Re: [sipcore] AD Evaluation of draft-holmberg-dispatch-rfc7315-updates-06
Christer Holmberg <christer.holmberg@ericsson.com> Wed, 22 June 2016 02:28 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C001A12D87C; Tue, 21 Jun 2016 19:28:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7xKYb5zF0QN3; Tue, 21 Jun 2016 19:28:25 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4B5A12DAE9; Tue, 21 Jun 2016 19:28:24 -0700 (PDT)
X-AuditID: c1b4fb3a-f79386d00000467b-ee-5769f7c63a0d
Received: from ESESSHC006.ericsson.se (Unknown_Domain [153.88.183.36]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id 6A.AA.18043.6C7F9675; Wed, 22 Jun 2016 04:28:22 +0200 (CEST)
Received: from ESESSMB209.ericsson.se ([169.254.9.241]) by ESESSHC006.ericsson.se ([153.88.183.36]) with mapi id 14.03.0294.000; Wed, 22 Jun 2016 04:28:22 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: "Gonzalo Salgueiro (gsalguei)" <gsalguei@cisco.com>, Ben Campbell <ben@nostrum.com>
Thread-Topic: AD Evaluation of draft-holmberg-dispatch-rfc7315-updates-06
Thread-Index: AQHRyynLvjd673syp0uC1ZoRFIN0E5/zqNkAgABAuACAABb4AIAAxKC3
Date: Wed, 22 Jun 2016 02:28:21 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B380FB854@ESESSMB209.ericsson.se>
References: <87A3DCDE-B8BC-4ADE-8129-70A4C0E92C3D@nostrum.com> <D38ED131.B2A5%christer.holmberg@ericsson.com> <54648860-7461-4A4E-948A-A1C9FAAC7FFC@nostrum.com>, <83801023-F21E-417C-B49C-49820CCE4DF2@cisco.com>
In-Reply-To: <83801023-F21E-417C-B49C-49820CCE4DF2@cisco.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: multipart/alternative; boundary="_000_7594FB04B1934943A5C02806D1A2204B380FB854ESESSMB209erics_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrIIsWRmVeSWpSXmKPExsUyM2K7iu6x75nhBvf3q1rM7zzNbrH69SxW i7lT/Cy+/tjE5sDiMeX3RlaPJUt+MnnM2vmEJYA5issmJTUnsyy1SN8ugSuj45hqwfGIilP3 tjE3MB736mLk5JAQMJGY2TaXCcIWk7hwbz1bFyMXh5DAEUaJj3eXMkI4Sxglrn76y9rFyMHB JmAh0f1PG6RBRCBSYsHXbawgNcwCExklzp+cDjZJWMBD4tGhfYwQRZ4SF39vZAfpFRFwk9iy PBMkzCKgKnHuSDcLiM0r4CvxYFsnG4gtJHCVUWLh9RgQm1PAVuLnhE5WEJsR6Ljvp9aAjWcW EJdo+rKSFeJoAYkle84zQ9iiEi8f/2OFqMmXmH3zFTvEfEGJkzOfsExgFJmFpH0WkrJZSMog 4gYSX97fhrK1JZYtfM0MYetLdL8/zYQsvoCRfRWjaHFqcXFuupGRXmpRZnJxcX6eXl5qySZG YMQd3PLbagfjweeOhxgFOBiVeHgf7MgMF2JNLCuuzD3EKMHBrCTCu/ITUIg3JbGyKrUoP76o NCe1+BCjNAeLkjiv/0vFcCGB9MSS1OzU1ILUIpgsEwenVANj5o4XFzNc3zpyrHzyIX6NhCan e2LSl+K32SVfP678tN9UfE/opT0+cvLvbGT5i6ME3OLMy7YViXzlDpayjis27LRiiM7ayJyS 2y1rPfWm3P/qysfWG7MSr52as1rCRKmaYcIFhj+vm95tFZj4YKvTrdueRpN2ZGxPdbtZfSX6 pFLt2YJzOXJKLMUZiYZazEXFiQC6vzRFtAIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/jjwkv6VM6_mSS62qXlzyDV8Z-9U>
Cc: SIPCORE <sipcore@ietf.org>, "draft-holmberg-dispatch-rfc7315-updates.all@ietf.org" <draft-holmberg-dispatch-rfc7315-updates.all@ietf.org>
Subject: Re: [sipcore] AD Evaluation of draft-holmberg-dispatch-rfc7315-updates-06
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jun 2016 02:28:28 -0000
Hi, We can add the text. Regards, Christer Sent from my Windows Phone ________________________________ From: Gonzalo Salgueiro (gsalguei)<mailto:gsalguei@cisco.com> Sent: 21/06/2016 19:44 To: Ben Campbell<mailto:ben@nostrum.com> Cc: Christer Holmberg<mailto:christer.holmberg@ericsson.com>; draft-holmberg-dispatch-rfc7315-updates.all@ietf.org<mailto:draft-holmberg-dispatch-rfc7315-updates.all@ietf.org>; SIPCORE<mailto:sipcore@ietf.org> Subject: Re: AD Evaluation of draft-holmberg-dispatch-rfc7315-updates-06 > On Jun 21, 2016, at 11:22 AM, Ben Campbell <ben@nostrum.com> wrote: > > That's a good start, but don't be surprised if we get questions specifically about adding NPLI to ACK requests. some language to the effect of the following might help: > > "This document adds the ability to include P-Access-Network-Info in ACK requests. As documented in RFC7315, P-Access-Network-Info may include privacy