Re: [Speermint] AD review: draft-ietf-speermint-voipthreats-05
Jan Seedorf <Jan.Seedorf@neclab.eu> Thu, 03 February 2011 09:04 UTC
Return-Path: <Jan.Seedorf@neclab.eu>
X-Original-To: speermint@core3.amsl.com
Delivered-To: speermint@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 015E93A6895 for <speermint@core3.amsl.com>; Thu, 3 Feb 2011 01:04:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.208
X-Spam-Level:
X-Spam-Status: No, score=-102.208 tagged_above=-999 required=5 tests=[AWL=0.041, BAYES_00=-2.599, HELO_EQ_DE=0.35, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cg8ixyadq74h for <speermint@core3.amsl.com>; Thu, 3 Feb 2011 01:04:45 -0800 (PST)
Received: from smtp0.netlab.nec.de (smtp0.netlab.nec.de [195.37.70.40]) by core3.amsl.com (Postfix) with ESMTP id A6F7A3A6879 for <speermint@ietf.org>; Thu, 3 Feb 2011 01:04:44 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp0.netlab.nec.de (Postfix) with ESMTP id 0D75C28000189; Thu, 3 Feb 2011 10:09:20 +0100 (CET)
X-Virus-Scanned: Amavisd on Debian GNU/Linux (atlas1.office.hd)
Received: from smtp0.netlab.nec.de ([127.0.0.1]) by localhost (atlas1.office.hd [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G-dnZ7MCJP3e; Thu, 3 Feb 2011 10:09:19 +0100 (CET)
Received: from ENCELADUS.office.hd (ENCELADUS.office.hd [192.168.24.52]) by smtp0.netlab.nec.de (Postfix) with ESMTP id E205F2800017B; Thu, 3 Feb 2011 10:08:59 +0100 (CET)
Received: from DAPHNIS.office.hd ([169.254.2.15]) by ENCELADUS.office.hd ([192.168.24.52]) with mapi id 14.01.0270.001; Thu, 3 Feb 2011 10:07:46 +0100
From: Jan Seedorf <Jan.Seedorf@neclab.eu>
To: Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>
Thread-Topic: [Speermint] AD review: draft-ietf-speermint-voipthreats-05
Thread-Index: AQHLX+kxWnxLUqNcV0qrWRp/Ps/5e5N0OA6AgG4nduCADdGtgIAAEmlg
Date: Thu, 03 Feb 2011 09:07:45 +0000
Message-ID: <2779C9F0771F974CAD742BAE6D9904FE80E9C1@DAPHNIS.office.hd>
References: <4CA35805.80606@ericsson.com> <4CE26FC7.10605@ericsson.com> <2779C9F0771F974CAD742BAE6D9904FE7EC444@PALLENE.office.hd> <4D4A6ED1.5060008@ericsson.com>
In-Reply-To: <4D4A6ED1.5060008@ericsson.com>
Accept-Language: de-DE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.1.2.226]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "speermint@ietf.org" <speermint@ietf.org>, Saverio Niccolini <Saverio.Niccolini@neclab.eu>, Eric Chen <eric.chen@lab.ntt.co.jp>, "hendrik.scholz@voipfuture.com" <hendrik.scholz@voipfuture.com>
Subject: Re: [Speermint] AD review: draft-ietf-speermint-voipthreats-05
X-BeenThere: speermint@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mailing list for the speermint working group <speermint.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/speermint>, <mailto:speermint-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/speermint>
List-Post: <mailto:speermint@ietf.org>
List-Help: <mailto:speermint-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/speermint>, <mailto:speermint-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Feb 2011 09:04:46 -0000
Dear Gonzalo, Thanks, great, See you in Prague, - Jan > -----Original Message----- > From: Gonzalo Camarillo [mailto:Gonzalo.Camarillo@ericsson.com] > Sent: Donnerstag, 3. Februar 2011 10:01 > To: Jan Seedorf > Cc: speermint@ietf.org; Saverio Niccolini; Eric Chen; > hendrik.scholz@voipfuture.com > Subject: Re: [Speermint] AD review: draft-ietf-speermint-voipthreats-05 > > Hi Jan, > > thanks for addressing the comments. I have just requested an IETF LC for > this draft. > > Cheers, > > Gonzalo > > > On 25/01/2011 3:14 PM, Jan Seedorf wrote: > > Dear Gonzalo, > > > > Thanks for your - indeed valid - comments on our -06 version of draft-ietf- > speermint-voipthreats. Sorry for taking a while, your comments resulted in > quite some changes in the draft. I just posted a new -07 version, let me > explain below how we think we addressed your comments in this version: > > > >>> While message modification and eavesdropping is included in the > >>> threats against SF and MF, they do not seem to appear in the threats > >>> against LRF and LUF. Why? > > Indeed message modification and eavesdropping are threats also for the LUF > and LRF. We assumed those addressed with "confidentiality" and "integrity". We > added some more text now, e.g. specifically mentioning "eavesdropping" and > "message modification" under "confidentiality" and "integrity", respectively, > for the LUF and LRF. For us, it was implicit that when one talks about > confidentiality he/she indirectly talks about "eavesdropping", and when one > talks about integrity he/she indirectly talks about "message modification". > Anyway, we hope the text now explicitly makes this clear. > > > >> Also, the reasons why Section 4.5 recommends TCP over UDP are still not > >> clear. UDP over DTLS would meet the requirements in both Sections 3.2 > >> and 4.5. > > This is a very good point, which caused changes in section 4.5, 3.2, and in > some other parts. At the time we started writing this draft back in 