Last Call Review of draft-holmberg-dispatch-iotl-03
review-holmberg-dispatch-iotl-03-secdir-lc-hoffman-2015-01-15-00

Request Review of draft-holmberg-dispatch-iotl
Requested rev. no specific revision (document currently at 06)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2015-01-08
Requested 2014-12-18
Authors Christer Holmberg, Jan Holm, Roland Jesske, Martin Dolly
Draft last updated 2015-01-15
Completed reviews Genart Last Call review of -03 by Robert Sparks (diff)
Secdir Last Call review of -03 by Paul Hoffman (diff)
Opsdir Last Call review of -02 by Nevil Brownlee (diff)
Assignment Reviewer Paul Hoffman
State Completed
Review review-holmberg-dispatch-iotl-03-secdir-lc-hoffman-2015-01-15
Reviewed rev. 03 (document currently at 06)
Review result Ready
Review completed: 2015-01-15

Review
review-holmberg-dispatch-iotl-03-secdir-lc-hoffman-2015-01-15

Greetings again. draft-holmberg-dispatch-iotl describes a new SIP URI parameter that indicates "indicate that the entity associated with the address, or an entity responsible for the host part of the address, represents the end of a specific traffic leg (or multiple traffic legs)". The security considerations are short:

   The information SHOULD only be used for making policy decisions based
   on the role by nodes within the same trust domain [RFC3325].  In
   addition, there MUST exist an agreement between the operators for
   usage of the roaming role information.

URIs passed are protected as well as anything in SIP: completely if you're actually using TLS, not at all if you're not. A MITM fiddling with this parameter on SIP-without-TLS can cause problems, but those problems are approximately the same as for all other parts of the unprotected URI.

I'm not a fan of having every SIP document say "if you aren't using TLS like we said you should, you're in danger", so I think it is fine that this one doesn't say that. There are no other significant security considerations beyond the one above.

--Paul Hoffman