Re: [Slim] Alissa Cooper's No Objection on draft-ietf-slim-negotiating-human-language-22: (with COMMENT)

Randall Gellens <> Wed, 10 January 2018 16:27 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 29805126DFF for <>; Wed, 10 Jan 2018 08:27:13 -0800 (PST)
X-Quarantine-ID: <msXeg4V3UOUo>
X-Virus-Scanned: amavisd-new at
X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "MIME-Version"
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id msXeg4V3UOUo for <>; Wed, 10 Jan 2018 08:27:11 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 61D8B1241F8 for <>; Wed, 10 Jan 2018 08:27:11 -0800 (PST)
Received: from [] ( by with ESMTP (EIMS X 3.3.9); Wed, 10 Jan 2018 08:27:44 -0800
Mime-Version: 1.0
Message-Id: <p06240604d67bede7af48@[]>
In-Reply-To: <>
References: <> <p06240606d67acbc7af70@[]> <>
X-Mailer: Eudora for Mac OS X
Date: Wed, 10 Jan 2018 08:27:08 -0800
To: Paul Kyzivat <>,
From: Randall Gellens <>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Archived-At: <>
Subject: Re: [Slim] Alissa Cooper's No Objection on draft-ietf-slim-negotiating-human-language-22: (with COMMENT)
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Selection of Language for Internet Media <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 10 Jan 2018 16:27:13 -0000

At 11:01 AM -0500 1/10/18, Paul Kyzivat wrote:

>  On 1/9/18 3:08 PM, Randall Gellens wrote:
>>  Hi Alissa,
>>  Good point.  I can reword the Security Considerations section to read:
>>      The Security Considerations of BCP 47 [RFC5646] apply here.  An
>>      attacker with the ability to modify signaling could prevent a call
>>      from succeeding by altering any of several crucial elements,
>>      including the 'hlang-send' or 'hlang-recv' values.  RFC 5069
>>      [RFC5069] discusses such threats.  Use of TLS or IPSec can protect
>>      against such threats.  Emergency calls are of particular concern; RFC
>>      6881 [RFC6881], which is specific to emergency calls, mandates use of
>>      TLS or IPSec (in ED-57/SP-30).
>  Is this a real concern? IIUC the processing of emergency calls 
> prioritizes completion of the call above everything else. Lack of 
> support for a requested language should never result in call 
> failure.

It's a concern for calls in general that an attacker who is able to 
modify the signaling can cause calls to fail.  The attacker could 
modify the Request-URI, causing the call to be routed to, e.g., a 
pothole reporting line instead of the police, or to a completely 
bogus destination, or modify the Contact-URI or any other crucial 
element.  It's true that where emergency calls are concerned, 
normally the priority is for the call to complete no matter what.  A 
PSAP is highly unlikely to fail a call if there are no languages in 
common.  RFC 6881 mandates use of TLS or IPSec but also that a call 
proceeds even if TLS or IPSec fail.

>>  At 10:18 AM -0800 1/9/18, Alissa Cooper wrote:
>>>   Alissa Cooper has entered the following ballot position for
>>>   draft-ietf-slim-negotiating-human-language-22: No Objection
>>>   When responding, please keep the subject line intact and reply to all
>>>   email addresses included in the To and CC lines. (Feel free to cut this
>>>   introductory paragraph, however.)
>>>   Please refer to
>>>   for more information about IESG DISCUSS and COMMENT positions.
>>>   The document, along with other ballot positions, can be found here:
>>>   ----------------------------------------------------------------------
>>>   COMMENT:
>>>   ----------------------------------------------------------------------
>>>   == Section 7 ==
>>>   "In
>>>      addition, if the 'hlang-send' or 'hlang-recv' values are altered or
>>>      deleted en route, the session could fail or languages
>>>      incomprehensible to the caller could be selected; however, this is
>>>      also a risk if any SDP parameters are modified en route."
>>>   Given that one of the primary use cases for the attributes 
>>> defined here is for
>>>   emergency calling, it seems worthwhile to call out the new 
>>> specific threat that
>>>   these attributes enable in that case, namely the targeted 
>>> manipulation/forgery
>>>   of the language attributes for the purposes of denying emergency 
>>> services to a
>>>   caller. This general class of attacks is contemplated in Section 
>>> 5.2.2 of RFC
>>>   5069, although there may be a better reference to cite here for 
>>> what to do if
>>>   you don't want your emergency calls subject to that kind of 
>>> attack (I can't
>>>   recall another document off the top of my head).
>>>   == Section 8 ==
>>>   This seems weak for not including some words to indicate what to 
>>> do to mitigate
>>>   the risks of exposing this information.
>  _______________________________________________
>  SLIM mailing list

Randall Gellens
Opinions are personal;    facts are suspect;    I speak for myself only
-------------- Randomly selected tag: ---------------
Intelligence is like underwear, everyone should have it,
but we shouldn't show it off.             --Gene Petret