Re: threats ID

[Iljitsch van Beijnum <iljitsch@muada.com>]

On 20-jan-04, at 12:25, marcelo bagnulo wrote:

> > In any case this does not prevent combining the two drafts, which will
> > be much easier for readers, e.g.:

> > Part 1: threats that only affect network layer solutions
> > Part 2: threats that affect both network and transport layer solutions
> > Part 3: threats that only affect transport layer solutions

> Yes, or other option is to make an analysis for IP layer solutions and
> another for transport layer, but in any case IMHO we should clearly
> undestand the differences between the two cases.

I think it's an important observation that working per identifier pair 
or working per session have some very different security aspects.

Which of course begs the question: which is the better approach? I'm 
not much in favor of having to do a time consuming negotiation for each 
TCP or UDP "session", as many sessions have a lifetime of only a few 
packets. (On the other hand this could finally make HTTP implementers 
clean up their act and not start upwards of 10 TCP sessions per 
second...) On the other hand, "fool me once, redirect my traffic 
forever" isn't all that appealing either.

I think there is some middle ground here, where sessions can be grouped 
in such that an optimal tradeoff between increased risk and decreased 
performance is found. However, this probably means the MH layer needs 
to know more than a few intimate details of what the transport 
protocols are up to.