[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Comments on threats and things-to-think about

To: multi6@ops.ietf.org
Subject: Comments on threats and things-to-think about
From: Erik Nordmark <Erik.Nordmark@sun.com>
Date: Mon, 2 Aug 2004 20:41:48 -0700 (PDT)
Cc: erik.nordmark@sun.com, leifj@it.su.se
In-reply-to: "Your message with ID" <410E98A5.1080009@it.su.se>
Reply-to: Erik Nordmark <Erik.Nordmark@sun.com>

This never made it to the multi6 list AFAIK.

  Erik

>----------------Begin Forwarded Message----------------<

Date: Mon, 02 Aug 2004 21:40:21 +0200
From: "Leif Johansson" <leifj@it.su.se>
Subject: Kommentarerna jag skickade till Kurtis...
To: erik.nordmark@sun.com

 > draft-nordmark-multi6-threats-02.txt

"The third class of applications..." Applications that rely on reverse
lookups even beeing available are fundamentally broken and have been for
some time (since the arrival of low-cost SOHO broadband in fact). IPv6
multihoming imho should treat this class of applications the same way
that the second class.

"Finally, the fifth class..." The availability of ipsec (and similar 
solutions) together with channel bindings allow protocols which in
themselves are vulnerable to MITM-attacks to operate with a high level
of confidentiality in the security of the identification of the peer.
A typical example is the Remote Desktop Protocol (RDP) which when used
with oportunistic ipsec works well if channel bindings are available.
Channel bindings provide a link between the ip-layer identification
and the application protocol identification. This is an important aspect
of security in application protocols which must be preserved by a multi6
solution.

Apart from these comments my first read of this draft (especially some
of the sections on identification spoofing attacks) read like an account
of how to get into trouble with ssh tunneling - these things happens
today all the time. This is not to say that there are solutions in this
space because there isn't The lack of efficient key-management is
the root of all evil to paraphrase Knuth.

 > draft-lear-multi6-things-to-think-about-03.txt

2.3.6 - Very important. Latency for global voice applications is
tethering on the possible as it is.

2.4 - Explain how your solution helps/impacts/affects renumbering
especially for large sites.

2.4.11.1 - 2.4.11 is really a trick question. You are toast if
you need to touch gethostbyname or getaddrinfo.

2.4.19.1 - Provide a detailed walk-through of SIP+RTSP when one or
several of the peers are multihomed. How does your analysis change
when encrypted rtsp is used or when SIP with S/MIME e2e signalling
is used?

2.4.19.2 - Show how protocols with embedded encrypted ip-adresses
(eg RX used in AFS) are affected. NB that RX is built on top of UDP.
This is essentially the same as 2.4.19.1 but I like to plug AFS :-)

>----------------End Forwarded Message----------------<

Prev by Date: Re: Unique identifiers and privacy
Next by Date: RE: Unique identifiers and privacy
Previous by thread: Jabber log
Next by thread: Re: Comments on threats and things-to-think about
Index(es):
- Date
- Thread