Re: [VIPR] vipr-overview-06
Michael Procter <michael@voip.co.uk> Tue, 31 December 2013 20:59 UTC
Return-Path: <michael@voip.co.uk>
X-Original-To: vipr@ietfa.amsl.com
Delivered-To: vipr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E61DA1AE348 for <vipr@ietfa.amsl.com>; Tue, 31 Dec 2013 12:59:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.68
X-Spam-Level:
X-Spam-Status: No, score=-1.68 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WMeZlrC_sXmn for <vipr@ietfa.amsl.com>; Tue, 31 Dec 2013 12:59:02 -0800 (PST)
Received: from na3sys009aog102.obsmtp.com (na3sys009aog102.obsmtp.com [74.125.149.69]) by ietfa.amsl.com (Postfix) with SMTP id 4B2E31AE2A4 for <vipr@ietf.org>; Tue, 31 Dec 2013 12:59:02 -0800 (PST)
Received: from mail-wg0-f49.google.com ([74.125.82.49]) (using TLSv1) by na3sys009aob102.postini.com ([74.125.148.12]) with SMTP ID DSNKUsMwEHpYSriO/1gPAWnjgTLuCQEFKcWf@postini.com; Tue, 31 Dec 2013 12:58:56 PST
Received: by mail-wg0-f49.google.com with SMTP id x12so11157351wgg.28 for <vipr@ietf.org>; Tue, 31 Dec 2013 12:58:54 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=i93Z4rjn0ZaWtL4YqxCgQ8AWFH3FQM9PnOmfWX73odA=; b=Nl6AVqymajQhxsy0F4x32g+TG9ATZcXcTYb4asfWHlExVtwZ1gVGOtvO680SMUy2+z j91Bb+NM9n0T6wOfU8vH3t3Y9uR0FRSqS6+0bctEG/QigGMOg9IAQsgYvkqQwPUuWrdT Sislf8/qPImg1jdpaMnK9ZLNBdBxoPU0t+8ykFb1z3bob6OyZcdTgTrUsxbxZ0s0qTs9 q+P29UXfjbnH0mQEuHPkbatREuQBO8cUXKkj/xsyZZxMUdyKC2CrdfnK/j2yK9aOILmD uc92s/5tiePGpkQa6y8cLdtZQYs4R5vjPy3XwsdKu6PmkxKZo3SoRfY0AEJ60yPCPBij QPtA==
X-Gm-Message-State: ALoCoQkbA0WHhPa/CHQWh+wGCA70Um3qVTtm9XlmAvjjK8+4wywzfpA01yKu9nQRPxdM87fTHmniqaiHgWUATt+vWjBcGYjQA0pwPvzQQIc+XGgex+1yEqU36pvW76Vi0W8J+yW1M8kizkz4SDNgfUpuicsxn0jMiw==
X-Received: by 10.194.57.130 with SMTP id i2mr946854wjq.69.1388523534979; Tue, 31 Dec 2013 12:58:54 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.194.57.130 with SMTP id i2mr946850wjq.69.1388523534911; Tue, 31 Dec 2013 12:58:54 -0800 (PST)
Received: by 10.194.42.195 with HTTP; Tue, 31 Dec 2013 12:58:54 -0800 (PST)
In-Reply-To: <CECF854E.CBE6F%jon.peterson@neustar.biz>
References: <CECF854E.CBE6F%jon.peterson@neustar.biz>
Date: Tue, 31 Dec 2013 20:58:54 +0000
Message-ID: <CAPms+wR36PpxFCCwcy70Y8Xts8r1QPjTFZPP6+RiLiumX9Lc9Q@mail.gmail.com>
From: Michael Procter <michael@voip.co.uk>
To: "Peterson, Jon" <jon.peterson@neustar.biz>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: "vipr@ietf.org" <vipr@ietf.org>
Subject: Re: [VIPR] vipr-overview-06
X-BeenThere: vipr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Verification Involving PSTN Reachability working group <vipr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vipr>, <mailto:vipr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/vipr/>
List-Post: <mailto:vipr@ietf.org>
List-Help: <mailto:vipr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vipr>, <mailto:vipr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Dec 2013 20:59:04 -0000
Hi Jon, Sorry for leaving comments until the last moment. I've mainly read section 7.5, as that seems to be the main area of change. The main attack that doesn't seem to be mentioned is the one that allows the approximate call start/end times to be used in conjunction with multiple registrations in the RELOAD DHT to find accurate call start/end times. A malicious server can then use these to authenticate itself as the caller to the called party, and perform a MITM attack on all signalling and media for future calls. This is described in section 2.2 of draft-procter-vipr-privacy-concerns-00, in the context of pranks, but it is certainly more widely applicable with an increased number of registrations. The reason I feel this attack should be included is that using call start/end times is likely to play a part in any similar effort in the future, and this is one of the attacks we should learn from. A number of the other attacks listed are likely to be avoided simply by increased awareness of the risks of 'pervasive passive monitoring', but this one is more active and should be noted for future attempts. Best regards, Michael
- [VIPR] vipr-overview-06 Peterson, Jon
- Re: [VIPR] vipr-overview-06 Michael Procter