Last Call Review of draft-ietf-simple-chat-
review-ietf-simple-chat-secdir-lc-roca-2012-04-11-00

Request Review of draft-ietf-simple-chat
Requested rev. no specific revision (document currently at 18)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2012-02-06
Requested 2012-01-27
Draft last updated 2012-04-11
Completed reviews Genart Last Call review of -?? by Christer Holmberg
Genart Last Call review of -?? by Suresh Krishnan
Genart Telechat review of -?? by Suresh Krishnan
Secdir Last Call review of -?? by Vincent Roca
Secdir Telechat review of -?? by Vincent Roca
Tsvdir Last Call review of -?? by Cullen Jennings
Assignment Reviewer Vincent Roca
State Completed
Review review-ietf-simple-chat-secdir-lc-roca-2012-04-11
Review completed: 2012-04-11

Review
review-ietf-simple-chat-secdir-lc-roca-2012-04-11

Hello,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

General:
   
The authors, in section 11, discuss several simple security issues.
However I have the feeling that there aren't enough details on how to
avoid/mitigate them. Additionally, I'm not sure the section provides a
comprehensive analysis of security aspects. What about intelligent,
more elaborate attacks? 


Details for section 11 "Security considerations"
---------------------------------------------------------------

** The second paragraph explains several situations where a message can
be sent to several recipients without the sender knowing. It's a good
point to identify this problem, but I'd like to know how it can be
avoided (if possible). 
   
** It is said:
   "It's up to the policy of the MSRP
   switch if the messages are forwarded to the other participant's in
   the chat room using TLS [RFC5246] transport."
   
I'm surprised to see that a participant has no way to enforce a secure
end-to-end connection. At a minimum, can the participant know the
situation in order to take a decision? 
   
** It is said:
   "To avoid takeovers the MSRP switch MUST make sure that a nickname is
   unique inside a chat room."
   
Do you mean the protocol does not guaranty by design that a nickname is
unique at some point of time in a chat room? If this is the case it's
clearly a flaw that should be addressed within the protocol description,
not in the security considerations section.

Another remark: it's not sufficient to guaranty the uniqueness of the
nickname. Phishing attacks show us that two close URLs can mislead a
user, even if the URLs differ by at least one character. It would be 
wiser to recommend that nicknames be significantly different (the MSRP
can probably check the distance between a proposed nickname and those
already registered in the chat session).

** last sentence:
The following sentence is a bit strange and unclear:
   "If a nickname can be reserved if it previously has been used by another
   participant in the chat room, is up to the policy of the chat room."
I suggest:
   
NEW:
  It is up to the policy of the chat room to determine if a nickname that
  has been previously used by another participant of the chat room can
  be reserved or not.

** General:
Several threats are missing in this document. In particular, 
what about attacks where some traffic is intercepted and modified
on-the-fly by the attacker? What about faked messages sent by an
attacker to the MSRP? Can a participant use some integrity service? 
This is not discussed.
              
I'd like to see guidelines on how a participant or MSRP administrator
can define a secure mode of operation. If not possible, I'd like to
see a detailed discussion of existing risks.


Cheers,

    Vincent