IETF Logo Mail Archive

Re: [sipcore] Eric Rescorla's Discuss on draft-ietf-sipcore-sip-push-21: (with DISCUSS and COMMENT) - The DISCUSS issues

Christer Holmberg <christer.holmberg@ericsson.com> Tue, 08 January 2019 14:36 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 782CD126CC7 for <sipcore@ietfa.amsl.com>; Tue, 8 Jan 2019 06:36:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.365
X-Spam-Level:
X-Spam-Status: No, score=-4.365 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.065, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=Z+5sifew; dkim=pass (1024-bit key) header.d=ericsson.com header.b=Wk9gtMU6
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6IXsPMh5vL4Y for <sipcore@ietfa.amsl.com>; Tue, 8 Jan 2019 06:36:50 -0800 (PST)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41FCD124C04 for <sipcore@ietf.org>; Tue, 8 Jan 2019 06:36:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1546958204; x=1549550204; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=L2sTEdOVeyExN3nWs0NWMC3ls/ubran+QkjrZgJJTCo=; b=Z+5sifewFS7u+wTYcE3QA8xTVU5m7KmbzT6Kv5B7njCwjitAsgkWjynInysTbXeQ o8mPJzkTg2FNWPQM5dksuopsAYSMULV3Z513TCSlEZtltPBuN80XDCMDf7DyJQ8Y Z34xqj8ygPvRv7E1gJfzDOqe3TCmKBStBI0hTuNZjUI=;
X-AuditID: c1b4fb30-fabff7000000355c-ed-5c34b57c7e77
Received: from ESESSMB502.ericsson.se (Unknown_Domain [153.88.183.120]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id 13.0D.13660.C75B43C5; Tue, 8 Jan 2019 15:36:44 +0100 (CET)
Received: from ESESSMR504.ericsson.se (153.88.183.126) by ESESSMB502.ericsson.se (153.88.183.120) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Tue, 8 Jan 2019 15:36:44 +0100
Received: from ESESSMB504.ericsson.se (153.88.183.165) by ESESSMR504.ericsson.se (153.88.183.126) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Tue, 8 Jan 2019 15:36:44 +0100
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (153.88.183.157) by ESESSMB504.ericsson.se (153.88.183.165) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Tue, 8 Jan 2019 15:36:43 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=L2sTEdOVeyExN3nWs0NWMC3ls/ubran+QkjrZgJJTCo=; b=Wk9gtMU6H/A3C1BFxLdq7dGW1vV4hfNJ6Ic1W99/I/RW76YcVoeYssfJrCbQBXGZr39xkiWFCtfkhT3UGydllhKrCd5tTRt+aMGCjCUbJxA/WL+N3/0OCTkpBfZw/8S/2rlCdNrNcKPvbbS8Q34Xh6GMQ+upkRBiYb25COYTWOE=
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB4314.eurprd07.prod.outlook.com (20.176.167.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1516.9; Tue, 8 Jan 2019 14:36:42 +0000
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::852a:3f04:e342:cf55]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::852a:3f04:e342:cf55%3]) with mapi id 15.20.1516.010; Tue, 8 Jan 2019 14:36:42 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Eric Rescorla <ekr@rtfm.com>
