RE: Time shifitng/future redirection attacks

[Erik Nordmark <Erik.Nordmark@sun.com>]

> I think that the section of future attacks considers this issue but perhaps
> adding some more examples to understand the full range of time shifting
> attacks would be fine.
> Additionally, perhaps it makes sense to explicitly note that the direction
> of communications. I mean, the threats when you allow that the state created
> by an incoming connection is shared with future outgoing communications.

Yes, it is already on my todo list to add text about this to the threats
draft.

> So, there is state created at a moment in time, a time shifted attack is
> about using this (false) state in future communications, but additionally,
> IMHO it is also important to note whether this communication are in the same
> direction of the communication that created the state.
> 
> finally, i think that explicitly noting that there is a difference level of
> threat when the state affects only a connection or it refers to the complete
> identity of the host.

Having text in the threats draft that points out this concern makes sense.
I don't feel we can say much more about the "granularity" of the redirection
attacks - because I don't think we understand the tradeoffs in terms
of granularity yet.

  Erik