Re: [sipcore] AD Evaluation of draft-holmberg-dispatch-rfc7315-updates-06
Christer Holmberg <christer.holmberg@ericsson.com> Wed, 22 June 2016 07:19 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C3B412D17A; Wed, 22 Jun 2016 00:19:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QzpD9DC_WlaQ; Wed, 22 Jun 2016 00:19:01 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8BC912D0E5; Wed, 22 Jun 2016 00:19:00 -0700 (PDT)
X-AuditID: c1b4fb3a-f79386d00000467b-69-576a3be2cece
Received: from ESESSHC004.ericsson.se (Unknown_Domain [153.88.183.30]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id BA.A8.18043.2EB3A675; Wed, 22 Jun 2016 09:18:58 +0200 (CEST)
Received: from ESESSMB209.ericsson.se ([169.254.9.241]) by ESESSHC004.ericsson.se ([153.88.183.30]) with mapi id 14.03.0294.000; Wed, 22 Jun 2016 09:18:58 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>, "Gonzalo Salgueiro (gsalguei)" <gsalguei@cisco.com>, Ben Campbell <ben@nostrum.com>
Thread-Topic: AD Evaluation of draft-holmberg-dispatch-rfc7315-updates-06
Thread-Index: AQHRyynLvjd673syp0uC1ZoRFIN0E5/zqNkAgABAuACAABb4AIAAxKC3gABjCAA=
Date: Wed, 22 Jun 2016 07:18:57 +0000
Message-ID: <D3901671.B451%christer.holmberg@ericsson.com>
References: <87A3DCDE-B8BC-4ADE-8129-70A4C0E92C3D@nostrum.com> <D38ED131.B2A5%christer.holmberg@ericsson.com> <54648860-7461-4A4E-948A-A1C9FAAC7FFC@nostrum.com> <83801023-F21E-417C-B49C-49820CCE4DF2@cisco.com> <7594FB04B1934943A5C02806D1A2204B380FB854@ESESSMB209.ericsson.se>
In-Reply-To: <7594FB04B1934943A5C02806D1A2204B380FB854@ESESSMB209.ericsson.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.4.160422
x-originating-ip: [153.88.183.17]
Content-Type: multipart/alternative; boundary="_000_D3901671B451christerholmbergericssoncom_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrBIsWRmVeSWpSXmKPExsUyM2K7nO4j66xwg0WvTC3md55mt1j9ehar xdwpfhZff2xic2DxmPJ7I6vHkiU/mTxm7XzCEsAcxWWTkpqTWZZapG+XwJVx4+0k9oLl5xkr jm6+wN7A+OIkYxcjB4eEgInE0rWSXYycQKaYxIV769m6GLk4hASOMEqsarnFAuEsYZTYtmUK M0gDm4CFRPc/bZC4iEAvo8TXqRvAipgFJjJKnD85nQlklLCAh8Tc2XfAbBEBT4mLvzeyQ9h+ Em3b1rGB2CwCqhLXJ/wHi/MKWEksW9EMtW02k8TzeSuZQRKcQA3TW/aA2YxA930/tQZsKLOA uMStJ/OZIO4WkFiy5zwzhC0q8fLxP1YQW1RAT+LLvXlQbypKLO+Xg2iNl3h8fhULxF5BiZMz n7BMYBSbhWTqLCRls5CUQcS1JL782McGYStKTOl+yD4LaAOzgKbEm4e1EGFriVtbJqMoWcDI sYpRtDi1uDg33chIL7UoM7m4OD9PLy+1ZBMjMH4PbvlttYPx4HPHQ4wCHIxKPLwPdmSGC7Em lhVX5h5ilOBgVhLhTbHMChfiTUmsrEotyo8vKs1JLT7EKM3BoiTO6/9SMVxIID2xJDU7NbUg tQgmy8TBKdXAGH/31lvr+h0Lz63f62EczBjlyjVbi6tCUPHCf45lknHqQVvOZTsf2jR5q8dv Yf+0V2l+FWGP879bel+c0ndby8lB4L6mYvjkuboBhtmRvFfyfpoYfeM9Zrbz/y+phljv9cYF /+InHeHO/Pdy/b3jobOsjxv6JM366yy9XP6NqbbOlUOZNstfKLEUZyQaajEXFScCAAVc5x3b AgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/8V8jgtxe-L5N985EyXTnT6btnSo>
Cc: SIPCORE <sipcore@ietf.org>, "draft-holmberg-dispatch-rfc7315-updates.all@ietf.org" <draft-holmberg-dispatch-rfc7315-updates.all@ietf.org>
Subject: Re: [sipcore] AD Evaluation of draft-holmberg-dispatch-rfc7315-updates-06
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jun 2016 07:19:06 -0000
Hi, NEW: ”The security considerations for these P- header fields are defined in [RFC7315]. This specification allows some header fields to be present in messages where they were previously not allowed, and the security considerations and assumptions (e.g. regarding only sending Information to trusted entities) also to those messages. In addition, this specification also disallow some header fields to be present in message where they were previously allowed. That does not cause any security issues, but implementations need to be aware that implementations may not have been updated according to this document, and take proper actions if a header field occur, or does not occur, in a message where it should occur (or occurs in a message where it should not occur). This document adds the ability to include P-Access-Network-Info in ACK requests. As documented in [RFC7315], P-Access-Network-Info may include privacy sensitive information, including the user's location. The security and privacy considerations for P-Access-Network-Info in ACK requests are similar to those for the other SIP requests discussed in [RFC7315].” Regards, Christer From: Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>> Date: Wednesday 22 June 2016 at 05:28 To: "gsalguei@cisco.com<mailto:gsalguei@cisco.com>" <gsalguei@cisco.com<mailto:gsalguei@cisco.com>>, Ben Campbell <ben@nostrum.com<mailto:ben@nostrum.com>> Cc: "draft-holmberg-dispatch-rfc7315-updates.all@ietf.org<mailto:draft-holmberg-dispatch-rfc7315-updates.all@ietf.org>" <draft-holmberg-dispatch-rfc7315-updates.all@ietf.org<mailto:draft-holmberg-dispatch-rfc7315-updates.all@ietf.org>>, "sipcore@ietf.org<mailto:sipcore@ietf.org>" <sipcore@ietf.org<mailto:sipcore@ietf.org>> Subject: RE: AD Evaluation of draft-holmberg-dispatch-rfc7315-updates-06 Resent-From: <alias-bounces@ietf.org<mailto:alias-bounces@ietf.org>> Resent-To: Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>>, Nevenka Biondic <nevenka.biondic@ericsson.com<mailto:nevenka.biondic@ericsson.com>>, "gsalguei@cisco.com<mailto:gsalguei@cisco.com>" <gsalguei@cisco.com<mailto:gsalguei@cisco.com>>, Ben Campbell <ben@nostrum.com<mailto:ben@nostrum.com>>, "A. Mahoney" <mahoney@nostrum.com<mailto:mahoney@nostrum.com>> Resent-Date: Wednesday 22 June 2016 at 05:28 Hi, We can add the text. Regards, Christer Sent from my Windows Phone ________________________________ From: Gonzalo Salgueiro (gsalguei)<mailto:gsalguei@cisco.com> Sent: 21/06/2016 19:44 To: Ben Campbell<mailto:ben@nostrum.com> Cc: Christer Holmberg<mailto:christer.holmberg@ericsson.com>; draft-holmberg-dispatch-rfc7315-updates.all@ietf.org<mailto:draft-holmberg-dispatch-rfc7315-updates.all@ietf.org>; SIPCORE<mailto:sipcore@ietf.org> Subject: Re: AD Evaluation of draft-holmberg-dispatch-rfc7315-updates-06 > On Jun 21, 2016, at 11:22 AM, Ben Campbell <ben@nostrum.com<mailto:ben@nostrum.com>> wrote: > > That's a good start, but don't be surprised if we get questions specifically about adding NPLI to ACK requests. some language to the effect of the following might help: > > "This document adds the ability to include P-Access-Network-Info in ACK requests. As documented in RFC7315, P-Access-Network-Info may include privacy sensitive information, including the user's location. The security and privacy considerations for P-Access-Network-Info in ACK requests are similar to those for the other SIP requests discussed in RFC7315.” I’m fine with adding such text. Christer - Can we append this to your proposed text? Gonzalo > > Thanks! > > Ben. > > On 21 Jun 2016, at 3:26, Christer Holmberg wrote: > >> Hi Ben, >> >> See inline. >> >>> -------------- >>> >>> Substantive: >>> >>> The security considerations state that the draft removes some places >>> that some of the P-Headers can be sent, but expands that to some other >>> places. Further, it says that neither introduce new security >>> considerations beyond those in 7315. >>> >>> I accept that for the reduction part. But I'm not sure we can state that >>> sort of thing for the expansion part, at least without some more >>> discussion. Since 7315 already acknowledges potential privacy issues >>> around P-Access-Network-Info, I'd like to at least see a sentence or two >>> about the allowance of that in ACK requests, even if they just say that >>> this addition makes things no worse than they already are. >> >> >> OLD: >> >> The security considerations for P- header fields are defined in >> [RFC7315]. This specification allows some header fields to be >> present in messages where they were previously not allowed, and >> disallow some header fields to be present in messages where they were >> previously allowed. That does not cause any security issues, but >> implementations need to be aware that implementations may not have >> been updated according to this document, and take proper actions if a >> header field occur, or does not occur, in a message where it should >> occur (or occurs in a message where it should not occur). >> >> >> >> NEW: >> >> The security considerations for these P- header fields are defined in >> [RFC7315]. This specification allows some header fields to be >> present in messages where they were previously not allowed, and the >> security considerations and assumptions (e.g. regarding only sending >> Information to trusted entities) also to those messages. In addition, >> this specification also disallow some header fields to be present >> in message where they were previously allowed. That does not cause >> any security issues, but implementations need to be aware that >> implementations may not have been updated according to this document, >> and take proper actions if a header field occur, or does not occur, >> in a message where it should occur (or occurs in a message where it >> should not occur). >> >> >> >>> Editorial: >>> >>> -5, first sentence: "The security considerations for P- header fields >>> are defined in >>> [RFC7315]" >>> I assume this means 7315 discusses the security considerations for these >>> P-Headers specifically, not P-Headers in general. Is this the intent? If >>> so, I suggest: >>> >>> s/... for P-header fields.../ ... for these P-header fields... >> >> I¹ll fix as suggested (ass new text above). >> >> Regards, >> >> Christer
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Christer Holmberg
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Ben Campbell
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Christer Holmberg
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Christer Holmberg
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Christer Holmberg
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Gonzalo Salgueiro (gsalguei)
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Ben Campbell
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Christer Holmberg
- [sipcore] AD Evaluation of draft-holmberg-dispatc… Ben Campbell
- [sipcore] AD Evaluation of draft-holmberg-dispatc… Ben Campbell
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Ben Campbell