences are.)
> >>
> >> That’s reasonable, and I think fits into the category of consequences to the SIP network
> >> due to the interface.
> >>
> >> Thinking out loud: One thing that comes to mind would be the insertion of false push
> >> notifications by an unauthorized 3rd party. It seems like the 3rd party would have to
> >> learn the necessary parameters, which might be difficult. How guessable these parameters
> >> might be would have an impact.
> >>
> >> If someone succeeded in this, I imagine it mostly as a DoS attack on handset battery life. It
> >> could possibly be a DoS on the registrar.
> >>
> >> From a privacy perspective, an eavesdropper might be able to infer something about the number
> >> of incoming calls to a handset. Hopefully there’s not much in the way of PSI in the push request
> >> or notification themselves.
> 
> What about something like the following:

The general trend is looking good.  I'll probably have some wordsmithing
suggestions for "TLS MUST be used, unless [...]" in my ballot but don't
have a great suggestion right now.

-Benjamin

> OLD:
> 
>    "Operators MUST ensure that the SIP signalling is properly secured,
>    e.g., using encryption, from malicious middlemen.  TLS MUST be used,
>    unless the operators know that the signalling is secured using some
>    other mechanism.
> 
>    [RFC8292] defines a mechanism which allows a proxy to identity itself
>    to a PNS, by signing a JWT sent to the PNS using a key pair.  The
>    public key serves as an identifier of the proxy, and can be used by
>    devices to restrict push notifications to the proxy associated with
>    the key."
> 
> NEW:
> 
>   "The security considerations for the use and operation of any particular
>     PNS is out of scope for this document. [RFC8030] documents the security
>     considerations for the PNS defined in that specification. Security considerations
>     for other PNSs are left to their respective specifications.
> 
>    Operators MUST ensure that the SIP signalling is properly secured,
>    e.g., using encryption, from malicious middlemen.  TLS MUST be used,
>    unless the operators know that the signalling is secured using some
>    other mechanism that provides strong crypto properties.
> 
>    Unless the PNS authenticates and authorizes the PNS, malicious users that managed
>    to get access to the parameters transported in the SIP signalling might be able to
>    request push notifications towards a UA. Which such push notifications will not
>    have any security related impacts, they will impact the battery life of the UA and trigger
>    unnecessary SIP traffic.
> 
>    [RFC8292] defines a mechanism which allows a proxy to identity itself
>    to a PNS, by signing a JWT sent to the PNS using a key pair.  The
>    public key serves as an identifier of the proxy, and can be used by
>    devices to restrict push notifications to the proxy associated with
>    the key."
> 
> Regards,
> 
> Christer
>