RE: [Sip] SIP WG - 5 - Last Call Open Discussion - draft-ietf-sip-refer-02.txt
William Marshall <wtm@research.att.com> Fri, 28 December 2001 18:39 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA10560 for <sip-archive@odin.ietf.org>; Fri, 28 Dec 2001 13:39:00 -0500 (EST)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id NAA00417 for sip-archive@odin.ietf.org; Fri, 28 Dec 2001 13:39:03 -0500 (EST)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA29803; Fri, 28 Dec 2001 13:16:59 -0500 (EST)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA29772 for <sip@optimus.ietf.org>; Fri, 28 Dec 2001 13:16:57 -0500 (EST)
Received: from mail-blue.research.att.com (mail-blue.research.att.com [135.207.30.102]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA10417 for <sip@ietf.org>; Fri, 28 Dec 2001 13:16:53 -0500 (EST)
Received: from alliance.research.att.com (alliance.research.att.com [135.207.26.26]) by mail-blue.research.att.com (Postfix) with ESMTP id E64094CE34 for <sip@ietf.org>; Fri, 28 Dec 2001 13:16:54 -0500 (EST)
Received: from fish.research.att.com (fish.research.att.com [135.207.27.137]) by alliance.research.att.com (8.8.7/8.8.7) with ESMTP id NAA01146; Fri, 28 Dec 2001 13:16:51 -0500 (EST)
From: William Marshall <wtm@research.att.com>
Received: (from wtm@localhost) by fish.research.att.com (SGI-8.9.3/8.8.5) id NAA38120; Fri, 28 Dec 2001 13:18:05 -0500 (EST)
Date: Fri, 28 Dec 2001 13:18:05 -0500
Message-Id: <200112281818.NAA38120@fish.research.att.com>
To: sip@ietf.org
Subject: RE: [Sip] SIP WG - 5 - Last Call Open Discussion - draft-ietf-sip-refer-02.txt
Sender: sip-admin@ietf.org
Errors-To: sip-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Session Initiation Protocol <sip.ietf.org>
X-BeenThere: sip@ietf.org
Robert Sparks wrote, in part: > ... The current proposal > is to leave REFER as is, and specify usage of the parameters available > on the Referred-By header to get exactly the protection you describe for > the transfer application. I've looked through draft-ietf-sip-cc-transfer-05 again, and don't see it. What I see in the transfer draft is more of a "transferree/ transfer-target just do exactly as they are told, don't question anything, and it will work". The transferee and transfer target need some way to protect themselves from malicious REFER requests, and from malicious INVITES that contain Referred-By values. I'm afraid that if the restricted usage is documented in the transfer draft, then deployed implementations will accept ONLY the combinations of parameters given in the transfer draft, effectively cutting off new and different services. I feel a generic method is needed in the refer draft that achieves some level of protection against bogus and replayed requests, which can then be used (at the recipient's option) in all the flows appearing in call-control drafts. If the usage restrictions were to be included in the transfer draft, they would be something like: accept a REFER only within an active dialog; accept an INVITE with a Replaces header only if the Call-ID in the Replaces header matches an active dialog and the Referred-by header matches either From or To of the same dialog, etc. But these kind of restrictions kill the blind transfer case (6.1). But the transfer-target needs to know that the INVITE in step 9 is not a replay of an ancient REFER (step 7). If all the flows in the transfer draft were to be allowed, there would be no restrictions at all. Hardly a workable end state. Bill Marshall wtm@research.att.com -----original message----- From: Robert Sparks <rsparks@dynamicsoft.com> To: "'William Marshall'" <wtm@research.att.com>, sip@ietf.org Subject: RE: [Sip] SIP WG - 5 - Last Call Open Discussion - draft-ietf-sip -refer-02.txt Date: Thu, 27 Dec 2001 16:05:04 -0500 > -----Original Message----- > From: William Marshall [mailto:wtm@research.att.com] > Sent: Thursday, December 27, 2001 10:50 AM > To: sip@ietf.org > Subject: Re: [Sip] SIP WG - 5 - Last Call Open Discussion - > draft-ietf-sip-refer-02.txt > > > I don't believe there has been any conclusion posted about security > aspects of the Referred-By header, which I raised as issues in my > initial review of this draft. > > Without an adequate mechanism to verify the information in > the Referred-By > header, and to verify the timeliness of that information, the > header is > worse than useless. It should be removed from the draft. > > To repeat the problem, consider three parties, A, B, and C, where > A sends a REFER to B, causing B to send an INVITE to C. Procedures > exist whereby B can authenticate A; procedures also exist whereby > C can authenticate B. > > However, nothing prevents B from including a bogus Referred-By header > in its INVITE request to C. Nothing prevents B from including a > previously-valid-but-expired Referred-By header in its INVITE (i.e. > a form of replay attack). Anything done by C based on information > in the Referred-By header may be incorrect or harmful. Anything done by C based on information in the Referred-By header would be determined by the application using the primative. The first application we're talking about is Transfer. The current proposal is to leave REFER as is, and specify usage of the parameters available on the Referred-By header to get exactly the protection you describe for the transfer application. Are you objecting to this approach? If we actually remove the header, we will be left without a conduit between the REFER and the triggered action to include such procection mechanisms... RjS _______________________________________________ Sip mailing list http://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- Re: [Sip] SIP WG - 5 - Last Call Open Discussion … William Marshall
- RE: [Sip] SIP WG - 5 - Last Call Open Discussion … William Marshall
- Re: [Sip] SIP WG - 5 - Last Call Open Discussion … Michael Thomas
- Re: [Sip] SIP WG - 5 - Last Call Open Discussion … William Marshall
- RE: [Sip] SIP WG - 5 - Last Call Open Discussion … William Marshall
- REFER and third party authorization (was: [Sip] S… Michael Thomas
- [Sip] Re: REFER and third party authorization Dean Willis
- Re: [Sip] SIP WG - 5 - Last Call Open Discussion … Dean Willis