Re: [VIPR] Review of VIPR Overview

Cullen Jennings <fluffy@iii.ca> Sat, 28 January 2012 17:23 UTC

Return-Path: <fluffy@fluffy.im>
X-Original-To: vipr@ietfa.amsl.com
Delivered-To: vipr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FE3321F8508 for <vipr@ietfa.amsl.com>; Sat, 28 Jan 2012 09:23:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.513
X-Spam-Level:
X-Spam-Status: No, score=-3.513 tagged_above=-999 required=5 tests=[AWL=0.086, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0yO5qvIBfBto for <vipr@ietfa.amsl.com>; Sat, 28 Jan 2012 09:23:21 -0800 (PST)
Received: from mail-pz0-f44.google.com (mail-pz0-f44.google.com [209.85.210.44]) by ietfa.amsl.com (Postfix) with ESMTP id 5EBFA21F845C for <vipr@ietf.org>; Sat, 28 Jan 2012 09:23:10 -0800 (PST)
Received: by dado14 with SMTP id o14so2725652dad.31 for <vipr@ietf.org>; Sat, 28 Jan 2012 09:23:10 -0800 (PST)
Received: by 10.68.209.39 with SMTP id mj7mr24692517pbc.25.1327771390535; Sat, 28 Jan 2012 09:23:10 -0800 (PST)
Received: from [192.168.4.100] (128-107-239-233.cisco.com. [128.107.239.233]) by mx.google.com with ESMTPS id li19sm30461053pbb.17.2012.01.28.09.23.08 (version=SSLv3 cipher=OTHER); Sat, 28 Jan 2012 09:23:09 -0800 (PST)
Sender: Cullen Jennings <fluffy@fluffy.im>
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Cullen Jennings <fluffy@iii.ca>
In-Reply-To: <CAHBDyN6z8-q_QxAD_utxEBO6yA6UsW3OwPBtOqws-x19bsP6qQ@mail.gmail.com>
Date: Sat, 28 Jan 2012 10:23:07 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <2C186333-87E9-42B6-8A49-AF74EB2C9222@iii.ca>
References: <E4C1D954-8859-46D1-88C9-B603CF97183F@standardstrack.com> <F7EBFA1D-CDDA-4105-B81B-0435828BF2B6@iii.ca> <CAHBDyN6z8-q_QxAD_utxEBO6yA6UsW3OwPBtOqws-x19bsP6qQ@mail.gmail.com>
To: Mary Barnes <mary.ietf.barnes@gmail.com>
X-Mailer: Apple Mail (2.1084)
Cc: vipr@ietf.org
Subject: Re: [VIPR] Review of VIPR Overview
X-BeenThere: vipr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Verification Involving PSTN Reachability working group <vipr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vipr>, <mailto:vipr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/vipr>
List-Post: <mailto:vipr@ietf.org>
List-Help: <mailto:vipr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vipr>, <mailto:vipr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Jan 2012 17:23:22 -0000

On Jan 27, 2012, at 2:16 PM, Mary Barnes wrote:

>>> 
>>> Page 24, Acknowledgements: let me in on the joke: I could imagine Theo being a thief of numbers.  Maybe in the fifth Ring [sic].  If he really is, I would suggest saying "5th thief [sic]". Otherwise, I would suggest saying "5th theft", if that is what the document means.
> [MB] The problem is that the security section only addresses 4
> threats, so I have no idea what that comment means either. [/MB]

The attack that Theo pointed out was the one described in last para of 6.2 which reads 

   An attacker could make a call so they know the call details of the
   call they made and use this to forge a validation for that call.
   They could then try to convince other users, which would have to be
   in the same domain as the attacker, to trust this validation.  This
   is mitigated by not sharing validations inside of domains where the
   users that can originate call from that domain are not trusted by the
   domain.

It's a good attack and Theo should get credit for pointing this out.