On 12 jun 2004, at 18:22, Brian E Carpenter wrote:
What does make sense is to look at how the ability to cause redirection has an impact on I, C, and A.
And we certainly should not attempt to solve at network or transport level security issues that can only actually be solved at applications level, where the network and all its characteristics like multihoming are just viewed as a cloud anyway. If Santa Claus lets an elf use his computer, that is not our problem.
Unfortunately, some of these issues can't be solved in higher layers if lower layers are vulnerable. An example of this is an attack on TCP when TLS is in use. Since TLS sits on top of TCP, it can't improve on availability (in the presence of an attack) over regular TCP. It can only guarantee the integrity and confidentiality of communication that actually makes it through. Alternatively, IPsec rejects falsified packets before TCP sees them so it also improves availability.
Indeed, and if I had written "highly available cloud" instead of just "cloud" my point would have been clearer. We do need to worry about availability and therefore about attacks that reduce availability.