Re: [Simple] Draft new version: draft-ietf-simple-msrp-cema-06
Ben Campbell <ben@nostrum.com> Wed, 27 June 2012 20:40 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: simple@ietfa.amsl.com
Delivered-To: simple@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D300E21F85E5 for <simple@ietfa.amsl.com>; Wed, 27 Jun 2012 13:40:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.6
X-Spam-Level:
X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, SPF_PASS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xUCfqc0GViVz for <simple@ietfa.amsl.com>; Wed, 27 Jun 2012 13:40:22 -0700 (PDT)
Received: from nostrum.com (nostrum-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:267::2]) by ietfa.amsl.com (Postfix) with ESMTP id F2C7B21F85D3 for <simple@ietf.org>; Wed, 27 Jun 2012 13:40:21 -0700 (PDT)
Received: from [10.12.30.47] ([4.30.77.1]) (authenticated bits=0) by nostrum.com (8.14.3/8.14.3) with ESMTP id q5RKeDpM003096 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Wed, 27 Jun 2012 15:40:16 -0500 (CDT) (envelope-from ben@nostrum.com)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset="us-ascii"
From: Ben Campbell <ben@nostrum.com>
In-Reply-To: <B7567DB6-0B19-4993-9DBB-B4AF1B003832@estacado.net>
Date: Wed, 27 Jun 2012 15:40:13 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <E82D4D27-812B-403C-B686-27BF0A9975F0@nostrum.com>
References: <7F2072F1E0DE894DA4B517B93C6A05853405AF4115@ESESSCMS0356.eemea.ericsson.se> <B7567DB6-0B19-4993-9DBB-B4AF1B003832@estacado.net>
To: Simple WG <simple@ietf.org>
X-Mailer: Apple Mail (2.1278)
Received-SPF: pass (nostrum.com: 4.30.77.1 is authenticated by a trusted mechanism)
Subject: Re: [Simple] Draft new version: draft-ietf-simple-msrp-cema-06
X-BeenThere: simple@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SIP for Instant Messaging and Presence Leveraging Extensions <simple.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/simple>, <mailto:simple-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/simple>
List-Post: <mailto:simple@ietf.org>
List-Help: <mailto:simple-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/simple>, <mailto:simple-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jun 2012 20:40:22 -0000
As individual: This revision, along with discussion, addresses my comments to my satisfaction. I have no objection to the proposed new normative change. When I first thought about this addition, I wondered why we would burden CEMA with it, rather than find a way to apply it to MSRP in general. But on reflection, it seems like CEMA is really about making MSRP easier to use over middleboxes. I think this makes it reasonable to hold CEMA to a higher standard for fingerprint management. If we do some general update to MSRP in the future, we might still consider adding the requirement to the general case. We should consider, however, whether CEMA has any common use cases where a self-signed certificate and associated fingerprint would change all the time. (e.g. if self-signed certs were ephemeral). Thanks! Ben. On Jun 27, 2012, at 3:33 PM, Ben Campbell wrote: > As Chair: > > Hi Everyone: > > Christer, thanks for submitting this. > > Everyone, please take a quick look at the security considerations in this version, and send comments ASAP if you see an issue. If you made comments in the WGLC, please confirm whether your comments are addressed (I'm not sure if anyone but me did--maybe Paul?). If we don't see an objection the end of the week, we plan to restart the process to progress this. > > Additionally, we've had a Security AD suggestion to add text (probably to section 7.7) to the effect of the following, which would add SHOULD level normative requirements to watch for changes in a fingerprint for an identity, and warn of any changes. If anyone objects to adding that, please speak up ASAP. > >> "When a UA receives a fingerprint, that represents a binding >> between the identity as established by TLS and that established >> via SDP. As previously noted, the fingerprint is vulnerable to >> an active MITM attack from any on-path proxy. UAs SHOULD >> therefore locally store fingerprints associated with the >> relevant identities when first seen, and SHOULD warn when a >> new fingerprint is seen for what otherwise appears to be the >> same peer identity. While there are valid reasons for keys >> to change from time to time, that ought be the exception, >> hence the suggested warning." > > > > Thanks! > > Ben. > > > > > On Jun 25, 2012, at 6:07 PM, Christer Holmberg wrote: > >> Hi, >> >> Based on Ben's comments, I've submitted a new version (-06) of the cema draft, with some modifications in the security considerations section. The new text should address Ben's issues and suggestions. >> >> Regards, >> >> Christer >> _______________________________________________ >> Simple mailing list >> Simple@ietf.org >> https://www.ietf.org/mailman/listinfo/simple >
- [Simple] Draft new version: draft-ietf-simple-msr… Christer Holmberg
- Re: [Simple] Draft new version: draft-ietf-simple… Ben Campbell
- Re: [Simple] Draft new version: draft-ietf-simple… Ben Campbell
- Re: [Simple] Draft new version: draft-ietf-simple… Ben Campbell
- Re: [Simple] Draft new version: draft-ietf-simple… DOLLY, MARTIN C
- Re: [Simple] Draft new version: draft-ietf-simple… Nancy Greene