[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Evaluation: draft-ietf-sigtran-security - Security Considerations for SIGTRAN Protocols to Proposed Standard

To: Internet Engineering Steering Group <iesg@ietf.org>
Subject: Evaluation: draft-ietf-sigtran-security - Security Considerations for SIGTRAN Protocols to Proposed Standard
From: IESG Secretary <iesg-secretary@ietf.org>
Date: Thu, 10 Apr 2003 19:22:22 -0400

Last Call to expire on: 2003-3-7

	Please return the full line with your position.

                    Yes    No-Objection  Discuss *  Abstain  


Harald Alvestrand   [   ]     [   ]       [   ]      [   ] 
Steve Bellovin      [   ]     [   ]       [   ]      [   ] 
Randy Bush          [   ]     [   ]       [   ]      [   ] 
Bill Fenner         [   ]     [   ]       [   ]      [   ] 
Ned Freed           [   ]     [   ]       [   ]      [   ] 
Ted Hardie          [   ]     [   ]       [   ]      [   ] 
Russ Housley        [   ]     [   ]       [   ]      [   ] 
Allison Mankin      [   ]     [   ]       [   ]      [   ] 
Thomas Narten       [   ]     [   ]       [   ]      [   ] 
Erik Nordmark       [   ]     [   ]       [   ]      [   ]
Jon Peterson        [ X ]     [   ]       [   ]      [   ] 
Bert Wijnen         [   ]     [   ]       [   ]      [   ]
Alex Zinin          [   ]     [   ]       [   ]      [   ] 


 2/3 (9) Yes or No-Objection opinions needed to pass. 
 
 * Indicate reason if 'Discuss'.
 
^L
To: IETF-Announce:;
Dcc: *******
Cc: RFC Editor <rfc-editor@isi.edu>,
 Internet Architecture Board <iab@iab.org>, sigtran@ietf.org
From: The IESG <iesg-secretary@ietf.org>
Subject: Protocol Action: Security Considerations for SIGTRAN Protocols
	 to Proposed Standard
-------------

The IESG has approved the Internet-Draft "Security Considerations for
SIGTRAN Protocols" <draft-ietf-sigtran-security-02.txt> as a Proposed
Standard. This document is the product of the SIGTRAN working group. 
It was given a two week Last Call. The IESG contact persons are 
Allison Mankin and Jon Peterson.

Technical Summary

This document describes the use of security mechanisms, primarily 
IPSec, for securing SIGTRAN (traditional telephony signaling over IP) 
networks - this is not intended to be generic security for SCTP, but 
rather for a set of telephony signaling services that run over SCTP. 
It contains some rudimentary information about threats, but primarily 
focuses on a security profile: a normative MUST for support of IPSec 
for SIGTRAN elements, and a MAY for TLS. TLS usage is somewhat 
underspecified, but TLS is only envisioned for unusual 
configurations. To its credit, the document goes significantly beyond 
"use IPSec" into quite a bit of implementation and conformance detail, 
and notes both the strengths and limitations of its model.

IPSec seems to be a good fit for securing telephony signaling 
protocols, which traditionally were employed primarily over closed 
networks. There is a certain amount of consideration of 
access-network signaling protocols (i.e. ISDN), and the implications 
of sending SIGTRAN to a user-controlled node, but mostly this 
document examines provider networks that communicate with one another 
over the Internet, to which IPSec seems well suited.

Working Group Summary

The SIGTRAN working group supports the publication of this document. 
Other WG documents (including draft-ietf-sigtran-v5ua) have 
dependencies on this draft.

Protocol Quality/Review

This document was reviewed for the IESG by Jon Peterson.

Follow-Ups:
- Re: Evaluation: draft-ietf-sigtran-security - Security Considerations for SIGTRAN Protocols to Proposed Standard
  - From: Ted Hardie <hardie@qualcomm.com>

Prev by Date: Re: RFC Editor Current Queue (fwd)
Next by Date: Re: I'll be on vacation next week
Previous by thread: Evaluation: draft-ietf-smime-cms-rsaes-oaep - Use of the RSAES-OAEP Transport Algorithm in CMS to Proposed Standard
Next by thread: Re: Evaluation: draft-ietf-sigtran-security - Security Considerations for SIGTRAN Protocols to Proposed Standard
Index(es):
- Date
- Thread