IETF Logo Mail Archive

Re: [sipcore] Adam Roach's Discuss on draft-ietf-sipcore-sip-push-21: (with DISCUSS and COMMENT) - the DISCUSS issues Part 2

Christer Holmberg <christer.holmberg@ericsson.com> Wed, 09 January 2019 19:51 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A39F31310DE for <sipcore@ietfa.amsl.com>; Wed, 9 Jan 2019 11:51:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.854
X-Spam-Level:
X-Spam-Status: No, score=-8.854 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=d9l5dEC1; dkim=pass (1024-bit key) header.d=ericsson.com header.b=ey6G3D73
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PCVaxAfnYRKw for <sipcore@ietfa.amsl.com>; Wed, 9 Jan 2019 11:51:48 -0800 (PST)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C68FC131094 for <sipcore@ietf.org>; Wed, 9 Jan 2019 11:51:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1547063505; x=1549655505; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=lpOSv7Y02tQMe6PcaHhsh33eQ6dAmHiAgx/QvudIsm8=; b=d9l5dEC1iQTJX8a89s3ImFcdFq1KNQ7/roYo3J5bfjgofax2vf8pPLlJr0bMnlxh OLBTgbPIo20KjjHlGd+vEhuEftPdcQ30iXc7OcK04cW798FrbgHRWKirMkfM6cM8 nMCj5h5X1+tS0FKEbMYObB9n5m6Ui/JJuFp2z/IRKA8=;
X-AuditID: c1b4fb3a-5c9c29e00000672c-ad-5c3650d11fb0
Received: from ESESSMB501.ericsson.se (Unknown_Domain [153.88.183.119]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id 90.05.26412.1D0563C5; Wed, 9 Jan 2019 20:51:45 +0100 (CET)
Received: from ESESSMB504.ericsson.se (153.88.183.165) by ESESSMB501.ericsson.se (153.88.183.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Wed, 9 Jan 2019 20:51:42 +0100
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (153.88.183.157) by ESESSMB504.ericsson.se (153.88.183.165) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Wed, 9 Jan 2019 20:51:41 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lpOSv7Y02tQMe6PcaHhsh33eQ6dAmHiAgx/QvudIsm8=; b=ey6G3D73fu0DlYbfZdfjjTl7p9koHxTiZm7fs0//B+VbJq0LUt5FccR7HGynE0UJ6odloChoaKkiih5FvX1kXZaoHSSAwi2cFzssxGRtVsclfsIFobq1/h00dCuE/eOvvgIqEEfliEUj91EGrKX7Xd+Mw/7AEUpEMtMYUT7b8p4=
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB3196.eurprd07.prod.outlook.com (10.170.246.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1516.6; Wed, 9 Jan 2019 19:51:40 +0000
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::852a:3f04:e342:cf55]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::852a:3f04:e342:cf55%3]) with mapi id 15.20.1516.010; Wed, 9 Jan 2019 19:51:40 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Ben Campbell <ben@nostrum.com>
CC: Adam Roach <adam@nostrum.com>, The IESG <iesg@ietf.org>, "sipcore-chairs@ietf.org" <sipcore-chairs@ietf.org>, "draft-ietf-sipcore-sip-push@ietf.org" <draft-ietf-sipcore-sip-push@ietf.org>, "sipcore@ietf.org" <sipcore@ietf.org>, "br@brianrosen.net" <br@brianrosen.net>
Thread-Topic: Adam Roach's Discuss on draft-ietf-sipcore-sip-push-21: (with DISCUSS and COMMENT) - the DISCUSS issues Part 2
Thread-Index: AdSoKivNENGuZ0nPQtW8o3Of+p7ZCgAJx+CAAABFNhA=
Date: Wed, 09 Jan 2019 19:51:38 +0000
Message-ID: <HE1PR07MB316137DED22CE098D29844BF938B0@HE1PR07MB3161.eurprd07.prod.outlook.com>
References: <HE1PR07MB316165F6D52E313281D15544938B0@HE1PR07MB3161.eurprd07.prod.outlook.com> <FE046CDD-438A-4822-829B-A5721EACB9F5@nostrum.com>
In-Reply-To: <FE046CDD-438A-4822-829B-A5721EACB9F5@nostrum.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com;
