Security Threats and Requirements for Emergency Call Marking and Mapping
RFC 5069
Revision differences
Document history
| Date | Rev. | By | Action |
|---|---|---|---|
|
2018-12-20
|
05 | (System) | Received changes through RFC Editor sync (changed abstract to 'This document reviews the security threats associated with the marking of signalling messages to indicate that … Received changes through RFC Editor sync (changed abstract to 'This document reviews the security threats associated with the marking of signalling messages to indicate that they are related to an emergency, and with the process of mapping locations to Universal Resource Identifiers (URIs) that point to Public Safety Answering Points (PSAPs). This mapping occurs as part of the process of routing emergency calls through the IP network. Based on the identified threats, this document establishes a set of security requirements for the mapping protocol and for the handling of emergency-marked calls. This memo provides information for the Internet community.') |
|
2015-10-14
|
05 | (System) | Notify list changed from ecrit-chairs@ietf.org to (None) |
|
2012-08-22
|
05 | (System) | post-migration administrative database adjustment to the No Objection position for Russ Housley |
|
2008-01-09
|
05 | Amy Vezza | State Changes to RFC Published from RFC Ed Queue by Amy Vezza |
|
2008-01-09
|
05 | Amy Vezza | [Note]: 'RFC 5069' added by Amy Vezza |
|
2008-01-07
|
05 | (System) | RFC published |
|
2007-09-12
|
05 | Amy Vezza | State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza |
|
2007-09-11
|
05 | (System) | IANA Action state changed to No IC from In Progress |
|
2007-09-11
|
05 | (System) | IANA Action state changed to In Progress |
|
2007-09-11
|
05 | Amy Vezza | IESG state changed to Approved-announcement sent |
|
2007-09-11
|
05 | Amy Vezza | IESG has approved the document |
|
2007-09-11
|
05 | Amy Vezza | Closed "Approve" ballot |
|
2007-09-11
|
05 | Amy Vezza | State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Amy Vezza |
|
2007-08-24
|
05 | (System) | New version available: draft-ietf-ecrit-security-threats-05.txt |
|
2007-08-21
|
05 | Russ Housley | [Ballot Position Update] Position for Russ Housley has been changed to No Objection from Discuss by Russ Housley |
|
2007-06-29
|
05 | Samuel Weiler | Request for Telechat review by SECDIR Completed. Reviewer: Donald Eastlake. |
|
2007-06-22
|
05 | (System) | Removed from agenda for telechat - 2007-06-21 |
|
2007-06-21
|
05 | Amy Vezza | State Changes to IESG Evaluation::AD Followup from IESG Evaluation by Amy Vezza |
|
2007-06-21
|
05 | David Ward | [Ballot Position Update] New position, No Objection, has been recorded by David Ward |
|
2007-06-21
|
05 | Ross Callon | [Ballot Position Update] New position, No Objection, has been recorded by Ross Callon |
|
2007-06-21
|
05 | Jari Arkko | [Ballot comment] This document identifies and describes threats that affect emergency call mechanisms. As the Requirements document, this document is already in good shape. However, … [Ballot comment] This document identifies and describes threats that affect emergency call mechanisms. As the Requirements document, this document is already in good shape. However, there is one attack objective that I think is very important, and that should be attended to a bit closer IMO: > o to divert emergency responders to non-emergency sites. This memo > has not identified any attacks within its intended scope that > achieve this objective, so it will not be mentioned further. Diverting emergency responders to non-emergency sites is actually not an objective that an attacker might have, but rather a technique of reaching the objective described in the first bullet ("to deny system services to all users in a given area"). So the draft actually does address this objective. Still, I think the /possibility/ for an attacker to divert emergency responders to non-emergency sites -- as a means of reaching the DoS objective -- is important enough to get a bit further elaborated on, in particular with respect to its relationship to the mechanism to be developed by the Ecrit WG. I think that some clarification would be useful along these lines: Preventing diversion of emergency calls would likely require some evidence about the existence of a reported emergency case, such as a photograph, a video clip, or N previous calls reporting the same emergency case. The decision of which proof would be acceptable, and whether requiring such proof is something desirable in the first place, is likely something that cannot be decided in the Ecrit WG. Preventing diversion of emergency calls is hence something that is likely not to be in scope of the Ecrit WG. Maybe this should be clarified either in this document, or in the Requirements document -- in particular because the Requirements document currently only talks about verifying the caller's location, rather than verifying whether there actually exists an emergency case at that location. |
|
2007-06-21
|
05 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded by Jari Arkko |
|
2007-06-21
|
05 | Chris Newman | [Ballot Position Update] New position, No Objection, has been recorded by Chris Newman |
|
2007-06-21
|
05 | Russ Housley | [Ballot discuss] The document says: > > Requirement R9: the protocol or the system within which it is > implemented MUST maintain … [Ballot discuss] The document says: > > Requirement R9: the protocol or the system within which it is > implemented MUST maintain confidentiality of the request and > response. > Protections within the system are not sufficient to provide confidentiality of the request and response message content. I suggest that "or" should become "and" in this requirement. |
|
2007-06-21
|
05 | Russ Housley | [Ballot Position Update] New position, Discuss, has been recorded by Russ Housley |
|
2007-06-21
|
05 | Lisa Dusseault | [Ballot Position Update] New position, No Objection, has been recorded by Lisa Dusseault |
|
2007-06-21
|
05 | Dan Romascanu | [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu |
|
2007-06-21
|
05 | Magnus Westerlund | [Ballot Position Update] New position, No Objection, has been recorded by Magnus Westerlund |
