Re: [VIPR] Review of draft-jennings-vipr-overview-01
Cullen Jennings <fluffy@cisco.com> Mon, 11 July 2011 18:54 UTC
Return-Path: <fluffy@cisco.com>
X-Original-To: vipr@ietfa.amsl.com
Delivered-To: vipr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08B2521F8E64 for <vipr@ietfa.amsl.com>; Mon, 11 Jul 2011 11:54:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[AWL=-4.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u5diZEuwnDgm for <vipr@ietfa.amsl.com>; Mon, 11 Jul 2011 11:54:08 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) by ietfa.amsl.com (Postfix) with ESMTP id 12AAA21F8DB5 for <vipr@ietf.org>; Mon, 11 Jul 2011 11:54:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=fluffy@cisco.com; l=3535; q=dns/txt; s=iport; t=1310410448; x=1311620048; h=subject:mime-version:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=nSadaOuSr8SRlSxn00RrOaAnuuV10OW9/HIQ/sCfR70=; b=Sj84+CZE86o+fTDkkb/BUvpCGg8xRy+JbUoLYJHjr3trp1tuV3aY5ppg yO9gs4BX6sNWyRHNT7xEciSOmvqkX0CwEmwyLBCLmLgeU5+pl9I6t5i0q /cXL8MZmGSeS1j3jec2fsLB9RdmOvlhqnYYupnUCI6BJJ4Ga/m9UDBESZ A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av0EAA1GG06tJV2a/2dsb2JhbABTpxx3iHqhXp4OhVtfBIdOiwaEfotp
X-IronPort-AV: E=Sophos;i="4.65,516,1304294400"; d="scan'208";a="1827685"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-8.cisco.com with ESMTP; 11 Jul 2011 18:54:07 +0000
Received: from [10.21.75.103] ([10.21.75.103]) by rcdn-core-3.cisco.com (8.14.3/8.14.3) with ESMTP id p6BIs7sT028733; Mon, 11 Jul 2011 18:54:07 GMT
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Cullen Jennings <fluffy@cisco.com>
In-Reply-To: <BANLkTi=XTs5Vz_ojE1PvAL7ozKivw09cnQ@mail.gmail.com>
Date: Mon, 11 Jul 2011 11:54:06 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <2D5E1705-DC64-42CE-AB73-5B99F44AECB0@cisco.com>
References: <BANLkTi=XTs5Vz_ojE1PvAL7ozKivw09cnQ@mail.gmail.com>
To: Michael Procter <michael@voip.co.uk>
X-Mailer: Apple Mail (2.1084)
Cc: vipr@ietf.org
Subject: Re: [VIPR] Review of draft-jennings-vipr-overview-01
X-BeenThere: vipr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Verification Involving PSTN Reachability working group <vipr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vipr>, <mailto:vipr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/vipr>
List-Post: <mailto:vipr@ietf.org>
List-Help: <mailto:vipr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vipr>, <mailto:vipr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jul 2011 18:54:09 -0000
Thee are excellent points. The first few were easy and fixed in next version but on to some of the harder issues you raised ... On May 13, 2011, at 1:37 , Michael Procter wrote: > > Section 8.2 > The TLS-SRP uses the caller ID and called number as a "username" > > This seems to open up an interesting information leak, since the > username is sent in the clear. Let's assume EvilCorp registers its > node-id against the hash of the sales number of its competitor, > VictimCorp. Then, whenever a ViPR-enabled caller tries to call > VictimCorp to buy something, a few hours later their ViPR server will > attempt to establish a connection to EvilCorp. Even assuming that > EvilCorp can't complete the handshake because it has no idea of the call > details, EvilCorp still ends up with a list of CLIs for people who > called their competitor's sales line. I'm not a salesperson, but I > believe that supplying a list of 'hot leads' like this would make > EvilCorp's sales team quite happy. I think we need to protect against the attack you describe. It's been awhile since have looked at SRP. Perhaps hashing the username would solve this? > > > Section 9.2: 3rd attack > "the TTL for cached routes is set to match the > duration that carriers typically hold numbers." > > I understand the reason for this, but I think it might lead to a poor > user experience. If someone becomes accustomed to having a videocall > / wideband audio with a regular recipient, and then finds that one day > it falls back to PSTN, I doubt that "ViPR cached route TTL expiry" will > be the first thing that springs to mind. If you have a moderate number > of ViPR-connected regular destinations, and a cache time of 3-6 months, > then you will find that this happens quite often, which will lead to a > perception of unreliability for the technology. Once a fallback call > is made, it will take up to 12 hours (from my reading of the PVP draft) > to refresh the SIP route, which essentially means it won't be 'fixed' > on the same day. It might help if there were a faster way to revalidate > routes that have expired recently, or a way to qualify a route for > continued use whilst still protecting against this attack. total agree. I'd like to see a better way of doing validation for video calls. > > > Section 9.2: 5th attack > > I think you may be understating the risk here. An environment that uses > phones supporting the dialog event package, for example, will allow > mischievous colleagues to mount this attack. Even someone sitting in the > next cubical to the caller, wielding a stop watch, probably stands a good > chance of mounting this attack. Rather than recommending that ViPR is not > deployed in enterprises with moderately clueful staff, is there > something that can be done to tighten up the defences to this attack? > again I agree. Of course the guy in the next cube could probably just walk over and forward the phone too. One things that can be done is not share the validation you learn for one phone in an enterprise with other phones in the enterprise. > Best regards, > > Michael > _______________________________________________ > VIPR mailing list > VIPR@ietf.org > https://www.ietf.org/mailman/listinfo/vipr Cullen Jennings For corporate legal information go to: http://www.cisco.com/web/about/doing_business/legal/cri/index.html
- [VIPR] Review of draft-jennings-vipr-overview-01 Michael Procter
- Re: [VIPR] Review of draft-jennings-vipr-overview… Cullen Jennings
- Re: [VIPR] Review of draft-jennings-vipr-overview… Michael Procter
- Re: [VIPR] Review of draft-jennings-vipr-overview… Marc Petit-Huguenin