x-originating-ip: [192.176.1.75]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; HE1PR07MB3196; 6:s+M06IyJTn6mWlQ4Vf30WkaBKcz6a3tC+7m3Bcz/YUhlawGm3AP94nVZrttdjKMHyEnPEjy1oyut2iWM3JL8Nh2wsVIi51Y76Z0ktptGnxgKjXeiZXMR4aZMIxiAZZScepnzqqNgIrlCx4QE7T6gSwBj30BS0DfPjHMGT3Lq0WDw1f1NEjDLWYtC4/K/RFwdob35y1rqjuOdjwgsHHCZJq+wBGrA1sUmy45LWv9oTJsEWSYZaGRlnflo9ofiplW2pgI4cE5JeAn8CoAU9zexWqODzAfkLphzDgaPuNseyPsqfmcRjz0n1PQ/u3G9YlluTQrRG+By3pTW06wpDLZp8z1zBz14LT3JImsBAkziVhuFuQ+PQnP1pf/Vg9LkxEOu55+UCOSE11KyfSwJDk5UsFEssFS1IV5dXXpOydny97DLii6ODsJlJS2DbGN8SR9nCMzpHGyL745jcGn8HMiRUg==; 5:Ul8kOYEA385fXR3428lOuNqV/4A3Ms0/SYb6pFmvKloKYexRN3umCq1F0bYpUU0Xql2Id9h0J3nkLm4ixziRQinuJPxT2mHf11F/63300ppTr6ou6dIJduE32E5crv8z5kNaAVAHPaFXHD5eKVvS1YnWnWauzVwdmwZEe8wGjw+C9172zu6xOaY7GOPAf6AVrY4CkLz4/0+glxq6DUDAgQ==; 7:P1g6T35Gh7L8nGkl4UX5Va94k/iFqkkKnj9+CNIswFyJbWl71QKzmDqLEIsX1T+7gqVLnZvXJk/BH3KxmwjNewZCwZB59lFP6Ny1VWx3FEj6jizYz/XivSp1FIVBYgRSosJ0b45wMd62DmFFU2nQXg==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 8c5775c0-1b7f-44fa-e028-08d6766bdf93
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600109)(711020)(2017052603328)(7153060)(7193020); SRVR:HE1PR07MB3196;
x-ms-traffictypediagnostic: HE1PR07MB3196:
x-microsoft-antispam-prvs: <HE1PR07MB31968CCBB7C723F97AC9E90A938B0@HE1PR07MB3196.eurprd07.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(3230021)(908002)(999002)(5005026)(6040522)(8220060)(2401047)(8121501046)(10201501046)(93006095)(93001095)(3231475)(944501520)(52105112)(3002001)(6041310)(20161123562045)(20161123560045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(201708071742011)(7699051)(76991095); SRVR:HE1PR07MB3196; BCL:0; PCL:0; RULEID:; SRVR:HE1PR07MB3196;
x-forefront-prvs: 0912297777
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(39860400002)(396003)(346002)(366004)(376002)(189003)(199004)(7696005)(6506007)(102836004)(54906003)(186003)(476003)(44832011)(76176011)(9686003)(6306002)(55016002)(4326008)(6436002)(25786009)(53936002)(6246003)(26005)(33656002)(97736004)(86362001)(74316002)(11346002)(6116002)(446003)(3846002)(5660300001)(8936002)(8676002)(81156014)(106356001)(81166006)(7736002)(305945005)(105586002)(71190400001)(71200400001)(229853002)(6916009)(966005)(66066001)(2906002)(478600001)(14454004)(316002)(486006)(99286004)(256004)(68736007)(14444005); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3196; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: J1Ikvl+cNnEMVk226WsETC1m3UtUmlcruIswFAnZvAn86HZYLIn5dnz2tK6b64975eRYpCjlxGBn1s+teZl+AYz479bzo/+7cV1+NFVmTymqazqHFsncrjN102sn+xzcDqwOiRb1yTAc2FP54CEqFxD4PA5fnFvdVtAWh/PdO47yzGyt6fS5yiM8Fkwaz73S+GBEleboIWweB/9zQBNDZ3HFRzyo2SO22F+Cuw3zWV/yQZIMmBDIwZrHReU8iRDltNvbaNhrxfGmBbP+O62r2HYu8ILX9y9KubapjzS1y51v2zdVcGkQAFrLch0YSVSd
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 8c5775c0-1b7f-44fa-e028-08d6766bdf93
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jan 2019 19:51:40.0459 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3196
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA01Sa0gUYRTtm292Z7S2PjfNixrU0o80fGSig/Q2yAJpi4iIJV100MUnO2Zp KaYiqUlK+VpT0zRsLVLLfKa5CWmapkQ/NPCRtUhpmphGq+XubNC/c+4599zL5bJYXiVxYjUx 8bw2Rh2lkNrSJeebL7sPK31VXhVVEq5jtYrhKrL6Ge7zeKGUS1uso7hiUz7mchcrMbe00ig9 zASO/1xlAqurf1GButZpWokv2O4P46M0CbzW82CIbUTqzMW40X1XXjRV0qmo3jsbsSwQHzB1 e2QjW1ZOehA06VslIllC8PLHWyyS+xSkL3VKzYQmeRhabhloUcmnoKphhBLJJILOdrPCslLC Qc7anmxkw9oTBRjTmywNmBRRUNxbxJiFrSQZJuu+SkRTCiwPfMci9od6Yxo259BkFxSatpjL MqKCwbIexjoYwWz6siXHhhyCzOZ5Sy8i22D5zSPKjDFxhNHpCgsGQqC6YwiL2AFmPq1JRL8a uvQTWDzGDuhqOCNatsNIRQ4yzwKSxsCHLzcYUXCH+YICa04QlN2uxKLpHYKy65lWkxs8n+u1 Do6EqfJia9Iwhqw/GbQouMDTrLvSPOSl+29Z3foimLjCkzZPsbwT7uRMMjrLAeygr2Savodo PXIQeEGIDvf29uC1mlBBiI3xiOHjG9H653Q/++3fgrqNRwyIsEixSebj6auSS9QJQmK0AQGL FfayJOf1kixMnZjEa2ODtZeieMGAnFla4Sgzye1UchKujucjeT6O1/5TKdbGKRWd7PrmcGKj 1neBCpNnBnMfS8vddejc+92haw+OnhVqjQ/HSl2NGWM+qMs/cspv4VrA6TYT0ikG+vxGQw68 uuoSmMLMpukDkjNvThwfap973aPsz11zia89NuswF2SqcXzsk2CoWWlXtqrqVm2C+zZkJ65o NrcMJtfbRa4Wy0/lKmghQr3XDWsF9V8ZJB+vNQMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/nRgqDgg-9PtOOxYmaAjLvL9Js28>
Subject: Re: [sipcore] Adam Roach's Discuss on draft-ietf-sipcore-sip-push-21: (with DISCUSS and COMMENT) - the DISCUSS issues Part 2
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jan 2019 19:51:54 -0000

