Re: [sipcore] Comments on draft-ietf-sipcore-keep-05
Adam Roach <adam@nostrum.com> Wed, 13 October 2010 15:55 UTC
Return-Path: <adam@nostrum.com>
X-Original-To: sipcore@core3.amsl.com
Delivered-To: sipcore@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D0FD13A6B8D for <sipcore@core3.amsl.com>; Wed, 13 Oct 2010 08:55:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.662
X-Spam-Level:
X-Spam-Status: No, score=-102.662 tagged_above=-999 required=5 tests=[AWL=-0.063, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g5-dhUQpc-eI for <sipcore@core3.amsl.com>; Wed, 13 Oct 2010 08:55:41 -0700 (PDT)
Received: from nostrum.com (nostrum-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:267::2]) by core3.amsl.com (Postfix) with ESMTP id 17B1B3A6A9F for <sipcore@ietf.org>; Wed, 13 Oct 2010 08:55:39 -0700 (PDT)
Received: from dn3-228.estacado.net (vicuna-alt.estacado.net [75.53.54.121]) (authenticated bits=0) by nostrum.com (8.14.3/8.14.3) with ESMTP id o9DFuqe1013138 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Wed, 13 Oct 2010 10:56:52 -0500 (CDT) (envelope-from adam@nostrum.com)
Message-ID: <4CB5D6C3.2050100@nostrum.com>
Date: Wed, 13 Oct 2010 10:56:51 -0500
From: Adam Roach <adam@nostrum.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.9) Gecko/20100915 Thunderbird/3.1.4
MIME-Version: 1.0
To: Christer Holmberg <christer.holmberg@ericsson.com>
References: <430FC6BDED356B4C8498F634416644A926943819D1@mail> <7F2072F1E0DE894DA4B517B93C6A058502DF35BF@ESESSCMS0356.eemea.ericsson.se> <4CB5C21A.5080000@nostrum.com> <7F2072F1E0DE894DA4B517B93C6A058502DF3684@ESESSCMS0356.eemea.ericsson.se>
In-Reply-To: <7F2072F1E0DE894DA4B517B93C6A058502DF3684@ESESSCMS0356.eemea.ericsson.se>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "sipcore@ietf.org" <sipcore@ietf.org>, Gonzalo Camarillo <gonzalo.camarillo@ericsson.com>, Hadriel Kaplan <HKaplan@acmepacket.com>
Subject: Re: [sipcore] Comments on draft-ietf-sipcore-keep-05
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sipcore>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Oct 2010 15:55:41 -0000
On 10/13/10 10:28 AM, Christer Holmberg wrote: > Hi, > >>>> a) Any downstream SIP entity, beyond the adjacent downstream peer >>>> node, can modify the Via header identifying the local node >>>> and thus cause the local node to send keepalives to its adjacent >>>> peer (at high rates) if the peer does not support >>> ... >>> Nothing was added regarding a),because entities can always >>> check that, before forwarding responses, the the Via header field >>> hasn't been tempered with. >> The purpose of the "Security Considerations" section is to >> warn implementors about things they need to take into >> consideration to avoid security problems. Shouldn't the >> document at least suggest that implementations validate the >> Via header field to prevent this kind of attack? > Fair enough. > > I can add the following text: > > "Downstream SIP entities can modify Via header fields identifying other SIP entities, > and cause keepalives to be sent (at hight rates) to entities that do not not support > the keepalive mechanism. SIP entities can prevent this, when a SIP response is received, > by validating that Via headers have not been modified in a way which would cause such > sending of keepalives." That's good, but I think we can improve it by more clearly calling out what the implementations need to look for: "Downstream SIP entities can modify Via header fields identifying other SIP entities, and cause keepalives to be sent (at high rates) to entities that do not not support the keepalive mechanism. SIP entities can prevent this, when a SIP response is received, by examining their own Via header field to determine that downstream entities have not added a 'keep' parameter or set an existing 'keep' parameter to a value not supported by the implementation." /a
- [sipcore] Comments on draft-ietf-sipcore-keep-05 Hadriel Kaplan
- Re: [sipcore] Comments on draft-ietf-sipcore-keep… Christer Holmberg
- Re: [sipcore] Comments on draft-ietf-sipcore-keep… Adam Roach
- Re: [sipcore] Comments on draft-ietf-sipcore-keep… Christer Holmberg
- Re: [sipcore] Comments on draft-ietf-sipcore-keep… Adam Roach
- Re: [sipcore] Comments on draft-ietf-sipcore-keep… Christer Holmberg
- [sipcore] Draft new version: draft-ietf-sipcore-k… Christer Holmberg