Re: [sipcore] AD Evaluation of draft-holmberg-dispatch-rfc7315-updates-06
Christer Holmberg <christer.holmberg@ericsson.com> Wed, 22 June 2016 15:11 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5669512DC59; Wed, 22 Jun 2016 08:11:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ep8z52fLHdXA; Wed, 22 Jun 2016 08:11:15 -0700 (PDT)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C1D712D8B1; Wed, 22 Jun 2016 07:59:12 -0700 (PDT)
X-AuditID: c1b4fb30-f79486d0000069d0-dc-576aa7beef25
Received: from ESESSHC003.ericsson.se (Unknown_Domain [153.88.183.27]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id 11.9E.27088.EB7AA675; Wed, 22 Jun 2016 16:59:10 +0200 (CEST)
Received: from ESESSMB209.ericsson.se ([169.254.9.241]) by ESESSHC003.ericsson.se ([153.88.183.27]) with mapi id 14.03.0294.000; Wed, 22 Jun 2016 16:59:05 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Ben Campbell <ben@nostrum.com>
Thread-Topic: AD Evaluation of draft-holmberg-dispatch-rfc7315-updates-06
Thread-Index: AQHRyynLvjd673syp0uC1ZoRFIN0E5/zqNkAgABAuACAABb4AIAAxKC3gABjCACAAEnXgIAAJODG
Date: Wed, 22 Jun 2016 14:59:04 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B380FFF70@ESESSMB209.ericsson.se>
References: <87A3DCDE-B8BC-4ADE-8129-70A4C0E92C3D@nostrum.com> <D38ED131.B2A5%christer.holmberg@ericsson.com> <54648860-7461-4A4E-948A-A1C9FAAC7FFC@nostrum.com> <83801023-F21E-417C-B49C-49820CCE4DF2@cisco.com> <7594FB04B1934943A5C02806D1A2204B380FB854@ESESSMB209.ericsson.se> <D3901671.B451%christer.holmberg@ericsson.com>, <8D74E280-1141-469D-9627-23E38A2F9478@nostrum.com>
In-Reply-To: <8D74E280-1141-469D-9627-23E38A2F9478@nostrum.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: multipart/alternative; boundary="_000_7594FB04B1934943A5C02806D1A2204B380FFF70ESESSMB209erics_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrKIsWRmVeSWpSXmKPExsUyM2K7tO6+5VnhBlu7lC3md55mt1j9ehar xdwpfhZff2xic2DxmPJ7I6vHkiU/mTxm7XzCEsAcxWWTkpqTWZZapG+XwJWxdMpVloKG+YwV k/4vZ25g7Ohg7GLk5JAQMJHoftTFBGGLSVy4t56ti5GLQ0jgCKPE1p51rBDOEkaJa/OnAmU4 ONgELCS6/2mDNIgIKEk8b97KAlLDLLCbUeLq7FfMIAlhAQ+JR4f2MUIUeUpc/L2RHcKOklg/ eysriM0ioCoxb+lpsHpeAV+JVcf7GSGW/WeS2POliRFkGaeAvUTDBSOQGkag676fWgN2KbOA uETTl5WsEFcLSCzZc54ZwhaVePn4HytETb7ErMkPWSHmC0qcnPmEZQKjyCwk7bOQlM1CUgYR N5D48v42lK0tsWzha2YIW1+i+/1pJmTxBYzsqxhFi1OLk3LTjYz0Uosyk4uL8/P08lJLNjEC I+/glt8GOxhfPnc8xCjAwajEw/tgR2a4EGtiWXFl7iFGCQ5mJRHewqVZ4UK8KYmVValF+fFF pTmpxYcYpTlYlMR5/V8qhgsJpCeWpGanphakFsFkmTg4pRoYl30Ktg36WqOz592RrXONZ1/d cM3+0aM1zrLbJ27NvBNz+4vTTtUX6feKql5cixbbqSSnnLa4ed/ztx8k77Wr5nffLv7d6Jwz d5lzcljoZTsuzydXf965uT50YtKV8Lef89aorlnHPvGsqFj7ks1ebXpzPmuceTjpyNJbIgHf stW1jRi8vEQ/flViKc5INNRiLipOBAADcH7PuAIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/EPPTxfbfNIVaTQwMgLdal02DfKs>
Cc: SIPCORE <sipcore@ietf.org>, Gonzalo Salgueiro <gsalguei@cisco.com>, "draft-holmberg-dispatch-rfc7315-updates.all@ietf.org" <draft-holmberg-dispatch-rfc7315-updates.all@ietf.org>
Subject: Re: [sipcore] AD Evaluation of draft-holmberg-dispatch-rfc7315-updates-06
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jun 2016 15:11:19 -0000
Good :) Is it ok of I submit a new version of the draft? That way the new text will be available during IETF last call. Regards, Christer Sent from my Windows Phone ________________________________ From: Ben Campbell<mailto:ben@nostrum.com> Sent: 22/06/2016 17:47 To: Christer Holmberg<mailto:christer.holmberg@ericsson.com> Cc: Gonzalo Salgueiro<mailto:gsalguei@cisco.com>; draft-holmberg-dispatch-rfc7315-updates.all@ietf.org<mailto:draft-holmberg-dispatch-rfc7315-updates.all@ietf.org>; SIPCORE<mailto:sipcore@ietf.org> Subject: Re: AD Evaluation of draft-holmberg-dispatch-rfc7315-updates-06 Works for me. Thanks! Ben. On 22 Jun 