Re: [sipcore] Comments on draft-ietf-sipcore-keep-05
Christer Holmberg <christer.holmberg@ericsson.com> Wed, 13 October 2010 15:27 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: sipcore@core3.amsl.com
Delivered-To: sipcore@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4EDC43A6970 for <sipcore@core3.amsl.com>; Wed, 13 Oct 2010 08:27:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.013
X-Spam-Level:
X-Spam-Status: No, score=-6.013 tagged_above=-999 required=5 tests=[AWL=0.586, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gsi2OIwbhPYv for <sipcore@core3.amsl.com>; Wed, 13 Oct 2010 08:27:04 -0700 (PDT)
Received: from mailgw10.se.ericsson.net (mailgw10.se.ericsson.net [193.180.251.61]) by core3.amsl.com (Postfix) with ESMTP id 75F8A3A6956 for <sipcore@ietf.org>; Wed, 13 Oct 2010 08:27:04 -0700 (PDT)
X-AuditID: c1b4fb3d-b7c3aae000000b22-3f-4cb5d014f3b0
Received: from esessmw0184.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw10.se.ericsson.net (Symantec Mail Security) with SMTP id 72.5C.02850.410D5BC4; Wed, 13 Oct 2010 17:28:20 +0200 (CEST)
Received: from ESESSCMS0356.eemea.ericsson.se ([169.254.1.175]) by esessmw0184.eemea.ericsson.se ([153.88.115.81]) with mapi; Wed, 13 Oct 2010 17:28:20 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Adam Roach <adam@nostrum.com>
Date: Wed, 13 Oct 2010 17:28:17 +0200
Thread-Topic: Comments on draft-ietf-sipcore-keep-05
Thread-Index: Actq4vH93WIRw0TJQVGgZc+XfAxxnQABnnpg
Message-ID: <7F2072F1E0DE894DA4B517B93C6A058502DF3684@ESESSCMS0356.eemea.ericsson.se>
References: <430FC6BDED356B4C8498F634416644A926943819D1@mail> <7F2072F1E0DE894DA4B517B93C6A058502DF35BF@ESESSCMS0356.eemea.ericsson.se> <4CB5C21A.5080000@nostrum.com>
In-Reply-To: <4CB5C21A.5080000@nostrum.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: AAAAAA==
Cc: "sipcore@ietf.org" <sipcore@ietf.org>, Gonzalo Camarillo <gonzalo.camarillo@ericsson.com>, Hadriel Kaplan <HKaplan@acmepacket.com>
Subject: Re: [sipcore] Comments on draft-ietf-sipcore-keep-05
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sipcore>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Oct 2010 15:27:06 -0000
Hi, >>>a) Any downstream SIP entity, beyond the adjacent downstream peer >>>node, can modify the Via header identifying the local node >>>and thus cause the local node to send keepalives to its adjacent >>>peer (at high rates) if the peer does not support >> ... >>Nothing was added regarding a),because entities can always >>check that, before forwarding responses, the the Via header field >>hasn't been tempered with. > >The purpose of the "Security Considerations" section is to >warn implementors about things they need to take into >consideration to avoid security problems. Shouldn't the >document at least suggest that implementations validate the >Via header field to prevent this kind of attack? Fair enough. I can add the following text: "Downstream SIP entities can modify Via header fields identifying other SIP entities, and cause keepalives to be sent (at hight rates) to entities that do not not support the keepalive mechanism. SIP entities can prevent this, when a SIP response is received, by validating that Via headers have not been modified in a way which would cause such sending of keepalives." Regards, Christer
- [sipcore] Comments on draft-ietf-sipcore-keep-05 Hadriel Kaplan
- Re: [sipcore] Comments on draft-ietf-sipcore-keep… Christer Holmberg
- Re: [sipcore] Comments on draft-ietf-sipcore-keep… Adam Roach
- Re: [sipcore] Comments on draft-ietf-sipcore-keep… Christer Holmberg
- Re: [sipcore] Comments on draft-ietf-sipcore-keep… Adam Roach
- Re: [sipcore] Comments on draft-ietf-sipcore-keep… Christer Holmberg
- [sipcore] Draft new version: draft-ietf-sipcore-k… Christer Holmberg