2007, > RFC4347 on DTLS was less than a year old and there was no mature > implementation of DTLS at the time. Companies designing NGN at the time did > not consider DTLS for the same reason. Since it has been more than three > years, nowadays there seem to be quite a few DTLS implementations (at the IETF > privacy workshop in Dec., I talked with Eric Rescorla about this and he > confirmed that some stable implementations exist by now). We now updated the > sections, saying that transport layer security can be either DTLS or TLS, > depending on the use of the underlying transport protocol (UDP or TCP). Thus, > we also do not recommend TCP over UDP anymore, and the section was renamed to > "4.5 Secure Exchange of SIP messages". Accordingly, the former section "4.13. > Encryption and Integrity Protection of Signaling Messages" is now obsolete and > we had > to update also section 3.2., mentioning DTLS as an alternative to TLS. > > > > We hope the draft is in better shape now and that all your comments have > been addressed. > > > > Sorry again for taking so long, > > > > - Jan > > > > > >> -----Original Message----- > >> From: speermint-bounces@ietf.org [mailto:speermint-bounces@ietf.org] On > Behalf > >> Of Gonzalo Camarillo > >> Sent: Dienstag, 16. November 2010 12:49 > >> To: speermint@ietf.org > >> Subject: Re: [Speermint] AD review: draft-ietf-speermint-voipthreats-05 > >> > >> Hi, > >> > >> thanks for having submitted a new revision of this draft: > >> > >> http://tools.ietf.org/html/draft-ietf-speermint-voipthreats-06 > >> > >> This revision addresses most of my comments below. However, I do not > >> think I got an answer to the following question: > >> > >>> While message modification and eavesdropping is included in the > >>> threats against SF and MF, they do not seem to appear in the threats > >>> against LRF and LUF. Why? > >> > >> Also, the reasons why Section 4.5 recommends TCP over UDP are still not > >> clear. UDP over DTLS would meet the requirements in both Sections 3.2 > >> and 4.5. > >> > >> Thanks, > >> > >> Gonzalo > >> > >> > >> On 29/09/2010 5:15 PM, Gonzalo Camarillo wrote: > >>> Hi, > >>> > >>> a couple of days ago I received a publication request for the following > >>> draft: > >>> > >>> https://datatracker.ietf.org/doc/draft-ietf-speermint-voipthreats/ > >>> > >>> Here you have my AD review of the draft (see below). The authors should > >>> be able to address all my comments fairly quickly. As soon as they > >>> revise the draft I will initiate its IETF LC. > >>> > >>> Thanks, > >>> > >>> Gonzalo > >>> > >>> > >>> draft-ietf-speermint-voipthreats-05 > >>> > >>> Expand acronyms on their first use (e.g., SPEERMINT in the title and > >>> VoIP in the Introduction). > >>> > >>> The Abstract and the Introduction attempt to explain the relationship > >>> between this draft and draft-ietf-speermint-requirements. However, > >>> Section 3.1 does a better job at that. Could you please clarify in the > >>> Introduction that the requirements in draft-ietf-speermint-requirements > >>> were derived from the threats documented in this draft? Also, please > >>> clarify that in addition to be the base for those requirements, this > >>> draft provides countermeasures to meet those requirements. Any SPEERMINT > >>> expert will probably understand that by reading the Abstract and the > >>> Introduction but clarifying those points will help readers who have not > >>> been that involved in the process. > >>> > >>> While message modification and eavesdropping is included in the > >>> threats against SF and MF, they do not seem to appear in the threats > >>> against LRF and LUF. Why? > >>> > >>> Section 4.5 recommends to use TCP instead of UDP. That advice is great, > >>> but the reasons Section 4.5 discusses are not that strong. The fact that > >>> the linux kernel has improved is irrelevant if an operator uses > >>> non-linux boxes. Also, an operator using UDP over IPsec, for instance, > >>> will not face the problems described there. The main recommendation in > >>> Section 4.5 seems to actually be to use an integrity protection > >>> mechanism. Clarifying that section would be useful. > >>> > >>> [refs.sbcfuncs] has been published as RFC 5853 > >>> > >>> A few references only include the title and the author fields. Adding > >>> the venue where they were published would be useful. > >>> > >> > >> _______________________________________________ > >> Speermint mailing list > >> Speermint@ietf.org > >> https://www.ietf.org/mailman/listinfo/speermint > >
- [Speermint] AD review: draft-ietf-speermint-voipt… Gonzalo Camarillo
- Re: [Speermint] AD review: draft-ietf-speermint-v… Gonzalo Camarillo
- Re: [Speermint] AD review: draft-ietf-speermint-v… Gonzalo Camarillo
- Re: [Speermint] AD review: draft-ietf-speermint-v… Gonzalo Camarillo
- Re: [Speermint] AD review: draft-ietf-speermint-v… Jan Seedorf
- Re: [Speermint] AD review: draft-ietf-speermint-v… Gonzalo Camarillo
- Re: [Speermint] AD review: draft-ietf-speermint-v… Jan Seedorf