RE: [Sip] Last Call: DHCPv6 Options for SIP Servers to Proposed Standard
"Christian Huitema" <huitema@windows.microsoft.com> Tue, 28 May 2002 17:15 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA25435 for <sip-archive@odin.ietf.org>; Tue, 28 May 2002 13:15:11 -0400 (EDT)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id NAA00487 for sip-archive@odin.ietf.org; Tue, 28 May 2002 13:15:36 -0400 (EDT)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id MAA28613; Tue, 28 May 2002 12:50:47 -0400 (EDT)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id MAA28540 for <sip@optimus.ietf.org>; Tue, 28 May 2002 12:50:43 -0400 (EDT)
Received: from mail1.microsoft.com (mail1.microsoft.com [131.107.3.125]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA24539; Tue, 28 May 2002 12:50:17 -0400 (EDT)
Received: from inet-vrs-01.redmond.corp.microsoft.com ([157.54.8.27]) by mail1.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Tue, 28 May 2002 09:50:11 -0700
Received: from 157.54.8.23 by inet-vrs-01.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Tue, 28 May 2002 09:50:11 -0700
Received: from red-imc-04.redmond.corp.microsoft.com ([157.54.2.168]) by inet-hub-01.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Tue, 28 May 2002 09:50:10 -0700
Received: from win-imc-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.84]) by red-imc-04.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.2966); Tue, 28 May 2002 09:50:10 -0700
Received: from win-msg-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.134]) by win-imc-02.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3590.0); Tue, 28 May 2002 09:50:10 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.0.6177.0
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Subject: RE: [Sip] Last Call: DHCPv6 Options for SIP Servers to Proposed Standard
Date: Tue, 28 May 2002 09:50:09 -0700
Message-ID: <F66A04C29AD9034A8205949AD0C9010401C0E539@win-msg-02.wingroup.windeploy.ntdev.microsoft.com>
Thread-Topic: [Sip] Last Call: DHCPv6 Options for SIP Servers to Proposed Standard
thread-index: AcIGY+cZgCz9UYC8TO+NqTOeZsi1HwAAayzA
From: Christian Huitema <huitema@windows.microsoft.com>
To: Henning Schulzrinne <hgs@cs.columbia.edu>
Cc: iesg@ietf.org, sip@ietf.org
X-OriginalArrivalTime: 28 May 2002 16:50:10.0190 (UTC) FILETIME=[BA9ACAE0:01C20667]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by optimus.ietf.org id MAA28542
Sender: sip-admin@ietf.org
Errors-To: sip-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Session Initiation Protocol <sip.ietf.org>
X-BeenThere: sip@ietf.org
Content-Transfer-Encoding: 8bit
There are multiple issues with your reference to the DHCPv6 draft. First, let me observe that the DHCPv6 draft proposes two security solutions, the use of "delayed authentication", which relies on a pre-shared key, and the use of IPSEC, for which key negotiation and key validation is not specified. At a minimum, the SIP option draft should explain how these mechanisms can be used to mitigate the SIP-specific security risks. We should also explain in which contexts these security mechanisms can be used. For example, the DHCPv6 draft states that: The "delayed authentication" protocol does not attempt to address situations where a client may roam from one administrative domain to another, i.e. interdomain roaming. This protocol is focused on solving the intradomain problem where the out-of-band exchange of a shared key is feasible. Shall we conclude that the SIP option should not be used in roaming scenarios? If that is the case, then we have a serious application domain restriction, which should be very clearly stated in the SIP option draft. If you actually want to address a roaming scenario, then you have to describe how you are going to use IPSEC between the server and the client, and how you are going to validate the IPSEC keys. The DHCPv6 document itself is still a draft. Since you need a normative reference, the publication of the SIP option has to be gated by the publication of DHCPv6 itself. Finally, there are security issues with the very concept of an outgoing proxy, which is essentially a "man-in-the-middle" by design. I would expect SIP agents to perform some level of validation before they decide to use the outgoing proxy proposed by the local network. In most roaming scenarios, the SIP agent will probably elect to simply maintain a secure connection with its "home server", and ignore the local proxy -- just like most mail agent simply get their mail using an IMAP or POP3 connection to their mail server, instead of forwarding the mail to a local server. -- Christian Huitema > -----Original Message----- > From: Henning