IETF Logo Mail Archive

RE: [Sip] Last Call: DHCPv6 Options for SIP Servers to Proposed Standard

"Christian Huitema" <huitema@windows.microsoft.com> Tue, 28 May 2002 16:16 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA23621 for <sip-archive@odin.ietf.org>; Tue, 28 May 2002 12:16:19 -0400 (EDT)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id MAA26141 for sip-archive@odin.ietf.org; Tue, 28 May 2002 12:16:43 -0400 (EDT)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id LAA23309; Tue, 28 May 2002 11:51:49 -0400 (EDT)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id LAA23232 for <sip@optimus.ietf.org>; Tue, 28 May 2002 11:51:45 -0400 (EDT)
Received: from mail2.microsoft.com (mail2.microsoft.com [131.107.3.124]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA22673; Tue, 28 May 2002 11:51:20 -0400 (EDT)
Received: from INET-VRS-02.redmond.corp.microsoft.com ([157.54.8.110]) by mail2.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Tue, 28 May 2002 08:51:10 -0700
Received: from 157.54.6.150 by INET-VRS-02.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Tue, 28 May 2002 08:51:10 -0700
Received: from red-imc-04.redmond.corp.microsoft.com ([157.54.2.168]) by inet-hub-05.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Tue, 28 May 2002 08:51:10 -0700
Received: from win-imc-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.84]) by red-imc-04.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.2966); Tue, 28 May 2002 08:51:10 -0700
Received: from win-msg-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.134]) by win-imc-02.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3590.0); Tue, 28 May 2002 08:51:09 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.0.6177.0
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Subject: RE: [Sip] Last Call: DHCPv6 Options for SIP Servers to Proposed Standard
Date: Tue, 28 May 2002 08:51:09 -0700
Message-ID: <F66A04C29AD9034A8205949AD0C9010401C0E538@win-msg-02.wingroup.windeploy.ntdev.microsoft.com>
Thread-Topic: [Sip] Last Call: DHCPv6 Options for SIP Servers to Proposed Standard
thread-index: AcIByNPUE2XbCWMZTheCqot6fIRBLgElfF6g
From: Christian Huitema <huitema@windows.microsoft.com>
To: iesg@ietf.org
Cc: sip@ietf.org
X-OriginalArrivalTime: 28 May 2002 15:51:09.0875 (UTC) FILETIME=[7C699830:01C2065F]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by optimus.ietf.org id LAA23235
Sender: sip-admin@ietf.org
Errors-To: sip-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Session Initiation Protocol <sip.ietf.org>
X-BeenThere: sip@ietf.org
Content-Transfer-Encoding: 8bit

I have a major issue with this spec, namely that the security problems
are not addressed. The security section correctly lists one of the main
security threats, the spoofing of a DHCP server:

   The security considerations in RFC XXXX [1], RFC 3261 [2] and RFC
   3263 [3] apply. If an adversary manages to modify the response from a
   DHCP server or insert its own response, a SIP user agent could be led
   to contact a rogue SIP server, possibly one that then intercepts call
   requests or denies service. A modified DHCP answer could also omit
   host names that translated to TLS-based SIP servers, thus
   facilitating intercept.

This is a very real attack, especially in the deployment phase of IPv6,
when there may not even be an actual DHCPv6 server on the local network.
Think for example of an 802.11 hotpoint, in which any enterprising
attacker could publish his very own DHCPv6 server. Yet, the security
work seems to stop here. There is no attempt at mitigating the attack.
IMHO, we should not publish a spec that open the door for a grave attack
and offers no mitigation.

-- Christian Huitema

> -----Original Message-----
> From: The IESG [mailto:iesg-secretary@ietf.org]
> Sent: Wednesday, May 22, 2002 12:21 PM
> Cc: sip@ietf.org
> Subject: [Sip] Last Call: DHCPv6 Options for SIP Servers to Proposed
> Standard
> 
> 
> The IESG has received a request from the Session Initiation Protocol
> Working Group to consider DHCPv6 Options for SIP Servers
> <draft-ietf-sip-dhcpv6-00.txt> as a Proposed Standard.
> 
> The IESG plans to make a decision in the next few weeks, and solicits
> final comments on this action.  Please send any comments to the
> iesg@ietf.org or ietf@ietf.org mailing lists by June 5, 2002.
> 
> Files can be obtained via
> http://www.ietf.org/internet-drafts/draft-ietf-sip-dhcpv6-00.txt
> 
> 
> 
> 
> 
> _______________________________________________
> Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
> This list is for NEW development of the core SIP Protocol
> Use sip-implementors@cs.columbia.edu for questions on current sip
> Use sipping@ietf.org for new developments on the application of sip

_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip

v2.23.0 | Report a Bug | By Email