Re: [Slim] Alissa Cooper's No Objection on draft-ietf-slim-negotiating-human-language-22: (with COMMENT)

Paul Kyzivat <pkyzivat@alum.mit.edu> Thu, 11 January 2018 20:53 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: slim@ietfa.amsl.com
Delivered-To: slim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8102A12EC40 for <slim@ietfa.amsl.com>; Thu, 11 Jan 2018 12:53:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.934
X-Spam-Level:
X-Spam-Status: No, score=-1.934 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RBESHNjQACTG for <slim@ietfa.amsl.com>; Thu, 11 Jan 2018 12:53:00 -0800 (PST)
Received: from resqmta-ch2-02v.sys.comcast.net (resqmta-ch2-02v.sys.comcast.net [IPv6:2001:558:fe21:29:69:252:207:34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E37CE12EC3A for <slim@ietf.org>; Thu, 11 Jan 2018 12:52:59 -0800 (PST)
Received: from resomta-ch2-04v.sys.comcast.net ([69.252.207.100]) by resqmta-ch2-02v.sys.comcast.net with ESMTP id Zjq1ewM7hK5G0ZjqMeO4uZ; Thu, 11 Jan 2018 20:52:58 +0000
Received: from PaulKyzivatsMBP.localdomain ([24.62.227.142]) by resomta-ch2-04v.sys.comcast.net with SMTP id ZjqLeLYTKTEttZjqMeYj0K; Thu, 11 Jan 2018 20:52:58 +0000
To: Randall Gellens <rg+ietf@randy.pensive.org>, slim@ietf.org
References: <151552189475.2065.12973411169880140522.idtracker@ietfa.amsl.com> <p06240606d67acbc7af70@[99.111.97.136]> <6123cac0-a946-b26b-2b3b-68ff7b28874f@alum.mit.edu> <p06240604d67bede7af48@[99.111.97.136]>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <14c38c8d-1dbd-79f2-6959-bbf00d196a62@alum.mit.edu>
Date: Thu, 11 Jan 2018 15:52:57 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:52.0) Gecko/20100101 Thunderbird/52.5.2
MIME-Version: 1.0
In-Reply-To: <p06240604d67bede7af48@[99.111.97.136]>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-CMAE-Envelope: MS4wfEsRfQguDSMZxSQo5hyAkLHd4BxaC+RtnidCbvlcVb/fldW7BPuqVNfkGqDIW2ayfvz6NlkBpwDB/u24bd8m4GS86JB/qCsAkfw/BWdfMwOemTpaqHrp +F4Iofpoupfkxli7SqxhYr80GIATahn7jZSExv2hO5PsA+/LkAZ7rIZMYnPaddXtmZpYImO8U+JB1TY3D6rHJtwQIl+mtZyRESEPqHvRlE6qxKTs3RZbGX29
Archived-At: <https://mailarchive.ietf.org/arch/msg/slim/CP2YfbRZenHTy1VoYjpg6LhaEVc>
Subject: Re: [Slim] Alissa Cooper's No Objection on draft-ietf-slim-negotiating-human-language-22: (with COMMENT)
X-BeenThere: slim@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Selection of Language for Internet Media <slim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/slim>, <mailto:slim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/slim/>
List-Post: <mailto:slim@ietf.org>
List-Help: <mailto:slim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/slim>, <mailto:slim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jan 2018 20:53:01 -0000

On 1/10/18 11:27 AM, Randall Gellens wrote:
> At 11:01 AM -0500 1/10/18, Paul Kyzivat wrote:
> 
>>  On 1/9/18 3:08 PM, Randall Gellens wrote:
>>>  Hi Alissa,
>>>
>>>  Good point.  I can reword the Security Considerations section to read:
>>>
>>>      The Security Considerations of BCP 47 [RFC5646] apply here.  An
>>>      attacker with the ability to modify signaling could prevent a call
>>>      from succeeding by altering any of several crucial elements,
>>>      including the 'hlang-send' or 'hlang-recv' values.  RFC 5069
>>>      [RFC5069] discusses such threats.  Use of TLS or IPSec can protect
>>>      against such threats.  Emergency calls are of particular 
>>> concern; RFC
>>>      6881 [RFC6881], which is specific to emergency calls, mandates 
>>> use of
>>>      TLS or IPSec (in ED-57/SP-30).
>>
>>  Is this a real concern? IIUC the processing of emergency calls 
>> prioritizes completion of the call above everything else. Lack of 
>> support for a requested language should never result in call failure.
> 
> It's a concern for calls in general that an attacker who is able to 
> modify the signaling can cause calls to fail.  The attacker could modify 
> the Request-URI, causing the call to be routed to, e.g., a pothole 
> reporting line instead of the police, or to a completely bogus 
> destination, or modify the Contact-URI or any other crucial element.  

But that is nothing unique to SLIM. In this respect it is the same as 
any sip call.

	Thanks,
	Paul

> It's true that where emergency calls are concerned, normally the 
> priority is for the call to complete no matter what.  A PSAP is highly 
> unlikely to fail a call if there are no languages in common.  RFC 6881 
> mandates use of TLS or IPSec but also that a call proceeds even if TLS 
> or IPSec fail.
> 
> 
>>>  At 10:18 AM -0800 1/9/18, Alissa Cooper wrote:
>>>
>>>>   Alissa Cooper has entered the following ballot position for
>>>>   draft-ietf-slim-negotiating-human-language-22: No Objection
>>>>
>>>>   When responding, please keep the subject line intact and reply to all
>>>>   email addresses included in the To and CC lines. (Feel free to cut 
>>>> this
>>>>   introductory paragraph, however.)
>>>>
>>>>
>>>>   Please refer to 
>>>> https://www.ietf.org/iesg/statement/discuss-criteria.html
>>>>   for more information about IESG DISCUSS and COMMENT positions.
>>>>
>>>>
>>>>   The document, along with other ballot positions, can be found here:
>>>>
>>>> https://datatracker.ietf.org/doc/draft-ietf-slim-negotiating-human-language/ 
>>>>
>>>>
>>>>
>>>>
>>>>   
>>>> ----------------------------------------------------------------------
>>>>   COMMENT:
>>>>   
>>>> ----------------------------------------------------------------------
>>>>
>>>>   == Section 7 ==
>>>>
>>>>   "In
>>>>      addition, if the 'hlang-send' or 'hlang-recv' values are 
>>>> altered or
>>>>      deleted en route, the session could fail or languages
>>>>      incomprehensible to the caller could be selected; however, this is
>>>>      also a risk if any SDP parameters are modified en route."
>>>>
>>>>   Given that one of the primary use cases for the attributes defined 
>>>> here is for
>>>>   emergency calling, it seems worthwhile to call out the new 
>>>> specific threat that
>>>>   these attributes enable in that case, namely the targeted 
>>>> manipulation/forgery
>>>>   of the language attributes for the purposes of denying emergency 
>>>> services to a
>>>>   caller. This general class of attacks is contemplated in Section 
>>>> 5.2.2 of RFC
>>>>   5069, although there may be a better reference to cite here for 
>>>> what to do if
>>>>   you don't want your emergency calls subject to that kind of attack 
>>>> (I can't
>>>>   recall another document off the top of my head).
>>>>
>>>>   == Section 8 ==
>>>>
>>>>   This seems weak for not including some words to indicate what to 
>>>> do to mitigate
>>>>   the risks of exposing this information.
>>>
>>>
>>
>>  _______________________________________________
>>  SLIM mailing list
>>  SLIM@ietf.org
>>  https://www.ietf.org/mailman/listinfo/slim
> 
>