IETF Logo Mail Archive

Re: [sipcore] AD Evaluation of draft-holmberg-dispatch-rfc7315-updates-06

"Ben Campbell" <ben@nostrum.com> Wed, 22 June 2016 14:56 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4ABBF12D792; Wed, 22 Jun 2016 07:56:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.326
X-Spam-Level:
X-Spam-Status: No, score=-3.326 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.426] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ee8rrRoeBsm2; Wed, 22 Jun 2016 07:56:33 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5299B12D876; Wed, 22 Jun 2016 07:47:10 -0700 (PDT)
Received: from [10.0.1.4] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id u5MEl2YX097155 (version=TLSv1 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 22 Jun 2016 09:47:02 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.4]
From: Ben Campbell <ben@nostrum.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>
Date: Wed, 22 Jun 2016 09:47:05 -0500
Message-ID: <8D74E280-1141-469D-9627-23E38A2F9478@nostrum.com>
In-Reply-To: <D3901671.B451%christer.holmberg@ericsson.com>
References: <87A3DCDE-B8BC-4ADE-8129-70A4C0E92C3D@nostrum.com> <D38ED131.B2A5%christer.holmberg@ericsson.com> <54648860-7461-4A4E-948A-A1C9FAAC7FFC@nostrum.com> <83801023-F21E-417C-B49C-49820CCE4DF2@cisco.com> <7594FB04B1934943A5C02806D1A2204B380FB854@ESESSMB209.ericsson.se> <D3901671.B451%christer.holmberg@ericsson.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Mailer: MailMate (1.9.4r5234)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/uYgzERSe0gs66N0yuGo2rEulA_E>
Cc: SIPCORE <sipcore@ietf.org>, Gonzalo Salgueiro <gsalguei@cisco.com>, "draft-holmberg-dispatch-rfc7315-updates.all@ietf.org" <draft-holmberg-dispatch-rfc7315-updates.all@ietf.org>
Subject: Re: [sipcore] AD Evaluation of draft-holmberg-dispatch-rfc7315-updates-06
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jun 2016 14:56:35 -0000

Works for me.

Thanks!

Ben.

On 22 Jun 2016, at 2:18, Christer Holmberg wrote:

