[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-nordmark-multi6-threats-01.txt

To: Brian E Carpenter <brc@zurich.ibm.com>
Subject: Re: draft-nordmark-multi6-threats-01.txt
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Sun, 13 Jun 2004 06:01:47 -0700
Cc: Multi6 <multi6@ops.ietf.org>
In-reply-to: <40CBAC63.6000800@zurich.ibm.com>
References: <Roam.SIMC.2.0.6.1087004094.5037.nordmark@bebop.france> <40CBAC63.6000800@zurich.ibm.com>

On 12 jun 2004, at 18:22, Brian E Carpenter wrote:

What does make sense is to look at how the ability to cause redirection has an impact on I, C, and A.

And we certainly should not attempt to solve at network or transport
level security issues that can only actually be solved at applications
level, where the network and all its characteristics like multihoming
are just viewed as a cloud anyway. If Santa Claus lets an elf use his
computer, that is not our problem.

Unfortunately, some of these issues can't be solved in higher layers if lower layers are vulnerable. An example of this is an attack on TCP when TLS is in use. Since TLS sits on top of TCP, it can't improve on availability (in the presence of an attack) over regular TCP. It can only guarantee the integrity and confidentiality of communication that actually makes it through. Alternatively, IPsec rejects falsified packets before TCP sees them so it also improves availability.

Follow-Ups:
- Re: draft-nordmark-multi6-threats-01.txt
  - From: Brian E Carpenter <brc@zurich.ibm.com>

References:
- RE: draft-nordmark-multi6-threats-01.txt
  - From: Erik Nordmark <Erik.Nordmark@sun.com>
- Re: draft-nordmark-multi6-threats-01.txt
  - From: Brian E Carpenter <brc@zurich.ibm.com>

Prev by Date: Weekly posting summary for multi6@ops.ietf.org
Next by Date: Re: Comments on draft-nordmark-multi6-threats-01
Previous by thread: Re: draft-nordmark-multi6-threats-01.txt
Next by thread: Re: draft-nordmark-multi6-threats-01.txt
Index(es):
- Date
- Thread