IETF Logo Mail Archive

Re: [stir] WG Last Call Extended : Responses Needed (was Re: WG Last Call on draft-ietf-stir-threats-00.txt)

"PFAUTZ, PENN L" <pp3129@att.com> Wed, 05 February 2014 20:53 UTC

Return-Path: <pp3129@att.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C483E1A020C for <stir@ietfa.amsl.com>; Wed, 5 Feb 2014 12:53:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.735
X-Spam-Level:
X-Spam-Status: No, score=-4.735 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.535] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5V6BBxBY9bX6 for <stir@ietfa.amsl.com>; Wed, 5 Feb 2014 12:53:13 -0800 (PST)
Received: from nbfkord-smmo05.seg.att.com (nbfkord-smmo05.seg.att.com [209.65.160.92]) by ietfa.amsl.com (Postfix) with ESMTP id 03D6E1A01FC for <stir@ietf.org>; Wed, 5 Feb 2014 12:53:12 -0800 (PST)
Received: from unknown [144.160.229.24] (EHLO alpi155.enaf.aldc.att.com) by nbfkord-smmo05.seg.att.com(mxl_mta-7.2.1-0) over TLS secured channel with ESMTP id 8b4a2f25.0.4669832.00-2385.13081924.nbfkord-smmo05.seg.att.com (envelope-from <pp3129@att.com>); Wed, 05 Feb 2014 20:53:12 +0000 (UTC)
X-MXL-Hash: 52f2a4b86ea7de0e-41c7cb7c21e4771464990486713c15a4e5ed9fa9
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id s15KrBaO032150; Wed, 5 Feb 2014 15:53:11 -0500
Received: from mlpi408.sfdc.sbc.com (mlpi408.sfdc.sbc.com [130.9.128.240]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id s15Kr0Nh032009 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 5 Feb 2014 15:53:03 -0500
Received: from MISOUT7MSGHUB9D.ITServices.sbc.com (MISOUT7MSGHUB9D.itservices.sbc.com [144.151.223.93]) by mlpi408.sfdc.sbc.com (RSA Interceptor); Wed, 5 Feb 2014 20:52:50 GMT
Received: from MISOUT7MSGUSR9N.ITServices.sbc.com ([144.151.223.65]) by MISOUT7MSGHUB9D.ITServices.sbc.com ([144.151.223.93]) with mapi id 14.03.0174.001; Wed, 5 Feb 2014 15:52:50 -0500
From: "PFAUTZ, PENN L" <pp3129@att.com>
To: "'Peterson, Jon'" <jon.peterson@neustar.biz>, "stir@ietf.org" <stir@ietf.org>
Thread-Topic: [stir] WG Last Call Extended : Responses Needed (was Re: WG Last Call on draft-ietf-stir-threats-00.txt)
Thread-Index: AQHPFswzPmQve3334EyWlPqXrUWSk5qUJQzAgADw04CAAhYFgIANmJSAgAJ1pdA=
Date: Wed, 05 Feb 2014 20:52:50 +0000
Message-ID: <38726EDA2109264987B45E29E758C4D604CB4312@MISOUT7MSGUSR9N.ITServices.sbc.com>
References: <B7B14070-59AC-4A2A-9EC5-7953943FDD0A@vigilsec.com> <52DEAAD5.2080103@nostrum.com> <38726EDA2109264987B45E29E758C4D604CB02AB@MISOUT7MSGUSR9N.ITServices.sbc.com> <CF0863CD.D2BD7%jon.peterson@neustar.biz> <38726EDA2109264987B45E29E758C4D604CB099A@MISOUT7MSGUSR9N.ITServices.sbc.com> <CF158662.D356B%jon.peterson@neustar.biz>
In-Reply-To: <CF158662.D356B%jon.peterson@neustar.biz>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.70.248.91]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-RSA-Inspected: yes
X-RSA-Classifications: public
X-AnalysisOut: [v=2.0 cv=bICh1oCZ c=1 sm=1 a=dhB6nF3YHL5t/Ixux6cINA==:17 a]
X-AnalysisOut: [=R0RLumPgxsoA:10 a=ofMgfj31e3cA:10 a=2g9egAMBN28A:10 a=BLc]
X-AnalysisOut: [eEmwcHowA:10 a=8nJEP1OIZ-IA:10 a=zQP7CpKOAAAA:8 a=XIqpo32R]
X-AnalysisOut: [AAAA:8 a=RSg0Iy5uW7oA:10 a=hGBaWAWWAAAA:8 a=48vgC7mUAAAA:8]
X-AnalysisOut: [ a=37zqefUS13l4JflgjI0A:9 a=wPNLvfGTeEIA:10 a=iE9YWIBck50A]
X-AnalysisOut: [:10 a=lZB815dzVvQA:10 a=Hz7IrDYlS0cA:10 a=GvApC1xHwIy2VLI7]
X-AnalysisOut: [:21 a=geU-tQU8cC_jEXqG:21]
X-Spam: [F=0.2000000000; CM=0.500; S=0.200(2010122901)]
X-MAIL-FROM: <pp3129@att.com>
X-SOURCE-IP: [144.160.229.24]
Cc: 'Robert Sparks' <rjsparks@nostrum.com>
Subject: Re: [stir] WG Last Call Extended : Responses Needed (was Re: WG Last Call on draft-ietf-stir-threats-00.txt)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Feb 2014 20:53:16 -0000

Jon:
This will do.

