[Sip] Publication request of draft-ietf-sip-fork-loop-fix
"DRAGE, Keith \(Keith\)" <drage@alcatel-lucent.com> Tue, 08 July 2008 08:39 UTC
Return-Path: <sip-bounces@ietf.org>
X-Original-To: sip-archive@optimus.ietf.org
Delivered-To: ietfarch-sip-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F3E8928C103; Tue, 8 Jul 2008 01:39:16 -0700 (PDT)
X-Original-To: sip@core3.amsl.com
Delivered-To: sip@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A23FE28C145 for <sip@core3.amsl.com>; Tue, 8 Jul 2008 01:39:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z407P953Lu41 for <sip@core3.amsl.com>; Tue, 8 Jul 2008 01:39:14 -0700 (PDT)
Received: from ihemail4.lucent.com (ihemail4.lucent.com [135.245.0.39]) by core3.amsl.com (Postfix) with ESMTP id 25B703A6A3A for <sip@ietf.org>; Tue, 8 Jul 2008 01:39:14 -0700 (PDT)
Received: from ilexp02.ndc.lucent.com (h135-3-39-2.lucent.com [135.3.39.2]) by ihemail4.lucent.com (8.13.8/IER-o) with ESMTP id m688dGb2025715 for <sip@ietf.org>; Tue, 8 Jul 2008 03:39:20 -0500 (CDT)
Received: from DEEXP02.DE.lucent.com ([135.248.187.66]) by ilexp02.ndc.lucent.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 8 Jul 2008 03:39:16 -0500
Received: from DEEXC1U01.de.lucent.com ([135.248.187.20]) by DEEXP02.DE.lucent.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 8 Jul 2008 10:39:10 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Tue, 08 Jul 2008 10:39:09 +0200
Message-ID: <5D1A7985295922448D5550C94DE29180020D8AE7@DEEXC1U01.de.lucent.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Publication request of draft-ietf-sip-fork-loop-fix
Thread-Index: Acjg1hbx7fADVXUqRhKVtdenzO2+5A==
From: "DRAGE, Keith (Keith)" <drage@alcatel-lucent.com>
To: sip@ietf.org
X-OriginalArrivalTime: 08 Jul 2008 08:39:10.0263 (UTC) FILETIME=[178A6C70:01C8E0D6]
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.39
Subject: [Sip] Publication request of draft-ietf-sip-fork-loop-fix
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: sip-bounces@ietf.org
Errors-To: sip-bounces@ietf.org
(As SIP WG cochair) I have just requested publication of draft-ietf-sip-fork-loop-fix-07 as a proposed standard. The PROTO writeup follows: PROTO writeup for http://www.ietf.org/internet-drafts/draft-ietf-sip-fork- loop-fix-07.txt: " Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies" (1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this version of the document and, in particular, does he or she believe this version is ready for forwarding to the IESG for publication? Keith Drage The document has been reviewed and is ready for forwarding to IESG for publication as a proposed standard. (1.b) Has the document had adequate review both from key WG members and from key non-WG members? Does the Document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? Document history: * draft-lawrence-maxforward-problems-00 was submitted 16th October 2005 and expired 19th April 2006. * draft-ietf-sip-fork-loop-fix-00 was submitted 1st March 2006 and expired on 1st September 2006. * draft-ietf-sip-fork-loop-fix-01 was submitted 4th April 2006 and expired on 4th October 2006. * draft-ietf-sip-fork-loop-fix-02 was submitted 27th June 2006 and expired on 27th December 2006. * draft-ietf-sip-fork-loop-fix-03 was submitted 7th September 2006 and expired on 7th March 2007. * draft-ietf-sip-fork-loop-fix-04 was submitted 21st October 2006 and expired on 24th April 2007. * draft-ietf-sip-fork-loop-fix-05 was submitted 7th March 2007 and expired on 8th September 2007. * draft-ietf-sip-fork-loop-fix-06 was submitted on 3rd November 2007 and expired on 6th May 2008. * draft-ietf-sip-fork-loop-fix-07 was submitted on 3rd July 2008 and expires on 4th January 2009. WGLC was initiated in the SIP WG on draft-ietf-sip-fork-loop-fix-01 on 10th April 2006 with comments requested by 7th May 2006. Review was made and comments were received from: Christer Holmberg, Jonathan Rosenberg, Vijay Gurbani, Cullen Jennings, Jeroen van Bemmel, Ravishankar Shiroor, Dale Worley, Scott Lawrence, Samir Srivastava, Peter Cordell, Thomas Froment, Juha Heinanen, Thomas Leseney, David Benoit, Kasturi Narayanan, Atul Kumar Jha, Theo Zourzouvillys, Paul Kyzivat, Dean Willis, Michael Thomas, Eric Rescorla. Key discussion issues have been: * Selection of a hash algorithm to be used. Section 4.2.3 of the document indicates the results of the discussion in this area. * Identification of a more optimal loop detection algorithm (see draft- campen-sipping-stack-loop-detect-00) which was not proceeded with, as it could not be shown to provide significant improvements for a standards track solution. Some elements of the original proposal were split out in draft-sparks- sipping-max-breadth-00 and draft-campen-sipping-stack-loop-detect-00. There was also further input in draft-srivastava-sipping-loop-avoidance-00. These documents have not been proceeded with. The -05 version of the document was submitted to IESG on 2nd April 2007, and was returned from IESG on 13th December 2007. SecDir review of the -05 version submitted for publication uncovered a variation of the attack described in this document that was not reasonably mitigated with loop- detection alone. The document went back to the working group and the max- breadth mechanism (draft-sparks-sipping-max-breadth-01), which was already being discussed separately, was added to this document to address the identified