Schulzrinne [mailto:hgs@cs.columbia.edu] > Sent: Tuesday, May 28, 2002 9:22 AM > To: Christian Huitema > Cc: iesg@ietf.org; sip@ietf.org > Subject: Re: [Sip] Last Call: DHCPv6 Options for SIP Servers to Proposed > Standard > > Christian, > > thanks for your comment. I'm slightly confused, however, why this > particular problem is any different for SIP servers than for any other, > non-SIP server identified by a DHCPv6 server. Also, Section 21 of > http://www.ietf.org/internet-drafts/draft-ietf-dhc-dhcpv6-25.txt > addresses this particular issue. Could you clarify your comments in > these two aspects? > > Henning > > Christian Huitema wrote: > > I have a major issue with this spec, namely that the security problems > > are not addressed. The security section correctly lists one of the main > > security threats, the spoofing of a DHCP server: > > > > The security considerations in RFC XXXX [1], RFC 3261 [2] and RFC > > 3263 [3] apply. If an adversary manages to modify the response from a > > DHCP server or insert its own response, a SIP user agent could be led > > to contact a rogue SIP server, possibly one that then intercepts call > > requests or denies service. A modified DHCP answer could also omit > > host names that translated to TLS-based SIP servers, thus > > facilitating intercept. > > > > This is a very real attack, especially in the deployment phase of IPv6, > > when there may not even be an actual DHCPv6 server on the local network. > > Think for example of an 802.11 hotpoint, in which any enterprising > > attacker could publish his very own DHCPv6 server. Yet, the security > > work seems to stop here. There is no attempt at mitigating the attack. > > IMHO, we should not publish a spec that open the door for a grave attack > > and offers no mitigation. > > > > -- Christian Huitema > > > > > >>-----Original Message----- > >>From: The IESG [mailto:iesg-secretary@ietf.org] > >>Sent: Wednesday, May 22, 2002 12:21 PM > >>Cc: sip@ietf.org > >>Subject: [Sip] Last Call: DHCPv6 Options for SIP Servers to Proposed > >>Standard > >> > >> > >>The IESG has received a request from the Session Initiation Protocol > >>Working Group to consider DHCPv6 Options for SIP Servers > >><draft-ietf-sip-dhcpv6-00.txt> as a Proposed Standard. > >> > >>The IESG plans to make a decision in the next few weeks, and solicits > >>final comments on this action. Please send any comments to the > >>iesg@ietf.org or ietf@ietf.org mailing lists by June 5, 2002. > >> > >>Files can be obtained via > >>http://www.ietf.org/internet-drafts/draft-ietf-sip-dhcpv6-00.txt > >> > >> > >> > >> > >> > >>_______________________________________________ > >>Sip mailing list https://www1.ietf.org/mailman/listinfo/sip > >>This list is for NEW development of the core SIP Protocol > >>Use sip-implementors@cs.columbia.edu for questions on current sip > >>Use sipping@ietf.org for new developments on the application of sip > > > > > > _______________________________________________ > > Sip mailing list https://www1.ietf.org/mailman/listinfo/sip > > This list is for NEW development of the core SIP Protocol > > Use sip-implementors@cs.columbia.edu for questions on current sip > > Use sipping@ietf.org for new developments on the application of sip > _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- [Sip] Last Call: DHCPv6 Options for SIP Servers t… The IESG
- [Sip] Last Call: DHCPv6 Options for SIP Servers t… The IESG
- RE: [Sip] Last Call: DHCPv6 Options for SIP Serve… Christian Huitema
- Re: [Sip] Last Call: DHCPv6 Options for SIP Serve… Henning Schulzrinne
- RE: [Sip] Last Call: DHCPv6 Options for SIP Serve… Christian Huitema
- Re: [Sip] Last Call: DHCPv6 Options for SIP Serve… Henning Schulzrinne
- RE: [Sip] Last Call: DHCPv6 Options for SIP Serve… Dean Willis
- RE: [Sip] Last Call: DHCPv6 Options for SIP Serve… Dean Willis
- RE: [Sip] Last Call: DHCPv6 Options for SIP Serve… Christian Huitema
- Re: [Sip] Last Call: DHCPv6 Options for SIP Serve… Henning Schulzrinne
- RE: [Sip] Last Call: DHCPv6 Options for SIP Serve… Christian Huitema
- RE: [Sip] Last Call: DHCPv6 Options for SIP Serve… Christian Huitema
- Re: [Sip] Last Call: DHCPv6 Options for SIP Serve… Jonathan Rosenberg
- RE: [Sip] Last Call: DHCPv6 Options for SIP Serve… Michael Thomas
- RE: [Sip] Last Call: DHCPv6 Options for SIP Serve… Christian Huitema
- RE: [Sip] Last Call: DHCPv6 Options for SIP Serve… Dean Willis
- RE: [Sip] Last Call: DHCPv6 Options for SIP Serve… Dean Willis
- RE: [Sip] Last Call: DHCPv6 Options for SIP Serve… Dean Willis
- RE: [Sip] Last Call: DHCPv6 Options for SIP Serve… Christian Huitema
- RE: [Sip] Last Call: DHCPv6 Options for SIP Serve… David R. Oran