Hi,

§4.1:
 
>>>> For privacy and security reasons, the UA MUST NOT include the SIP 
>>>> URI parameters defined in this document in non-REGISTER request, to 
>>>> prevent the PNS information associated with the UA from reaching the 
>>>> remote peer.
>>> 
>>> This seems to ignore the availability of Contact URI parameters via 
>>> RFC 3680 subscriptions. This would seem to impose a requirement on Registrars to strip this 
>>> information before making it available to any other party (which, in turn, requires that the system have explicit Registrar *and* Proxy support).
>>> As far as I can tell, the system so far has not required explicit 
>>> proxy support (and there's certainly no mechanism built-in that ensures that a proxy has any special handling regarding this mechanism).
>>> 
>>> If the PNS information is sensitive, and cannot be allowed to leak out to other users, then we need some way to ensure the registrar 
>>> has provided positive confirmation that it will not do so before allowing it to come into possession of them.
>> 
>> Users aren't normally allowed to subscribe to the Contacts of other users, are they?
>
> As far as I know, that’s an operational choice, not a requirement. One assumes that if 3680 is used, _someone_ is subscribing.

Yes, but I would assume it is controlled who is allowed to subscribe to what.

>> And, if they were, I don't think the PNS information is the only information that would be considered sensitive.
>
> True, but this draft should take responsibility for the data elements that it adds.

Absolutely, but in general I think this is more of an 3680 issue. Or, have we always assumed that whatever is placed in the contact is non-sensitive?

>> But, to answer your question, I don't know how to prevent that, other than adding text to the security considerations saying that operators must take this into consideration.
>
> I’m on the fence as to whether we should expect the registrar to strip PNS, vs just mention that information can be leaked this way. 
> The WG might need to think a bit harder about how sensitive the PNS really is. I think we were prohibiting it in non-REGISTER requests somewhat 
> opportunistically (that is, because it was easy to do), not because we had really analyzed the privacy implications.

It may vary between PNS, but in general I would assume that the most sensitive information is the PRID. However, it is not sensitive because it would provide user information (afaik it is just a unique random string), but because it could potentially be used to trigger malicious push notifications. Now, in addition to the PRID, whoever acts like the proxy also needs to authenticate itself with the PNS, so one will know where the push notification requests come from. Also, mechanisms like VAPID can be used to control who is allowed to trigger push notifications.
 
---------------------------------------------------------------------------

§4.2:
 
>>>> The UA can do so by only including the pn-provider  SIP URI 
>>>> parameter in the SIP Contact header field URI of the REGISTER  
>>>> request, but without including the pn-prid SIP URI parameter.
>>> 
>>> Unless I'm mistaken, this is a barrier to interoperation.
>>> 
>>> It's not 100% clear, but I suspect the intended implication is that 
>>> the pn-provider parameter here will contain a single value? The syntax of the parameter certainly seems to imply that. 
>>> This seems to be a pretty big problem, since it presupposes that the client will know which PNSes the Proxy supports.
>>> Consider, for example, an iOS client that can use any of RFC 8030, FCM, and APN (cf https://firebase.google.com/docs/cloud-messaging/ios/client).
>>> If the client doesn't know a priori what the proxy supports (and this 
>>> entire section only makes sense if that's true), then it won't know which of those three services to indicate in its REGISTER request. If it guesses wrong, this mechanism simply fails.
>>> 
>>> I think you need a different discovery mechanism here -- either have 
>>> one that has the client offering multiple PNS protocols and the proxy responding with one, or have one in which the proxy
>>> indicates all of its supported services in a response, and the client chooses one to use in its next REGISTER message.
>> 
>> I suggest the first option, where the client can offer multiple PNS protocols (pn-provider values) and the proxy responds with one. 
>
> Would that require the UA to preemptively register will all possible PNSs, even if it’s only going to use one?

Not as far as the SIP push mechanism in concerned, because when the UA does a query it doesn't need to provide PRID (which it receives during PNS registration), it only indicates the PNS(s) it supports.

Regards,

Christer

v2.23.0 | Report a Bug | By Email