2016, at 2:18, Christer Holmberg wrote: > Hi, > > NEW: > > ”The security considerations for these P- header fields are > defined in > [RFC7315]. This specification allows some header fields to be > present in messages where they were previously not allowed, and the > security considerations and assumptions (e.g. regarding only > sending > Information to trusted entities) also to those messages. In > addition, > this specification also disallow some header fields to be present > in message where they were previously allowed. That does not cause > any security issues, but implementations need to be aware that > implementations may not have been updated according to this > document, > and take proper actions if a header field occur, or does not occur, > in a message where it should occur (or occurs in a message where it > should not occur). This document adds the ability to include > P-Access-Network-Info in ACK requests. As documented in [RFC7315], > P-Access-Network-Info may include privacy sensitive information, > including > the user's location. The security and privacy considerations for > P-Access-Network-Info in ACK requests are similar to those for the > other > SIP requests discussed in [RFC7315].” > > Regards, > > Christer > > > From: Christer Holmberg > <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>> > Date: Wednesday 22 June 2016 at 05:28 > To: "gsalguei@cisco.com<mailto:gsalguei@cisco.com>" > <gsalguei@cisco.com<mailto:gsalguei@cisco.com>>, Ben Campbell > <ben@nostrum.com<mailto:ben@nostrum.com>> > Cc: > "draft-holmberg-dispatch-rfc7315-updates.all@ietf.org<mailto:draft-holmberg-dispatch-rfc7315-updates.all@ietf.org>" > <draft-holmberg-dispatch-rfc7315-updates.all@ietf.org<mailto:draft-holmberg-dispatch-rfc7315-updates.all@ietf.org>>, > "sipcore@ietf.org<mailto:sipcore@ietf.org>" > <sipcore@ietf.org<mailto:sipcore@ietf.org>> > Subject: RE: AD Evaluation of > draft-holmberg-dispatch-rfc7315-updates-06 > Resent-From: <alias-bounces@ietf.org<mailto:alias-bounces@ietf.org>> > Resent-To: Christer Holmberg > <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>>, > Nevenka Biondic > <nevenka.biondic@ericsson.com<mailto:nevenka.biondic@ericsson.com>>, > "gsalguei@cisco.com<mailto:gsalguei@cisco.com>" > <gsalguei@cisco.com<mailto:gsalguei@cisco.com>>, Ben Campbell > <ben@nostrum.com<mailto:ben@nostrum.com>>, "A. Mahoney" > <mahoney@nostrum.com<mailto:mahoney@nostrum.com>> > Resent-Date: Wednesday 22 June 2016 at 05:28 > > Hi, > > We can add the text. > > Regards, > > Christer > > Sent from my Windows Phone > ________________________________ > From: Gonzalo Salgueiro (gsalguei)<mailto:gsalguei@cisco.com> > Sent: 21/06/2016 19:44 > To: Ben Campbell<mailto:ben@nostrum.com> > Cc: Christer Holmberg<mailto:christer.holmberg@ericsson.com>; > draft-holmberg-dispatch-rfc7315-updates.all@ietf.org<mailto:draft-holmberg-dispatch-rfc7315-updates.all@ietf.org>; > SIPCORE<mailto:sipcore@ietf.org> > Subject: Re: AD Evaluation of > draft-holmberg-dispatch-rfc7315-updates-06 > > >> On Jun 21, 2016, at 11:22 AM, Ben Campbell >> <ben@nostrum.com<mailto:ben@nostrum.com>> wrote: >> >> That's a good start, but don't be surprised if we get questions >> specifically about adding NPLI to ACK requests. some language to the >> effect of the following might help: >> >> "This document adds the ability to include P-Access-Network-Info in >> ACK requests. As documented in RFC7315, P-Access-Network-Info may >> include privacy sensitive information, including the user's location. >> The security and privacy considerations for P-Access-Network-Info in >> ACK requests are similar to those for the other SIP requests >> discussed in RFC7315.” > > I’m fine with adding such text. > > Christer - Can we append this to your proposed text? > > Gonzalo > > >> >> Thanks! >> >> Ben. >> >> On 21 Jun 2016, at 3:26, Christer Holmberg wrote: >> >>> Hi Ben, >>> >>> See inline. >>> >>>> -------------- >>>> >>>> Substantive: >>>> >>>> The security considerations state that the draft removes some >>>> places >>>> that some of the P-Headers can be sent, but expands that to some >>>> other >>>> places. Further, it says that neither introduce new security >>>> considerations beyond those in 7315. >>>> >>>> I accept that for the reduction part. But I'm not sure we can state >>>> that >>>> sort of thing for the expansion part, at least without some more >>>> discussion. Since 7315 already acknowledges potential privacy >>>> issues >>>> around P-Access-Network-Info, I'd like to at least see a sentence >>>> or two >>>> about the allowance of that in ACK requests, even if they just say >>>> that >>>> this addition makes things no worse than they already are. >>> >>> >>> OLD: >>> >>> The security considerations for P- header fields are defined in >>> [RFC7315]. This specification allows some header fields to be >>> present in messages where they were previously not allowed, and >>> disallow some header fields to be present in messages where they >>> were >>> previously allowed. That does not cause any security issues, but >>> implementations need to be aware that implementations may not have >>> been updated according to this document, and take proper actions >>> if a >>> header field occur, or does not occur, in a message where it >>> should >>> occur (or occurs in a message where it should not occur). >>> >>> >>> >>> NEW: >>> >>> The security considerations for these P- header fields are defined >>> in >>> [RFC7315]. This specification allows some header fields to be >>> present in messages where they were previously not allowed, and >>> the >>> security considerations and assumptions (e.g. regarding only sending >>> Information to trusted entities) also to those messages. In >>> addition, >>> this specification also disallow some header fields to be present >>> in message where they were previously allowed. That does not cause >>> any security issues, but implementations need to be aware that >>> implementations may not have been updated according to this >>> document, >>> and take proper actions if a header field occur, or does not occur, >>> in a message where it should occur (or occurs in a message where it >>> should not occur). >>> >>> >>> >>>> Editorial: >>>> >>>> -5, first sentence: "The security considerations for P- header >>>> fields >>>> are defined in >>>> [RFC7315]" >>>> I assume this means 7315 discusses the security considerations for >>>> these >>>> P-Headers specifically, not P-Headers in general. Is this the >>>> intent? If >>>> so, I suggest: >>>> >>>> s/... for P-header fields.../ ... for these P-header fields... >>> >>> I¹ll fix as suggested (ass new text above). >>> >>> Regards, >>> >>> Christer
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Christer Holmberg
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Ben Campbell
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Christer Holmberg
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Christer Holmberg
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Christer Holmberg
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Gonzalo Salgueiro (gsalguei)
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Ben Campbell
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Christer Holmberg
- [sipcore] AD Evaluation of draft-holmberg-dispatc… Ben Campbell
- [sipcore] AD Evaluation of draft-holmberg-dispatc… Ben Campbell
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Ben Campbell