CC: The IESG <iesg@ietf.org>, "br@brianrosen.net" <br@brianrosen.net>, "sipcore@ietf.org" <sipcore@ietf.org>, "draft-ietf-sipcore-sip-push@ietf.org" <draft-ietf-sipcore-sip-push@ietf.org>, "sipcore-chairs@ietf.org" <sipcore-chairs@ietf.org>
Thread-Topic: Eric Rescorla's Discuss on draft-ietf-sipcore-sip-push-21: (with DISCUSS and COMMENT) - The DISCUSS issues
Thread-Index: AQHUpnFl9lNhpj/JG0GaYltri4PGoqWj12aAgAA1Ahk=
Date: Tue, 08 Jan 2019 14:36:42 +0000
Message-ID: <HE1PR07MB31615C9B43FB38B1FE045926938A0@HE1PR07MB3161.eurprd07.prod.outlook.com>
References: <154681733718.17024.3190954246737206843.idtracker@ietfa.amsl.com> <HE1PR07MB316119D1A9FCD7CE4159021A93890@HE1PR07MB3161.eurprd07.prod.outlook.com>, <CABcZeBMFGNfo6kUNmh=Y3UEXWdN8XVPTzR92gcftsR-cSTPXiw@mail.gmail.com>
In-Reply-To: <CABcZeBMFGNfo6kUNmh=Y3UEXWdN8XVPTzR92gcftsR-cSTPXiw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com;
x-originating-ip: [192.176.1.75]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; HE1PR07MB4314; 6:AEwm7R66oUvKofsKIL6ZTzdKh5mh6eeYrsw0NQBL72WZe3Ym2gZso3zI+0P/GlMoZDlUEZ6ccBaqZ03MmL45RLfQM4/svQr+jJrXBvomzm9S4yijXt/ZecdPLYe1jK9U+trcGRdGoTV1/UlqmHv6iITgnd1gdtCzq89OE8ZX6FJBLNtqzCJh6tuq9CvNfct4z4rAI93NQDOWQUKVxbyKCzqatobjwo7xwctnKVPVZtkbOmhwgFJpfMByaI5lxll0zN4LreLsGbBdSJUlZA2B4VgKNYSINQwVWH8u0qMsHxhQH0lxpH1D1vkD5Wg/NkP+JyxbGG72YkSjJpziNTbnVeRJzkjDOybnk06lpT/qvJhdJqEYYw06yLum1Svs8Wj9r5aoIMZgHdmJf3kEK3seUYpGvXG589OMlQZVp1RqFvWUopg5uGytHc0rBzZVbAfIS7ua+3Q/SmwjD56gmwpb7Q==; 5:nwx6S8Zk8ik2S9Rr7DHz4uybapF0JiPVl7dMUl2fN92qjhZoTvFd6CSm4SeLJ13zP6ECUPNFvNJPXsM+7jaKraFV+SaRv4iwrQRqRXRRBZfGzYA+MquZgfjzipaU+ZrK7/afIBiwAvjmpMWBQBV4977FHCyFX+Jr3RO7OLARHqVHmD+3JFN4ILxEkZ515leeFJWbuy5pMl6WysUeuYMWbA==; 7:NnGhFg1c5f+i1FjKWMKQqTEjhsrmOMy8vXSlXQjLBDX3vjIrzOmNoyPJVBgMbRYq7IZv12Vm7PrR6l5kvHziBU+Q4uWWQl/+qXkiewEHa6j5ExUhXZupedtcLMTvpmfH/kQDctlWppAUcn/X9QR6Jw==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 2a15131c-2746-439e-dbc0-08d67576b53a
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600109)(711020)(2017052603328)(7153060)(7193020); SRVR:HE1PR07MB4314;
x-ms-traffictypediagnostic: HE1PR07MB4314:
x-microsoft-antispam-prvs: <HE1PR07MB4314A644E87E118E4571DB93938A0@HE1PR07MB4314.eurprd07.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(3230021)(908002)(999002)(5005026)(6040522)(8220060)(2401047)(8121501046)(10201501046)(3002001)(93006095)(93001095)(3231475)(944501520)(52105112)(6041310)(20161123564045)(20161123560045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(201708071742011)(7699051)(76991095); SRVR:HE1PR07MB4314; BCL:0; PCL:0; RULEID:; SRVR:HE1PR07MB4314;
x-forefront-prvs: 0911D5CE78