sensitive information, including the user's location. The security and privacy considerations for P-Access-Network-Info in ACK requests are similar to those for the other SIP requests discussed in RFC7315.” I’m fine with adding such text. Christer - Can we append this to your proposed text? Gonzalo > > Thanks! > > Ben. > > On 21 Jun 2016, at 3:26, Christer Holmberg wrote: > >> Hi Ben, >> >> See inline. >> >>> -------------- >>> >>> Substantive: >>> >>> The security considerations state that the draft removes some places >>> that some of the P-Headers can be sent, but expands that to some other >>> places. Further, it says that neither introduce new security >>> considerations beyond those in 7315. >>> >>> I accept that for the reduction part. But I'm not sure we can state that >>> sort of thing for the expansion part, at least without some more >>> discussion. Since 7315 already acknowledges potential privacy issues >>> around P-Access-Network-Info, I'd like to at least see a sentence or two >>> about the allowance of that in ACK requests, even if they just say that >>> this addition makes things no worse than they already are. >> >> >> OLD: >> >> The security considerations for P- header fields are defined in >> [RFC7315]. This specification allows some header fields to be >> present in messages where they were previously not allowed, and >> disallow some header fields to be present in messages where they were >> previously allowed. That does not cause any security issues, but >> implementations need to be aware that implementations may not have >> been updated according to this document, and take proper actions if a >> header field occur, or does not occur, in a message where it should >> occur (or occurs in a message where it should not occur). >> >> >> >> NEW: >> >> The security considerations for these P- header fields are defined in >> [RFC7315]. This specification allows some header fields to be >> present in messages where they were previously not allowed, and the >> security considerations and assumptions (e.g. regarding only sending >> Information to trusted entities) also to those messages. In addition, >> this specification also disallow some header fields to be present >> in message where they were previously allowed. That does not cause >> any security issues, but implementations need to be aware that >> implementations may not have been updated according to this document, >> and take proper actions if a header field occur, or does not occur, >> in a message where it should occur (or occurs in a message where it >> should not occur). >> >> >> >>> Editorial: >>> >>> -5, first sentence: "The security considerations for P- header fields >>> are defined in >>> [RFC7315]" >>> I assume this means 7315 discusses the security considerations for these >>> P-Headers specifically, not P-Headers in general. Is this the intent? If >>> so, I suggest: >>> >>> s/... for P-header fields.../ ... for these P-header fields... >> >> I¹ll fix as suggested (ass new text above). >> >> Regards, >> >> Christer
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Christer Holmberg
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Ben Campbell
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Christer Holmberg
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Christer Holmberg
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Christer Holmberg
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Gonzalo Salgueiro (gsalguei)
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Ben Campbell
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Christer Holmberg
- [sipcore] AD Evaluation of draft-holmberg-dispatc… Ben Campbell
- [sipcore] AD Evaluation of draft-holmberg-dispatc… Ben Campbell
- Re: [sipcore] AD Evaluation of draft-holmberg-dis… Ben Campbell