Re: [Slim] Alissa Cooper's No Objection on draft-ietf-slim-negotiating-human-language-22: (with COMMENT)

Randall Gellens <rg+ietf@randy.pensive.org> Wed, 10 January 2018 16:27 UTC

Return-Path: <rg+ietf@randy.pensive.org>
X-Original-To: slim@ietfa.amsl.com
Delivered-To: slim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29805126DFF for <slim@ietfa.amsl.com>; Wed, 10 Jan 2018 08:27:13 -0800 (PST)
X-Quarantine-ID: <msXeg4V3UOUo>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "MIME-Version"
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id msXeg4V3UOUo for <slim@ietfa.amsl.com>; Wed, 10 Jan 2018 08:27:11 -0800 (PST)
Received: from turing.pensive.org (turing.pensive.org [99.111.97.161]) by ietfa.amsl.com (Postfix) with ESMTP id 61D8B1241F8 for <slim@ietf.org>; Wed, 10 Jan 2018 08:27:11 -0800 (PST)
Received: from [99.111.97.136] (99.111.97.161) by turing.pensive.org with ESMTP (EIMS X 3.3.9); Wed, 10 Jan 2018 08:27:44 -0800
Mime-Version: 1.0
Message-Id: <p06240604d67bede7af48@[99.111.97.136]>
In-Reply-To: <6123cac0-a946-b26b-2b3b-68ff7b28874f@alum.mit.edu>
References: <151552189475.2065.12973411169880140522.idtracker@ietfa.amsl.com> <p06240606d67acbc7af70@[99.111.97.136]> <6123cac0-a946-b26b-2b3b-68ff7b28874f@alum.mit.edu>
X-Mailer: Eudora for Mac OS X
Date: Wed, 10 Jan 2018 08:27:08 -0800
To: Paul Kyzivat <pkyzivat@alum.mit.edu>, slim@ietf.org
From: Randall Gellens <rg+ietf@randy.pensive.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/slim/GrNiUotYz2MM1wlYedCcmoDGsHI>
Subject: Re: [Slim] Alissa Cooper's No Objection on draft-ietf-slim-negotiating-human-language-22: (with COMMENT)
X-BeenThere: slim@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Selection of Language for Internet Media <slim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/slim>, <mailto:slim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/slim/>
List-Post: <mailto:slim@ietf.org>
List-Help: <mailto:slim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/slim>, <mailto:slim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jan 2018 16:27:13 -0000

At 11:01 AM -0500 1/10/18, Paul Kyzivat wrote:

>  On 1/9/18 3:08 PM, Randall Gellens wrote:
>>  Hi Alissa,
>>
>>  Good point.  I can reword the Security Considerations section to read:
>>
>>      The Security Considerations of BCP 47 [RFC5646] apply here.  An
>>      attacker with the ability to modify signaling could prevent a call
>>      from succeeding by altering any of several crucial elements,
>>      including the 'hlang-send' or 'hlang-recv' values.  RFC 5069
>>      [RFC5069] discusses such threats.  Use of TLS or IPSec can protect
>>      against such threats.  Emergency calls are of particular concern; RFC
>>      6881 [RFC6881], which is specific to emergency calls, mandates use of
>>      TLS or IPSec (in ED-57/SP-30).
>
>  Is this a real concern? IIUC the processing of emergency calls 
> prioritizes completion of the call above everything else. Lack of 
> support for a requested language should never result in call 
> failure.

It's a concern for calls in general that an attacker who is able to 
modify the signaling can cause calls to fail.  The attacker could 
modify the Request-URI, causing the call to be routed to, e.g., a 
pothole reporting line instead of the police, or to a completely 
bogus destination, or modify the Contact-URI or any other crucial 
element.  It's true that where emergency calls are concerned, 
normally the priority is for the call to complete no matter what.  A 
PSAP is highly unlikely to fail a call if there are no languages in 
common.  RFC 6881 mandates use of TLS or IPSec but also that a call 
proceeds even if TLS or IPSec fail.


>>  At 10:18 AM -0800 1/9/18, Alissa Cooper wrote:
>>
>>>   Alissa Cooper has entered the following ballot position for
>>>   draft-ietf-slim-negotiating-human-language-22: No Objection
>>>
>>>   When responding, please keep the subject line intact and reply to all
>>>   email addresses included in the To and CC lines. (Feel free to cut this
>>>   introductory paragraph, however.)
>>>
>>>
>>>   Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
>>>   for more information about IESG DISCUSS and COMMENT positions.
>>>
>>>
>>>   The document, along with other ballot positions, can be found here:
>>> 
>>> https://datatracker.ietf.org/doc/draft-ietf-slim-negotiating-human-language/
>>>
>>>
>>>
>>>   ----------------------------------------------------------------------
>>>   COMMENT:
>>>   ----------------------------------------------------------------------
>>>
>>>   == Section 7 ==
>>>
>>>   "In
>>>      addition, if the 'hlang-send' or 'hlang-recv' values are altered or
>>>      deleted en route, the session could fail or languages
>>>      incomprehensible to the caller could be selected; however, this is
>>>      also a risk if any SDP parameters are modified en route."
>>>
>>>   Given that one of the primary use cases for the attributes 
>>> defined here is for
>>>   emergency calling, it seems worthwhile to call out the new 
>>> specific threat that
>>>   these attributes enable in that case, namely the targeted 
>>> manipulation/forgery
>>>   of the language attributes for the purposes of denying emergency 
>>> services to a
>>>   caller. This general class of attacks is contemplated in Section 
>>> 5.2.2 of RFC
>>>   5069, although there may be a better reference to cite here for 
>>> what to do if
>>>   you don't want your emergency calls subject to that kind of 
>>> attack (I can't
>>>   recall another document off the top of my head).
>>>
>>>   == Section 8 ==
>>>
>>>   This seems weak for not including some words to indicate what to 
>>> do to mitigate
>>>   the risks of exposing this information.
>>
>>
>
>  _______________________________________________
>  SLIM mailing list
>  SLIM@ietf.org
>  https://www.ietf.org/mailman/listinfo/slim


-- 
Randall Gellens
Opinions are personal;    facts are suspect;    I speak for myself only
-------------- Randomly selected tag: ---------------
Intelligence is like underwear, everyone should have it,
but we shouldn't show it off.             --Gene Petret