[VIPR] Review of draft-jennings-vipr-overview-01
Michael Procter <michael@voip.co.uk> Fri, 13 May 2011 08:37 UTC
Return-Path: <michael@voip.co.uk>
X-Original-To: vipr@ietfa.amsl.com
Delivered-To: vipr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 273B6E06FA for <vipr@ietfa.amsl.com>; Fri, 13 May 2011 01:37:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.977
X-Spam-Level:
X-Spam-Status: No, score=-5.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IHFBmQWgxi9x for <vipr@ietfa.amsl.com>; Fri, 13 May 2011 01:37:44 -0700 (PDT)
Received: from na3sys009aog110.obsmtp.com (na3sys009aog110.obsmtp.com [74.125.149.203]) by ietfa.amsl.com (Postfix) with SMTP id 68950E06C2 for <vipr@ietf.org>; Fri, 13 May 2011 01:37:40 -0700 (PDT)
Received: from mail-iw0-f181.google.com ([209.85.214.181]) (using TLSv1) by na3sys009aob110.postini.com ([74.125.148.12]) with SMTP ID DSNKTczt040Copvm/r0nBOrBZbBwUfVUSx8v@postini.com; Fri, 13 May 2011 01:37:44 PDT
Received: by mail-iw0-f181.google.com with SMTP id 38so2574394iwn.12 for <vipr@ietf.org>; Fri, 13 May 2011 01:37:39 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.42.4.202 with SMTP id 10mr1384749ict.449.1305275859501; Fri, 13 May 2011 01:37:39 -0700 (PDT)
Received: by 10.42.151.68 with HTTP; Fri, 13 May 2011 01:37:39 -0700 (PDT)
Date: Fri, 13 May 2011 09:37:39 +0100
Message-ID: <BANLkTi=XTs5Vz_ojE1PvAL7ozKivw09cnQ@mail.gmail.com>
From: Michael Procter <michael@voip.co.uk>
To: vipr@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Subject: [VIPR] Review of draft-jennings-vipr-overview-01
X-BeenThere: vipr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Verification Involving PSTN Reachability working group <vipr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vipr>, <mailto:vipr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/vipr>
List-Post: <mailto:vipr@ietf.org>
List-Help: <mailto:vipr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vipr>, <mailto:vipr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 May 2011 08:37:45 -0000
General Three occurrences of the header field 'X-Cisco-ViPR-Ticket'. Hopefully this will be renamed at some stage? Section 2.1 para 2: "email-style SIP URI" replace with "email-style SIP URIs" Section 8.2 The TLS-SRP uses the caller ID and called number as a "username" This seems to open up an interesting information leak, since the username is sent in the clear. Let's assume EvilCorp registers its node-id against the hash of the sales number of its competitor, VictimCorp. Then, whenever a ViPR-enabled caller tries to call VictimCorp to buy something, a few hours later their ViPR server will attempt to establish a connection to EvilCorp. Even assuming that EvilCorp can't complete the handshake because it has no idea of the call details, EvilCorp still ends up with a list of CLIs for people who called their competitor's sales line. I'm not a salesperson, but I believe that supplying a list of 'hot leads' like this would make EvilCorp's sales team quite happy. Section 9.2: 3rd attack "the TTL for cached routes is set to match the duration that carriers typically hold numbers." I understand the reason for this, but I think it might lead to a poor user experience. If someone becomes accustomed to having a videocall / wideband audio with a regular recipient, and then finds that one day it falls back to PSTN, I doubt that "ViPR cached route TTL expiry" will be the first thing that springs to mind. If you have a moderate number of ViPR-connected regular destinations, and a cache time of 3-6 months, then you will find that this happens quite often, which will lead to a perception of unreliability for the technology. Once a fallback call is made, it will take up to 12 hours (from my reading of the PVP draft) to refresh the SIP route, which essentially means it won't be 'fixed' on the same day. It might help if there were a faster way to revalidate routes that have expired recently, or a way to qualify a route for continued use whilst still protecting against this attack. Section 9.2: 5th attack I think you may be understating the risk here. An environment that uses phones supporting the dialog event package, for example, will allow mischievous colleagues to mount this attack. Even someone sitting in the next cubical to the caller, wielding a stop watch, probably stands a good chance of mounting this attack. Rather than recommending that ViPR is not deployed in enterprises with moderately clueful staff, is there something that can be done to tighten up the defences to this attack? Best regards, Michael
- [VIPR] Review of draft-jennings-vipr-overview-01 Michael Procter
- Re: [VIPR] Review of draft-jennings-vipr-overview… Cullen Jennings
- Re: [VIPR] Review of draft-jennings-vipr-overview… Michael Procter
- Re: [VIPR] Review of draft-jennings-vipr-overview… Marc Petit-Huguenin