Last Call Review of draft-ietf-stir-passport-divert-07
review-ietf-stir-passport-divert-07-secdir-lc-hallam-baker-2019-11-30-00
Request | Review of | draft-ietf-stir-passport-divert |
---|---|---|
Requested revision | No specific revision (document currently at 09) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2019-12-02 | |
Requested | 2019-11-18 | |
Authors | Jon Peterson | |
I-D last updated | 2019-11-30 | |
Completed reviews |
Opsdir Last Call review of -07
by Linda Dunbar
(diff)
Genart Last Call review of -07 by Pete Resnick (diff) Secdir Last Call review of -07 by Phillip Hallam-Baker (diff) |
|
Assignment | Reviewer | Phillip Hallam-Baker |
State | Completed | |
Request | Last Call review on draft-ietf-stir-passport-divert by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/W4SAX3ULRunvER1SJTvrOtXyLP0 | |
Reviewed revision | 07 (document currently at 09) | |
Result | Has issues | |
Completed | 2019-11-30 |
review-ietf-stir-passport-divert-07-secdir-lc-hallam-baker-2019-11-30-00
Section 1: Introduction "If Alice calls Bob, for example, Bob might attempt to ..." Alice, Bob and Carol are people. People do not emit JSON strings, create signatures or do any of the things they are described as being engaged in. Only the machines the people might possess can do such things. Anthropomorphising Turing machines results in language that is hard to follow at best and renders any attempt to consider UI issues impossible. Section 12: Security Considerations Is this going to create new means of injecting spam? It looks like it might. Consider the case in which Sue the spammer sets up a single genuine call between X and Y, then creates forwarding associations for 10,000 endpoints Z0-9999. Also consider reflection type attacks in which callers responding to spam have their numbers harvested for spoof source addresses for further spam.