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(39860400002)(346002)(136003)(366004)(376002)(199004)(189003)(54906003)(76176011)(33656002)(5660300001)(7736002)(55016002)(6436002)(9326002)(229853002)(9686003)(236005)(6306002)(54896002)(6246003)(53936002)(4326008)(25786009)(6116002)(3846002)(66066001)(606006)(8676002)(8936002)(316002)(81156014)(2906002)(446003)(102836004)(81166006)(5070765005)(186003)(106356001)(14454004)(790700001)(26005)(11346002)(6506007)(476003)(71200400001)(68736007)(71190400001)(105586002)(44832011)(486006)(966005)(86362001)(74316002)(478600001)(99286004)(97736004)(7696005)(6916009)(256004)(14444005); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB4314; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: NR2OVaRd5KHkT8yH29SgmO8XpvGT5thyve+aKtJQAGkuVTwsegLlI1qBF8WEDh3QDHyr2B10GzevYsUplhgQERSaJiqQC7AY4u9I6yFTTlqJH/pEMhzq397x1g7qh4f/2dgpcFO9zwygW3fhyZUeGG0JjTGJ1wI7ydsMEPgCVsAxFlaN1s7+sH+Qan5dfOPm7qvvuWrLFqO9IjHgep80dJeIRWbDrkmuaGp82HQ/Zf1jDID5eFriDyVSe4tQ51McxtWBEPpxDSoJoYSf4Q5nHzXswc/S7ADQhvC/kk7lkwFkzaLRfRyEHU7osYQTk80G
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_HE1PR07MB31615C9B43FB38B1FE045926938A0HE1PR07MB3161eurp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 2a15131c-2746-439e-dbc0-08d67576b53a
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Jan 2019 14:36:42.5167 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4314
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02SWUhUURjHO/fcmblaU8dRmy9bkEkqNdd8GCJEX0qSwHopbaLGvKi5MlfN JWiwNBcipdwNnRo0nNQStXBh1CxMRFPoIU3cGWTayBzLtblejd7+y++c75zDYbDsjciJiY5P YjXx6liF2JYuu/Qq1eNWi5/Ku7n4qHJuoliszFwwUMpn5kGJsnS1ECvvL+iwcvF3kzhAHDRh WZME6fV/qKCHM9k4BIfZnopgY6NTWI2X/zXbqG9v8+jE7HqUWrRkEmuR9hHKQwwDxA/0tYfy kC0jI70IxkuLsWAWEeg6tKJ/Zta4gQTzlAJzSS3FG5oUYLAs9VrX2FibQgqyB3wEagpBqXaK 4oeIiRLy1915xoE4w/JqH80zmFgQ1OQ3SPjCnqRBt8GIBCgdKgfvSPi1DuQkNBUG8DFNXGDj 14iIj6VEBctaJ2HUHIJ7nZUinrEh52E+c5rmNSJ7Yan/OcVrTOQwOlu1qYEQ0HcMYUE7wvzM ukjg1WCsm8TCuziD8eUFATkII1X5m5cHkikBk8EgEQoP+FFUtLXPORjr7xUJ0AcEM18/0kLh Bg+eDCNBx0DOYNUWNIyhxdhDFyDv8v8OWG4djkkCtC6d5WMpsYP3ZbO0gByH6vafYkG7Q43O jLf1QNcM9X9ejSR1yJFjufC4SF9fT1YTfZ3jEuI949mkJmT9Wt3NK96v0bwpsAcRBil2Sfc1 +qlkInUKlxbXg4DBCgdpY7I1kkao09JZTcJVTXIsy/Wg/QytkEtXZXYqGYlUJ7ExLJvIarZb irFx0qImrwzPrpbgiOBF5edxX//JIPnKiR1DoQ01L4i+bX3MZXdFIIcja1qTrwS8O5BrExJS 9uV7mypgwkm+vOfYsnPxSIlbn0m+Mx2yOtccHmeczgq7+6mFMelaB2+M5nq43Aw/nBBa2ddu br6de9kyPX6xwjXUO9TD3lDvc2TNNfVMjoLmotQ+bljDqf8CV9cwNlYDAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/pPCBTzw0NjtvUXFM_A2ajyVUZfA>
Subject: Re: [sipcore] Eric Rescorla's Discuss on draft-ietf-sipcore-sip-push-21: (with DISCUSS and COMMENT) - The DISCUSS issues
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jan 2019 14:36:56 -0000