> Hi,
>
> NEW:
>
>    ”The security considerations for these P- header fields are 
> defined in
>    [RFC7315].  This specification allows some header fields to be
>    present in messages where they were previously not allowed, and the
>    security considerations and assumptions (e.g. regarding only 
> sending
>    Information to trusted entities) also to those messages. In 
> addition,
>    this specification also disallow some header fields to be present
>    in message where they were previously allowed. That does not cause
>    any security issues, but implementations need to be aware that
>    implementations may not have been updated according to this 
> document,
>    and take proper actions if a header field occur, or does not occur,
>    in a message where it should occur (or occurs in a message where it
>    should not occur). This document adds the ability to include
>    P-Access-Network-Info in ACK requests. As documented in  [RFC7315],
>    P-Access-Network-Info may include privacy sensitive information, 
> including
>    the user's location. The security and privacy considerations for
>    P-Access-Network-Info in ACK requests are similar to those for the 
> other
>    SIP requests discussed in  [RFC7315].”
>
> Regards,
>
> Christer
>
>
> From: Christer Holmberg 
> <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>>
> Date: Wednesday 22 June 2016 at 05:28
> To: "gsalguei@cisco.com<mailto:gsalguei@cisco.com>" 
> <gsalguei@cisco.com<mailto:gsalguei@cisco.com>>, Ben Campbell 
> <ben@nostrum.com<mailto:ben@nostrum.com>>
> Cc: 
> "draft-holmberg-dispatch-rfc7315-updates.all@ietf.org<mailto:draft-holmberg-dispatch-rfc7315-updates.all@ietf.org>" 
> <draft-holmberg-dispatch-rfc7315-updates.all@ietf.org<mailto:draft-holmberg-dispatch-rfc7315-updates.all@ietf.org>>, 
> "sipcore@ietf.org<mailto:sipcore@ietf.org>" 
> <sipcore@ietf.org<mailto:sipcore@ietf.org>>
> Subject: RE: AD Evaluation of 
> draft-holmberg-dispatch-rfc7315-updates-06
> Resent-From: <alias-bounces@ietf.org<mailto:alias-bounces@ietf.org>>
> Resent-To: Christer Holmberg 
> <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>>, 
> Nevenka Biondic 
> <nevenka.biondic@ericsson.com<mailto:nevenka.biondic@ericsson.com>>, 
> "gsalguei@cisco.com<mailto:gsalguei@cisco.com>" 
> <gsalguei@cisco.com<mailto:gsalguei@cisco.com>>, Ben Campbell 
> <ben@nostrum.com<mailto:ben@nostrum.com>>, "A. Mahoney" 
> <mahoney@nostrum.com<mailto:mahoney@nostrum.com>>
> Resent-Date: Wednesday 22 June 2016 at 05:28
>
> Hi,
>
> We can add the text.
>
> Regards,
>
> Christer
>
> Sent from my Windows Phone
> ________________________________
> From: Gonzalo Salgueiro (gsalguei)<mailto:gsalguei@cisco.com>
> Sent: 21/06/2016 19:44
> To: Ben Campbell<mailto:ben@nostrum.com>
> Cc: Christer Holmberg<mailto:christer.holmberg@ericsson.com>; 
> draft-holmberg-dispatch-rfc7315-updates.all@ietf.org<mailto:draft-holmberg-dispatch-rfc7315-updates.all@ietf.org>; 
> SIPCORE<mailto:sipcore@ietf.org>
> Subject: Re: AD Evaluation of 
> draft-holmberg-dispatch-rfc7315-updates-06
>
>
>> On Jun 21, 2016, at 11:22 AM, Ben Campbell 
>> <ben@nostrum.com<mailto:ben@nostrum.com>> wrote:
>>
>> That's a good start, but don't be surprised if we get questions 
>> specifically about adding NPLI to ACK requests. some language to the 
>> effect of the following might help:
>>
>> "This document adds the ability to include P-Access-Network-Info in 
>> ACK requests. As documented in RFC7315, P-Access-Network-Info may 
>> include privacy sensitive information, including the user's location. 
>> The security and privacy considerations for P-Access-Network-Info in 
>> ACK requests are similar to those for the other SIP requests 
>> discussed in RFC7315.”
>
> I’m fine with adding such text.
>
> Christer - Can we append this to your proposed text?
>
> Gonzalo
>
>
>>
>> Thanks!
>>
>> Ben.
>>
>> On 21 Jun 2016, at 3:26, Christer Holmberg wrote:
>>
>>> Hi Ben,
>>>
>>> See inline.
>>>
>>>> --------------
>>>>
>>>> Substantive:
>>>>
>>>> The security considerations state that the draft removes some 
>>>> places
>>>> that some of the P-Headers can be sent, but expands that to some 
>>>> other
>>>> places. Further, it says that neither introduce new security
>>>> considerations beyond those in 7315.
>>>>
>>>> I accept that for the reduction part. But I'm not sure we can state 
>>>> that
>>>> sort of thing for the expansion part, at least without some more
>>>> discussion. Since 7315 already acknowledges potential privacy 
>>>> issues
>>>> around P-Access-Network-Info, I'd like to at least see a sentence 
>>>> or two
>>>> about the allowance of that in ACK requests, even if they just say 
>>>> that
>>>> this addition makes things no worse than they already are.
>>>
>>>
>>> OLD:
>>>
>>> The security considerations for P- header fields are defined in
>>>   [RFC7315].  This specification allows some header fields to be
>>>   present in messages where they were previously not allowed, and
>>>   disallow some header fields to be present in messages where they 
>>> were
>>>   previously allowed. That does not cause any security issues, but
>>>   implementations need to be aware that implementations may not have
>>>   been updated according to this document, and take proper actions 
>>> if a
>>>   header field occur, or does not occur, in a message where it 
>>> should
>>>   occur (or occurs in a message where it should not occur).
>>>
>>>
>>>
>>> NEW:
>>>
>>> The security considerations for these P- header fields are defined 
>>> in
>>>   [RFC7315].  This specification allows some header fields to be
>>>   present in messages where they were previously not allowed, and 
>>> the
>>> security considerations and assumptions (e.g. regarding only sending
>>> Information to trusted entities) also to those messages. In 
>>> addition,
>>> this specification also disallow some header fields to be present
>>> in message where they were previously allowed. That does not cause
>>> any security issues, but implementations need to be aware that
>>> implementations may not have been updated according to this 
>>> document,
>>> and take proper actions if a header field occur, or does not occur,
>>> in a message where it should occur (or occurs in a message where it
>>> should not occur).
>>>
>>>
>>>
>>>> Editorial:
>>>>
>>>> -5, first sentence: "The security considerations for P- header 
>>>> fields
>>>> are defined in
>>>>   [RFC7315]"
>>>> I assume this means 7315 discusses the security considerations for 
>>>> these
>>>> P-Headers specifically, not P-Headers in general. Is this the 
>>>> intent? If
>>>> so, I suggest:
>>>>
>>>> s/... for P-header fields.../ ... for these P-header fields...
>>>
>>> I¹ll fix as suggested (ass new text above).
>>>
>>> Regards,
>>>
>>> Christer

v2.23.0 | Report a Bug | By Email