Penn Pfautz
AT&T Access Management
+1-732-420-4962

-----Original Message-----
From: Peterson, Jon [mailto:jon.peterson@neustar.biz]
Sent: Monday, February 03, 2014 9:17 PM
To: PFAUTZ, PENN L; stir@ietf.org
Subject: Re: [stir] WG Last Call Extended : Responses Needed (was Re: WG Last Call on draft-ietf-stir-threats-00.txt)


I've added these to a brief subsection before the attacks (there are now
three attacks that follow, including TDoS) which provides an introduction,
dividing attackers' techniques into your two categories, and then says
that "concrete attacks" based on those techniques are given in the
following sections. Good enough?

Jon Peterson
Neustar, Inc.

On 1/26/14, 7:41 AM, "PFAUTZ, PENN L" <pp3129@att.com> wrote:

>Thanks, Jon
>I'll defer to you on terminology. I do think that the attack sections 3.1
>and 3.2 should be made more generic along the lines I suggest:
>-impersonation to hide caller identity (e.g., in support of robocalling)
>-impersonation of the specific identity associated with the calling
>number (voicemail hacking, phishing)
>
>Penn Pfautz
>AT&T Access Management
>+1-732-420-4962
>-----Original Message-----
>From: Peterson, Jon [mailto:jon.peterson@neustar.biz]
>Sent: Friday, January 24, 2014 9:48 PM
>To: PFAUTZ, PENN L; stir@ietf.org
>Subject: Re: [stir] WG Last Call Extended : Responses Needed (was Re: WG
>Last Call on draft-ietf-stir-threats-00.txt)
>
>
>>I'd like to suggest a somewhat different taxonomy for the document:
>
>Thanks for these notes, Penn.
>
>>I think there is one basic threat:  delivery of a calling number that the
>>caller is not authorized to use.
>>This threat enables two kinds of attacks building on that threat:
>>-impersonation to hide caller identity (e.g., in support of robocalling)
>>-impersonation of the specific identity associated with the calling
>>number (voicemail hacking, phishing)
>
>I went through a spin on this document already with Steve Kent about what
>should be considered an ³attack² versus a ³threat² versus what have you. I
>take it in the security community these are terms with a particular
>meaning, and I tried to bring the text here into conformance with his
>guidance. I don¹t think we¹d say the ³threat² is the delivery of the
>calling number in that fashion; that¹s a technique used by attackers to
>accomplish their attacks.
>
>>I think the " Endpoints" section might be better called "Targets"
>
>In the architecture that the Actors section describes, endpoints originate
>calls and receive them, and so necessarily originators of calls aren¹t in
>that sense ³targets.² There goal of the Actors section is to explain who
>the all parties are that originate, forward, and receive calls, just so
>the Attacks and Attack Scenarios can refer to these.
>
>>Section 4.1 on solution specific attacks either needs to be expanded with
>>sufficient detail to be meaningful or else deleted before the document
>>can become and RFC.
>
>Here, agreed. I don¹t want to lose those bullet points though; maybe the
>right thing to do is to just say that these points are out of scope, but
>that future work should remember to consider issues like these.
>
>Jon Peterson
>Neustar, Inc.
>
>>Penn Pfautz
>>AT&T Access Management
>>+1-732-420-4962
>>
>>-----Original Message-----
>>From: stir [mailto:stir-bounces@ietf.org] On Behalf Of Robert Sparks
>>Sent: Tuesday, January 21, 2014 12:14 PM
>>To: stir@ietf.org
>>Subject: [stir] WG Last Call Extended : Responses Needed (was Re: WG Last
>>Call on draft-ietf-stir-threats-00.txt)
>>
>>There have been no on-list responses to this last call.
>>We're extending it through this Friday, Jan 24.
>>
>>Please let us know that you've reviewed this document and believe it is
>>ready for publication, or if you have any issues that still need to be
>>resolved.
>>Capturing your review on list is important, even if it's just a "ready"
>>note.
>>
>>RjS
>>
>>
>>On 1/2/14, 11:46 AM, Russ Housley wrote:
>>> The authors have posted an updated Internet-Draft on the STIR threat
>>>model.  It can be found here:
>>>http://www.ietf.org/id/draft-ietf-stir-threats-00.txt.
>>>
>>> Is this document ready for the STIR WG to pass to the IESG, requesting
>>>publication as an Informational RFC?  Please provide your input on this
>>>mail list by end-of-business on 16 January 2014.  If you have issues or
>>>concerns, please tell us what changes to the document are necessary to
>>>resolve them.
>>>
>>> Russ
>>>
>>> _______________________________________________
>>> stir mailing list
>>> stir@ietf.org
>>> https://www.ietf.org/mailman/listinfo/stir
>>
>>_______________________________________________
>>stir mailing list
>>stir@ietf.org
>>https://www.ietf.org/mailman/listinfo/stir
>>_______________________________________________
>>stir mailing list
>>stir@ietf.org
>>https://www.ietf.org/mailman/listinfo/stir
>

v2.23.0 | Report a Bug | By Email