Last Call Review of draft-ietf-sipcore-invfix-
review-ietf-sipcore-invfix-secdir-lc-salowey-2010-06-24-00
| Request | Review of | draft-ietf-sipcore-invfix |
|---|---|---|
| Requested revision | No specific revision (document currently at 01) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2010-06-29 | |
| Requested | 2010-06-09 | |
| Authors | Robert Sparks , Theo Zourzouvillys | |
| I-D last updated | 2010-06-24 | |
| Completed reviews |
Secdir Last Call review of -??
by Joseph A. Salowey
|
|
| Assignment | Reviewer | Joseph A. Salowey |
| State | Completed | |
| Request | Last Call review on draft-ietf-sipcore-invfix by Security Area Directorate Assigned | |
| Completed | 2010-06-24 |
review-ietf-sipcore-invfix-secdir-lc-salowey-2010-06-24-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The document fixes a real problem and seems to address some existing security issues, namely the forwarding of stray responses. This is good. It does introduce more of a possibility of denial of service since state must be maintained to track valid responses and this is noted in the security considerations as well. I'm not all that familiar with SIP, but there are techniques used in other protocols to avoid "flood" type of attacks by delaying committing state until the client has successfully processed a server message. TCP cookies, IKEv2 and DTLS have examples of this. This would be something to consider if implementations were vulnerable to flood type attacks in deployments. Joe