Re: [sipcore] Short WGLC on SIP Push
Ben Campbell <ben@nostrum.com> Wed, 30 January 2019 00:10 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92C6B130EEC for <sipcore@ietfa.amsl.com>; Tue, 29 Jan 2019 16:10:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.68
X-Spam-Level:
X-Spam-Status: No, score=-1.68 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lLM5M-sqUvdI for <sipcore@ietfa.amsl.com>; Tue, 29 Jan 2019 16:10:46 -0800 (PST)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 299A5130EE0 for <sipcore@ietf.org>; Tue, 29 Jan 2019 16:10:46 -0800 (PST)
Received: from [10.0.1.29] (cpe-70-122-203-106.tx.res.rr.com [70.122.203.106]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id x0U0AWj7012449 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Tue, 29 Jan 2019 18:10:36 -0600 (CST) (envelope-from ben@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1548807037; bh=jvOSL+6ldnLy6mYS2H+htcWYV9JUHHUasezIrCj4ki4=; h=From:Subject:Date:In-Reply-To:Cc:To:References; b=Y61K7Pi18TzqROl3RMaSKmQA9KlYv0dX6cFAGy3R748GzP1TdRLBG6i2AR4yWwt6t aqrcm9sCXeUW26+1fDakDfaDG5SwwhrFXRKQSrmes9IO8SXkFhoD7EHnJ8uUpjVKpE kJsu0wzBoSM1OdJtN/B23UBSNbudbxyVW3nh9Kxw=
X-Authentication-Warning: raven.nostrum.com: Host cpe-70-122-203-106.tx.res.rr.com [70.122.203.106] claimed to be [10.0.1.29]
From: Ben Campbell <ben@nostrum.com>
Message-Id: <EFD0CD29-623E-4D6B-B476-4668CC424FC3@nostrum.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_50F76277-BAA7-4AB6-8BAC-B608211B6F97"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
Date: Tue, 29 Jan 2019 18:10:30 -0600
In-Reply-To: <153934B6-87FF-4BDE-88AB-2E30E3978680@brianrosen.net>
To: SIPCORE <sipcore@ietf.org>, Christer Holmberg <christer.holmberg@ericsson.com>
References: <153934B6-87FF-4BDE-88AB-2E30E3978680@brianrosen.net>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/ey_JfCMLxdfbHutyP4KDsEt8PBc>
Subject: Re: [sipcore] Short WGLC on SIP Push
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jan 2019 00:10:48 -0000
(As individual) Hi, I have reviewed version 24. I mainly reviewed the diff from version 21. For the most part, I am only making substantive comments in this email. However, I think that the new text needs more wordsmithing and proofreading. §4.1.2: In the case where the UA cannot remove its registration, I assume this is all soft-state and will get cleaned up when the bindings expire. If correct, it would be worth mentioning that here. I agree the UA needs to remove the binding if it can §5.2: Is this really a queue in the formal sense? That is, a given queued request doesn’t have to wait for other requests that are ahead in the queue, does it? §5.3: I think this section needs to be careful about URI matching for the purposes of generating a push request, and URI matching for the purposes of message routing. The 3261 URI comparison rules say that a parameter that exists in one URI but not the other is ignored. That means a URI with the push-related parameters will match one without them. Is that the intent? For example, is an inbound request that has a request-URI that matches the registered contact for the push-enabled UA but does not have the push parameters expected to trigger a push request? In the second paragraph, do I understand that we are saying that a URI that would not have matched if we weren’t using the PNS will now suddenly match for purposes of routing the request to the UA? What do we expect the UAS to do with a request that doesn’t match any of its bindings? Is it also allowed to match just on the push parameters? (I wonder if there are subtle security considerations here.) That same race condition can occur in non-push networks, where a UAS changes a binding between the time a UAC sends an request and the time that request reaches the responsible proxy. We don’t expect that to work. Why do we expect this to be different for push-enabled networks? Is it because the window for the race condition is larger? (It can’t be _much_ longer, or the user experience will be pretty bad.) §5.6.2: - “The proxy checks whether the SIP Request Push queue contains a SIP request associated with the REGISTER transaction”: Please be precise about what “associated” means in this context. I initially assumed it meant “has an R-URI that matches one of the contacts in the REGISTER request”, but the following step checks for that. - In the paragraph about what happens if the push-triggered REGISTER does not show up in time, it’s not clear which transaction timer is being discussed. I think this means some special push-specific timer set by the proxy, not the UAC's normal SIP transaction timers? (If we are talking about the UAC’s timer, then it seems tardy for the proxy to send an error _after_ the UAC’s timer has expired.) If so, then some text mentioning the proxy needs to keep such timers in the first place would be helpful. - " If the proxy is able to authorize the sender of the REGISTER…” Does this mean “authenticate”? If you really mean “authorize”, then “is able to” doesn’t seem to make sense. Maybe “If the proxy is responsible for authorizing…”? §6.2.3: Do I understand correctly that a mid-dialog request with an incorrect R-URI will still work if the PURR matches? What do we expect the UAS to do with a mid-dialog request with an incorrect r-uri? §13: - I suggest removing the language suggesting that malicious push-notifications have no security-related impacts.Running down batteries and triggering extra messaging can have their own security-related impacts. - TLS doesn’t, by itself, secure the network from malicious _endpoints_, if you mean endpoint in the sense of a SIP UA. That requires authentication and authorization of the UA, which TLS does not do unless you want to require mutual-authentication. I suspect you meant to talk about attacks from other parties? Thanks! Ben. > On Jan 29, 2019, at 1:23 PM, Brian Rosen <br@brianrosen.net> wrote: > > As many substantive changes to SIP Push have been made, chairs have decided to rerun last call, but on a quick cycle. > > This email starts a one week Working Group Last Call on draft-ietf-sipcore-sip-push > > Please send comments to the list. Statements from reviewers that their comments have been satisfactorily addressed would be helpful. > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore
- [sipcore] Short WGLC on SIP Push Brian Rosen
- Re: [sipcore] Short WGLC on SIP Push Ben Campbell
- Re: [sipcore] Short WGLC on SIP Push Christer Holmberg
- Re: [sipcore] Short WGLC on SIP Push Christer Holmberg