Re: [Speermint] AD review: draft-ietf-speermint-voipthreats-05

[Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>]

Hi Jan,

thanks for addressing the comments. I have just requested an IETF LC for
this draft.

Cheers,

Gonzalo


On 25/01/2011 3:14 PM, Jan Seedorf wrote:
> Dear Gonzalo,
> 
> Thanks for your - indeed valid - comments on our -06 version of draft-ietf-speermint-voipthreats. Sorry for taking a while, your comments resulted in quite some changes in the draft. I just posted a new -07 version, let me explain below how we think we addressed your comments in this version:
> 
>>> While message modification and eavesdropping is included in the
>>> threats against SF and MF, they do not seem to appear in the threats
>>> against LRF and LUF. Why?
> Indeed message modification and eavesdropping are threats also for the LUF and LRF. We assumed those addressed with "confidentiality" and "integrity". We added some more text now, e.g. specifically mentioning "eavesdropping" and "message modification" under "confidentiality" and "integrity", respectively, for the LUF and LRF. For us, it was implicit that when one talks about confidentiality he/she indirectly talks about "eavesdropping", and when one talks about integrity he/she indirectly talks about "message modification". Anyway, we hope the text now explicitly makes this clear.
> 
>> Also, the reasons why Section 4.5 recommends TCP over UDP are still not
>> clear. UDP over DTLS would meet the requirements in both Sections 3.2
>> and 4.5.
> This is a very good point, which caused changes in section 4.5, 3.2, and in some other parts. At the time we started writing this draft back in 2007, RFC4347 on DTLS was less than a year old and there was no mature implementation of DTLS at the time.  Companies designing NGN at the time did not consider DTLS for the same reason. Since it has been more than three years, nowadays there seem to be quite a few DTLS implementations (at the IETF privacy workshop in Dec., I talked with Eric Rescorla about this and he confirmed that some stable implementations exist by now). We now updated the sections, saying that transport layer security can be either DTLS or TLS, depending on the use of the underlying transport protocol (UDP or TCP). Thus, we also do not recommend TCP over UDP anymore, and the section was renamed to "4.5 Secure Exchange of SIP messages". Accordingly, the former section "4.13.  Encryption and Integrity Protection of Signaling Messages" is now obsolete and we had
 to update also section 3.2., mentioning DTLS as an alternative to TLS.
> 
> We hope the draft is in better shape now and that all your comments have been addressed.
> 
> Sorry again for taking so long,
> 
>  - Jan
> 
> 
>> -----Original Message-----
>> From: speermint-bounces@ietf.org [mailto:speermint-bounces@ietf.org] On Behalf
>> Of Gonzalo Camarillo
>> Sent: Dienstag, 16. November 2010 12:49
>> To: speermint@ietf.org
>> Subject: Re: [Speermint] AD review: draft-ietf-speermint-voipthreats-05
>>
>> Hi,
>>
>> thanks for having submitted a new revision of this draft:
>>
>> http://tools.ietf.org/html/draft-ietf-speermint-voipthreats-06
>>
>> This revision addresses most of my comments below. However, I do not
>> think I got an answer to the following question:
>>
>>> While message modification and eavesdropping is included in the
>>> threats against SF and MF, they do not seem to appear in the threats
>>> against LRF and LUF. Why?
>>
>> Also, the reasons why Section 4.5 recommends TCP over UDP are still not
>> clear. UDP over DTLS would meet the requirements in both Sections 3.2
>> and 4.5.
>>
>> Thanks,
>>
>> Gonzalo
>>
>>
>> On 29/09/2010 5:15 PM, Gonzalo Camarillo wrote:
>>> Hi,
>>>
>>> a couple of days ago I received a publication request for the following
>>> draft:
>>>
>>> https://datatracker.ietf.org/doc/draft-ietf-speermint-voipthreats/
>>>
>>> Here you have my AD review of the draft (see below). The authors should
>>> be able to address all my comments fairly quickly. As soon as they
>>> revise the draft I will initiate its IETF LC.
>>>
>>> Thanks,
>>>
>>> Gonzalo
>>>
>>>
>>> draft-ietf-speermint-voipthreats-05
>>>
>>> Expand acronyms on their first use (e.g., SPEERMINT in the title and
>>> VoIP in the Introduction).
>>>
>>> The Abstract and the Introduction attempt to explain the relationship
>>> between this draft and draft-ietf-speermint-requirements. However,
>>> Section 3.1 does a better job at that. Could you please clarify in the
>>> Introduction that the requirements in draft-ietf-speermint-requirements
>>> were derived from the threats documented in this draft? Also, please
>>> clarify that in addition to be the base for those requirements, this
>>> draft provides countermeasures to meet those requirements. Any SPEERMINT
>>> expert will probably understand that by reading the Abstract and the
>>> Introduction but clarifying those points will help readers who have not
>>> been that involved in the process.
>>>
>>> While message modification and eavesdropping is included in the
>>> threats against SF and MF, they do not seem to appear in the threats
>>> against LRF and LUF. Why?
>>>
>>> Section 4.5 recommends to use TCP instead of UDP. That advice is great,
>>> but the reasons Section 4.5 discusses are not that strong. The fact that
>>> the linux kernel has improved is irrelevant if an operator uses
>>> non-linux boxes. Also, an operator using UDP over IPsec, for instance,
>>> will not face the problems described there. The main recommendation in
>>> Section 4.5 seems to actually be to use an integrity protection
>>> mechanism. Clarifying that section would be useful.
>>>
>>> [refs.sbcfuncs] has been published as RFC 5853
>>>
>>> A few references only include the title and the author fields. Adding
>>> the venue where they were published would be useful.
>>>
>>
>> _______________________________________________
>> Speermint mailing list
>> Speermint@ietf.org
>> https://www.ietf.org/mailman/listinfo/speermint
>