risk. WGLC was initiated in the SIP WG on draft-ietf-sip-fork-loop-fix-06 on 7th December 2007 with comments requested by 21st December 2007. There was only one response to this WGLC and this was a late response from Jan Kolomaznik. (1.c) Does the Document Shepherd have concerns that the document needs more review from a particular or broader perspective, e.g., security, operational complexity, someone familiar with AAA, internationalization or XML? The document defines mechanisms that are entirely internal to the Session Initiation Protocol (SIP). The document shepherd considers that no external review from an external specialist is necessary. (1.d) Does the Document Shepherd have any specific concerns or issues with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. The document provides a correction to the existing SIP protocol defined in RFC 3261. The problem has been identified as part of the SIPit interoperability testing. The document shepherd has no concerns with the document. (1.e) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? The proposal has had wide discussion in all aspects in the WG and key be represented as having consensus amongst all key individuals. (1.f) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is entered into the ID Tracker.) None indicated. (1.g) Has the Document Shepherd personally verified that the document satisfies all ID nits? (See http://www.ietf.org/ID-Checklist.html and http://tools.ietf.org/tools/idnits/). Boilerplate checks are not enough; this check needs to be thorough. Has the document met all formal review criteria it needs to, such as the MIB Doctor, media type and URI type reviews? Normally SIP documents should conform to RFC 4485. However as this document identifies a correction to RFC 3261, it does not need to follow those guidelines, but merely has to state the changed to RFC 3261. There are no conformance issues with RFC 3427. For ID-NITS the checks against idnits 2.08.10 report no NITS found. (1.h) Has the document split its references into normative and informative? Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the strategy for their completion? Are there normative references that are downward references, as described in [RFC3967]? If so, list these downward references to support the Area Director in the Last Call procedure for them [RFC3967]. The document has appropriately split its references into normative and informative references. All the normative references are now published standards track RFCs. There is one informative reference (draft-ietf-sip-outbound) that is not yet published. (1.i) Has the Document Shepherd verified that the document IANA consideration section exists and is consistent with the body of the document? If the document specifies protocol extensions, are reservations requested in appropriate IANA registries? Are the IANA registries clearly identified? If the document creates a new registry, does it define the proposed initial contents of the registry and an allocation procedure for future registrations? Does it suggested a reasonable name for the new registry? See [I-D.narten-iana-considerations-rfc2434bis]. If the document describes an Expert Review process has Shepherd conferred with the Responsible Area Director so that the IESG can appoint the needed Expert during the IESG Evaluation? The document defines one new header field, and one new response code. The process for adding these is defined in RFC 3427 and those requirements have been completed with. The IANA registrations have been verified to be in conformance with the existing IANA registries. (1.j) Has the Document Shepherd verified that sections of the document that are written in a formal language, such as XML code, BNF rules, MIB definitions, etc., validate correctly in an automated checker? The document defines a Max-Breadth header field, defined using ABNF. This is trivial and has been verified to be correct by inspection only. (1.k) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Writeup? Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary This document normatively updates RFC 3261, the Session Initiation Protocol (SIP), to address a security vulnerability identified in SIP proxy behavior. This vulnerability enables an attack against SIP networks where a small number of legitimate, even authorized, SIP requests can stimulate massive amounts of proxy-to-proxy traffic. This document strengthens loop-detection requirements on SIP proxies when they fork requests (that is, forward a request to more than one destination). It also corrects and clarifies the description of the loop-detection algorithm such proxies are required to implement. Additionally, this document defines a Max-Breadth mechanism for limiting the number of concurrent branches pursued for any given request. Working Group Summary The document was produced by the SIP working group. There is consensus in the WG to publish this document. Document Quality The document has been produced as a result of an issue identified during SIPit interoperability testing. Personnel Keith Drage is the document shepherd for this document. Cullen Jennings is the responsible Area Director. The IANA Expert(s) for the registries in this document are <TO BE ADDED BY THE AD>. _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- [Sip] Publication request of draft-ietf-sip-fork-… DRAGE, Keith (Keith)