Re: [Last-Call] Secdir last call review of draft-ietf-stir-passport-divert-07

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks for these notes Phillip. I added some text to address your second point to the Security Considerations text. As to the first, regarding Alice and Bob, I believe the usage here is consistent with IETF practice, as misguided as that may be, and I don't think amending it would clarify anything.
 
Jon Peterson
Neustar, Inc.

On 11/30/19, 6:06 PM, "Phillip Hallam-Baker via Datatracker" <noreply@xxxxxxxx> wrote:

    Reviewer: Phillip Hallam-Baker
    Review result: Has Issues
    
    Section 1: Introduction
    
    "If Alice calls Bob, for example, Bob might attempt to ..."
    
    Alice, Bob and Carol are people. People do not emit JSON strings, create
    signatures or do any of the things they are described as being engaged in. Only
    the machines the people might possess can do such things. Anthropomorphising
    Turing machines results in language that is hard to follow at best and renders
    any attempt to consider UI issues impossible.
    
    Section 12: Security Considerations
    
    Is this going to create new means of injecting spam? It looks like it might.
    Consider the case in which Sue the spammer sets up a single genuine call
    between X and Y, then creates forwarding associations for 10,000 endpoints
    Z0-9999. Also consider reflection type attacks in which callers responding to
    spam have their numbers harvested for spoof source addresses for further spam.
    
    


-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux