SNAP - Security & IANA considerations

Shapira, Noam (Shapira_Noam@icomverse.com)
Thu, 15 Nov 2001 19:34:04 +0200

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Shannon.G@njstar.com: "Conference calls are safe"
• Previous message: Philip.j@anheng.com: "Conference calls are safe"

Hi all,

One of the action items I got in the last IETF meeting was to add Security
considerations and IANA considerations to the draft.

Following is the added text, I would be happy to get comments.

Thanks

Noam
=============================================================
6. Security Considerations

   The SNAP describes a server-to-server protocol (Messaging Server
   and a Notification Server). The protocol defines the means by
   which the Notification Service will receive the event information
   and trigger a notification message / action to the user. Following
   is a set of threats implementers MUST take in consideration when
   defining the integration between the Messaging Server and the
   Notification Service:

6.1 Denial of Service (DoS)
 
   SNAP defines the way by which a Messaging System passes the
   information to the Notification Service. DoS attack, might
   prevent a user from receiving a notification message by overloading
   the notification server. The possible countermeasures include:
   validating the notification request before processing it, limiting
   the number of notification requests from a single store, etc.
 
6.2 IP Spoofing

   As SNAP's payload holds private user's data, message data and
   mailbox data, IP spoofing may cause an attack on the user's
   privacy.

6.3 Impersonation

   A Messaging System impersonation might cause the Notification
   Service to send notification messages on events that did not occur.

6.4 Network Snooping

   Packet sniffing on the SNAP payload may impose a threat on the
   user's privacy. The SNAP's payload SHOULD be secured in order to
   prevent network snooping.

7. IANA Considerations

   This specification calls for the registration of the new MIME
   content-type text/SNAP.

   The registration template:

     To: ietf-types@iana.org
     Subject: Registration of MIME media type text/SNAP

     MIME media type name: text

     MIME subtype name: SNAP

     Required parameters: See section 3 defined mandatory parameters

     Optional parameters: See section 3 defined non-mandatory parameters

     Encoding considerations: None

     Security considerations: None

     Interoperability considerations: None

     Published specification: This draft

     Applications which use this media type:
        Messaging System and Notification Services as defined in
        this draft.

     Additional information:
       Magic number(s): None
       File extension(s): None
       Macintosh File Type Code(s): None

     Person & email address to contact for further information:

       Noam Shapira: noam.shapira@comverse.com

     Intended usage:
       Common

     Author/Change controller:

       noam.shapira@comverse.com

• Next message: Shannon.G@njstar.com: "Conference calls are safe"
• Previous message: Philip.j@anheng.com: "Conference calls are safe"

This archive was generated by hypermail 2.0b3 on Thu Nov 15 2001 - 19:37:09 IST