[secdir] secdir review of draft-ietf-straw-b2bua-stun-05
Sam Hartman <hartmans-ietf@mit.edu> Mon, 11 May 2015 20:42 UTC
Return-Path: <hartmans@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 258BE1A9031; Mon, 11 May 2015 13:42:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.165
X-Spam-Level:
X-Spam-Status: No, score=0.165 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n4yz69rgfZJW; Mon, 11 May 2015 13:42:32 -0700 (PDT)
Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC8121A7035; Mon, 11 May 2015 13:42:32 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id CF85C206F9; Mon, 11 May 2015 16:41:03 -0400 (EDT)
Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4iXT1Tf_8uhk; Mon, 11 May 2015 16:41:03 -0400 (EDT)
Received: from carter-zimmerman.suchdamage.org (unknown [62.232.113.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS; Mon, 11 May 2015 16:41:03 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id AA0C887E77; Mon, 11 May 2015 16:42:21 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: secdir@ietf.org, ietf@ietf.org
Date: Mon, 11 May 2015 16:42:21 -0400
Message-ID: <tslfv72ongy.fsf@mit.edu>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/QVQNqHH898RnpBe8z6hiU1TuJh4>
Subject: [secdir] secdir review of draft-ietf-straw-b2bua-stun-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 May 2015 20:42:34 -0000
I've been selected as the secdir reviewer for this draft. These comments are intended for the security ADs (and other ADs); authors please treat them as any other last call comments. I have one major issue. This draft is sufficiently unclear in its introductory material that I found it very challenging to review. What it's trying to do is to specify behavior for handling of ICE by B2BUAs. However, the introduction never says that; the introduction talks a lot about the background for B2BUAS, ICE, STUN and related parts of the SIP infrastructure. Coming back to reading SIP documents after a number of years, the bibliography provided in the introduction was useful, but the introduction needs to describe what this document does. The abstract sort of tries to describe what the document does. However, our process requires that the document and abstract stand independent of each other. The reader cannot be expected to read the abstract before reading the document. Also, the abstract claims that this document specifies the handling of STUN messages inside ICE. Section 3 and 4 actually provide requirements for handilg of SDP attributes, ICE processing and other things far beyond handling of STUN messages. My recommendation for addressing this issue is: 1) Update the abstract to make it clear that this is overall requirements for B2BUAs interacting with ICE, not just requirements for handling STUN messages. 2) Make sure everything the abstract says is near the front of the introduction. After introducing what STUN, ICE, and B2BUAs are, it's important to explain the role of this document. Once I understood what this document was trying to do I was able to think about the security implications. There really don't seem to be any new security implications with this document. The security considerations section is fairly lite, but the introduction does point to the existing discussions of security of ICE and B2BUAs and various latching techniques. I don't think this protocol introduces or even really changes the security landscape. It gives guidance which if followed will mean that good actors don't break the security mechansisms. That is valuable because if the frequency of good actors breaking security mechanisms is low enough, we can actually rely on the security mechanisms. So, I think the security considerations section is fine as-is, although the security ADs may wish to ask for a couple of references to be copied from the introduction.