Telechat Review of draft-ietf-simple-chat-
review-ietf-simple-chat-secdir-telechat-roca-2012-09-13-00

Request Review of draft-ietf-simple-chat
Requested rev. no specific revision (document currently at 18)
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2012-09-11
Requested 2012-08-30
Draft last updated 2012-09-13
Completed reviews Genart Last Call review of -?? by Christer Holmberg
Genart Last Call review of -?? by Suresh Krishnan
Genart Telechat review of -?? by Suresh Krishnan
Secdir Last Call review of -?? by Vincent Roca
Secdir Telechat review of -?? by Vincent Roca
Tsvdir Last Call review of -?? by Cullen Jennings
Assignment Reviewer Vincent Roca
State Completed
Review review-ietf-simple-chat-secdir-telechat-roca-2012-09-13
Review result Ready with Nits
Review completed: 2012-09-13

Review
review-ietf-simple-chat-secdir-telechat-roca-2012-09-13

Hello,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.


Since we already exchanged emails during the secdir review of version
-14 of this document, I'll be brief.


** It is said:

  "If a participant wants to avoid eavesdropping, the participant's MSRP
   client can send the messages over a TLS [RFC5246] transport
   connection, as allowed by MSRP.  It's up to the policy of the MSRP
   switch if the messages are forwarded to the other participant's in
   the chat room using TLS [RFC5246] transport."

A participant cannot prevent eavesdropping if he does not control
the end-to-end use of TLS. Additionally, as discussed previously,
there are other benefits in the use of TLS, like preventing faked packet
injection, or on-the-fly corruption of messages. So I suggest to clarify a
bit:

NEW:

  "If a participant wants to avoid security concerns on the path between
   himself and the MSRP switch (e.g., eavesdropping, faked packet injection
   or packet corruption), ..."


** About attacks with close but different nicknames:
I see that a new paragraph has been added to section 7.1 to discuss
this issue. That's excellent. However the security section does not
provide any pointer to this discussion, nor does it mention the problem.
The only aspect discussed is the reuse of nicknames which is a different
(but important) topic. So I suggest to add a paragraph:

NEW:

  "Section 7.1.discusses the problem of similar but different
   nicknames (e.g., thanks to the use of similar characters),
   and chat rooms MAY provide a mechanism to mitigate confusable
   nicknames."


BTW, current I-D says that a chat room **MAY** provide such a mechanism.
Should we change it for SHOULD? Said differently, is there a good reason
for a chat room not to perform such verifications? If the answer is yes,
then we can keep MAY.


Cheers,

   Vincent