|
2007-06-21
|
05 | Mark Townsley | [Ballot Position Update] New position, No Objection, has been recorded by Mark Townsley |
|
2007-06-21
|
05 | Sam Hartman | [Ballot Position Update] New position, No Objection, has been recorded by Sam Hartman |
|
2007-06-20
|
05 | Yoshiko Fong | IANA Evaluation Comments: As described in the IANA Considerations section, we understand this document to have NO IANA Actions. |
|
2007-06-20
|
05 | Ron Bonica | [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica |
|
2007-06-20
|
05 | Cullen Jennings | [Ballot Position Update] New position, No Objection, has been recorded by Cullen Jennings |
|
2007-06-20
|
05 | Lars Eggert | [Ballot Position Update] New position, No Objection, has been recorded by Lars Eggert |
|
2007-06-19
|
05 | Tim Polk | [Ballot Position Update] New position, No Objection, has been recorded by Tim Polk |
|
2007-06-15
|
05 | Samuel Weiler | Request for Telechat review by SECDIR is assigned to Donald Eastlake |
|
2007-06-15
|
05 | Samuel Weiler | Request for Telechat review by SECDIR is assigned to Donald Eastlake |
|
2007-06-14
|
05 | Jon Peterson | State Changes to IESG Evaluation from AD Evaluation::AD Followup by Jon Peterson |
|
2007-06-14
|
05 | Jon Peterson | Placed on agenda for telechat - 2007-06-21 by Jon Peterson |
|
2007-06-14
|
05 | Jon Peterson | [Ballot Position Update] New position, Yes, has been recorded for Jon Peterson |
|
2007-06-14
|
05 | Jon Peterson | Ballot has been issued by Jon Peterson |
|
2007-06-14
|
05 | Jon Peterson | Created "Approve" ballot |
|
2007-06-14
|
05 | (System) | Ballot writeup text was added |
|
2007-06-14
|
05 | (System) | Last call text was added |
|
2007-06-14
|
05 | (System) | Ballot approval text was added |
|
2007-04-27
|
05 | (System) | Sub state has been changed to AD Follow up from New Id Needed |
|
2007-04-27
|
04 | (System) | New version available: draft-ietf-ecrit-security-threats-04.txt |
|
2007-03-02
|
05 | Jon Peterson | State Changes to AD Evaluation::Revised ID Needed from Publication Requested by Jon Peterson |
|
2006-11-05
|
05 | Jon Peterson | PROTO writeup: (1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this version … PROTO writeup: (1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this version of the document and, in particular, does he or she believe this version is ready for forwarding to the IESG for publication? Document Shepherd is Marc Linsner (marc.linsner@cisco.com). The document is ready for publications and I have reviewed the document personally. (1.b) Has the document had adequate review both from key WG members and from key non-WG members? Does the Document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? The security document has been reviewed by many WG members. The feedback from the group caused the document to be refocused and to be re-written several times. A WG last call was held for the 01 version on 4/17/06. Comments from the last call were from one person, who submitted changes to the editor. Those changes resulted in versions 02 and 03. (1.c) Does the Document Shepherd have concerns that the document needs more review from a particular or broader perspective, e.g., security, operational complexity, someone familiar with AAA, internationalization or XML? There are no remaining concerns with the document. (1.d) Does the Document Shepherd have any specific concerns or issues with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if those issues have been discussed in the WG and the WG has indicated that it still wishes to advance the document, detail those concerns here. There are no concerns with this version of the document. (1.e) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? There is solid consensus behind this document. Post last call concerns have been resolved. (1.f) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire will be entered into the ID Tracker.) No. (1.g) Has the Document Shepherd verified that the document satisfies all ID nits? (See http://www.ietf.org/ID-Checklist.html and http://tools.ietf.org/tools/idnits/). Boilerplate checks are not enough; this check needs to be thorough. The document does not contain nits. (1.h) Has the document split its references into normative and informative? Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the strategy for their completion? Are there normative references that are downward references, as described in [RFC3967]? If so, list these downward references to support the Area Director in the Last Call procedure for them [RFC3967]. The document has references split into a normative and informative references. There is no dependency on a normative that haven't been finished. There are no downward references. (1.i) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Document Announcement Write-Up for draft-ietf-ecrit-security-threats-03.txt. Technical Summary This document describes the security requirements which must be fulfilled to prevent or reduce the effectiveness of the attacks on the marking of an emergency call and the location to PSAP URI mapping system. Working Group Summary Was there anything in WG process that is worth noting? For example, was there controversy about particular points or were there decisions where the consensus was particularly rough? Nothing worth noting. Document Quality Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Are there any reviewers that merit special mention as having done a thorough review, e.g., one that resulted in important changes or a conclusion that the document had no substantive issues? This is a security requirements document, hence no existing implementations. Reviewers of note are mentioned in the document. |
|
2006-11-05
|
05 | Jon Peterson | Draft Added by Jon Peterson in state Publication Requested |
|
2006-07-12
|
03 | (System) | New version available: draft-ietf-ecrit-security-threats-03.txt |
|
2006-06-29
|
02 | (System) | New version available: draft-ietf-ecrit-security-threats-02.txt |
|
2006-04-18
|
01 | (System) | New version available: draft-ietf-ecrit-security-threats-01.txt |
|
2006-03-24
|
00 | (System) | New version available: draft-ietf-ecrit-security-threats-00.txt |