Re: [sipcore] AD Evaluation of draft-holmberg-dispatch-rfc7315-updates-06
"Ben Campbell" <ben@nostrum.com> Tue, 21 June 2016 15:22 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FBEC12D96B; Tue, 21 Jun 2016 08:22:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.326
X-Spam-Level:
X-Spam-Status: No, score=-3.326 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.426] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g-ADxtN0SpZQ; Tue, 21 Jun 2016 08:22:29 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20C7912D96A; Tue, 21 Jun 2016 08:22:29 -0700 (PDT)
Received: from [10.0.1.4] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id u5LFMOTs069706 (version=TLSv1 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Tue, 21 Jun 2016 10:22:25 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.4]
From: Ben Campbell <ben@nostrum.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>
Date: Tue, 21 Jun 2016 10:22:24 -0500
Message-ID: <54648860-7461-4A4E-948A-A1C9FAAC7FFC@nostrum.com>
In-Reply-To: <D38ED131.B2A5%christer.holmberg@ericsson.com>
References: <87A3DCDE-B8BC-4ADE-8129-70A4C0E92C3D@nostrum.com> <D38ED131.B2A5%christer.holmberg@ericsson.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Mailer: MailMate (1.9.4r5234)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/EFMPTHDlw-fJE-RNUleAIGxA81I>
Cc: SIPCORE <sipcore@ietf.org>, "draft-holmberg-dispatch-rfc7315-updates.all@ietf.org" <draft-holmberg-dispatch-rfc7315-updates.all@ietf.org>
Subject: Re: [sipcore] AD Evaluation of draft-holmberg-dispatch-rfc7315-updates-06
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jun 2016 15:22:30 -0000
That's a good start, but don't be surprised if we get questions specifically about adding NPLI to ACK requests. some language to the effect of the following might help: "This document adds the ability to include P-Access-Network-Info in ACK requests. As documented in RFC7315, P-Access-Network-Info may include privacy sensitive information, including the user's location. The security and privacy considerations for P-Access-Network-Info in ACK requests are similar to those for the other SIP requests discussed in RFC7315." Thanks! Ben. On 21 Jun 2016, at 3:26, Christer Holmberg wrote: > Hi Ben, > > See inline. > >> -------------- >> >> Substantive: >> >> The security considerations state that the draft removes some places >> that some of the P-Headers can be sent, but expands that to some >> other >> places. Further, it says that neither introduce new security >> considerations beyond those in 7315. >> >> I accept that for the reduction part. But I'm not sure we can state >> that >> sort of thing for the expansion part, at least without some more >> discussion. Since 7315 already acknowledges potential privacy issues >> around P-Access-Network-Info, I'd like to at least see a sentence or >> two >> about the allowance of that in ACK requests, even if they just say >> that >> this addition makes things no worse than they already are. > > > OLD: > > The security considerations for P- header fields are defined in > [RFC7315]. This specification allows some header fields to be > present in messages where they were previously not allowed, and > disallow some header fields to be present in messages where they > were > previously allowed. That does not cause any security issues, but > implementations need to be aware that implementations may not have > been updated according to this document, and take proper actions if > a > header field occur, or does not occur, in a message where it should > occur (or occurs in a message where it should not occur). > > > > NEW: > > The security considerations for these P- header fields are defined in > [RFC7315]. This specification allows some header fields to be > present in messages where they were previously not allowed, and the > security considerations and assumptions (e.g. regarding only sending > Information to trusted entities) also to those messages. In addition, > this specification also disallow some header fields to be present > in message where they were previously allowed. That does not cause > any security issues, but implementations need to be aware that > implementations may not have been updated according to this document, > and take proper actions if a header field occur, or does not occur, > in a message where it should occur (or occurs in a message where it > should not occur). > > > >> Editorial: >> >> -5, first sentence: "The security considerations for P- header fields >> are defined in >> [RFC7315]" >> I assume this means 7315 discusses the security considerations for >> these >> P-Headers specifically, not P-Headers in general. Is this the intent? >> If >> so, I suggest: >> >> s/... for P-header fields.../ ... for these P-header fields... > > I¹ll fix as suggested (ass new text above). > > Regards, > > Christer
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Christer Holmberg
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Ben Campbell
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Christer Holmberg
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Christer Holmberg
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Christer Holmberg
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Gonzalo Salgueiro (gsalguei)
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Ben Campbell
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Christer Holmberg
- [sipcore] AD Evaluation of draft-holmberg-dispatc… Ben Campbell
- [sipcore] AD Evaluation of draft-holmberg-dispatc… Ben Campbell
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Ben Campbell