Hi,


DETAIL
S 5.3.2.
>>      request) addressed towards a SIP UA, if the Request-URI of the
>>      request contains a pn-provider, a pn-prid and a pn-param (if required
>>      for the specific PNS provider) SIP URI parameter, the proxy requests
>>      a push notification towards the UA, using the PRID included in the
>>      pn-prid SIP URI parameter and the PNS identified by the pn-provider
>>      SIP URI parameter.
>
>Maybe I'm missing something, but this seems like it leaves open the
>possibility for the PRID to not match the rest of the URI. E.g.,
>suppose that a@example.com<mailto:a@example.com> and b@example.com<mailto:b@example.com> both register with the
>same proxy/registrar pair with PRIDa and PRIDb respectively. What
>stops the registrar from generating (or forwarding) a call to
>a@example.com<mailto:a@example.com>, PRIDb? And what happens if that happens?
Since no a@example.com:PRIDb binding has been registered, the registrar will not generate such URI.

>No conformant registrar will. But what about a nonconformant one? Or another endpoint.

Such registrar/endpoint would not even be SIP compliant.

But, IF it happens, the UA associated with PRIDb will receive a push notification and send a REGISTER. But, since the REGISTER contact will not match the R-URI of the SIP request to be forwarded, the SIP request will not be forwarded by the proxy (eventually there will be a timeout)

---

S 5.3.2.
>>      also present (and has not expired) in the REGISTER response, the
>>      proxy can forward the SIP request towards the UA, using normal SIP
>>      procedures.  If the contact of the REGISTER request does not match
>>      the Request-URI of the SIP request to be forwarded, or if the contact
>>      was not present in the REGISTER response, the proxy MUST reject the
>>      SIP request with a 404 (Not Found) response.  This can happen if the
>
>How does this happen? I.e., how does the the REGISTER get correlated
>with the SIP request to be forwarded in order to execute this
>requirement?
There could be cases where e.g. the PRID values match, but the rest of the contact don't.

>Such as?

E.g., if the UA has changed its IP address and/or port.


But, I don't think that is relevant. What matters is that the contacts DO match, AND that the contact is present in the REGISTER response. The rest will be handled by the timeout procedures.

>But *this* text requires you to behave in a certain way in case of mismatch. When will
>this be executed?

I suggested modified text, that only talks about the case when there is a match. In other cases, when there is no match, there will be a timeout.

---

S 6.2.1.
>>      generated key as the value to the associated 2xx REGISTER response.
>>
>>      The PURR value MUST be generated in such a way so that it cannot be
>>      used to retrieve information about the user or associate it with
>>      registrations.  It can be generated e.g., by utilizing a
>>      cryptographically secure random function.
>
>This seems to weak. I assume you also don't want it to be possible to
>determine that two PURRs correspond to the same user. Also who must be
>able to use it in this way. Presumably the proxy can?
>
>Why is this not a requirement for say PRID?
The PURR value will reach the remote user. The PRID will only reach the registrar.

>You need to say that.

Ok. I suggest to add:

"Since the PURR value will be transported to the remote peer, the value MUST be generated..."

---

S 13.
>>      specification.  Web push permits the sending of a push message
>>      without a payload without encryption.
>>
>>   13.  Security Considerations
>>
>>      Different mechanisms exist for authenticating and authorizing devices
>
>You need to discuss the security implications of knowledge of the push
>parameters (principally PRID). What happens if an attacker learns
>them?

Based on the sec-dir review, I did some modifications/additions to the security considerations. They can be seen in the following pull request:

https://github.com/cdh4u/draft-sip-push/pull/31

Regarding your comment, I have tried to address that with the following suggested text:

            "Typically, the PNS requires the SIP proxy requesting push notifications to be
            authenticated and authorized by the PNS. In some cases the PNS also require
            the SIP application (or the SIP application developer) to be identified in order for the
            application to request push notifications. Unless the PNS authenticates and authorizes the PNS,
            a malicious middleman that managed to get access to the parameters transported in the SIP signalling
            might be able to request push notifications towards a UA. Which such push notifications will not
            have any security related impacts, they will impact the battery life of the UA and trigger
            unnecessary SIP traffic."

>Why "middleman" as opposed to any endpoint.

I can change "middleman" to "endpoint".

Regards,

Christer

v2.23.0 | Report a Bug | By Email