Re: Comments on threats and things-to-think about

[Erik Nordmark <Erik.Nordmark@sun.com>]

Thanks for the comments Leif.

>  > draft-nordmark-multi6-threats-02.txt
> 
> 
> "The third class of applications..." Applications that rely on reverse
> lookups even beeing available are fundamentally broken and have been for
> some time (since the arrival of low-cost SOHO broadband in fact). IPv6
> multihoming imho should treat this class of applications the same way
> that the second class.

I suspect some folks want to avoid making things worse for this class,
even though it is insecure. I'll make the draft capture that there is
a range of opinions.

> "Finally, the fifth class..." The availability of ipsec (and similar 
> solutions) together with channel bindings allow protocols which in
> themselves are vulnerable to MITM-attacks to operate with a high level
> of confidentiality in the security of the identification of the peer.
> A typical example is the Remote Desktop Protocol (RDP) which when used
> with oportunistic ipsec works well if channel bindings are available.
> Channel bindings provide a link between the ip-layer identification
> and the application protocol identification. This is an important aspect
> of security in application protocols which must be preserved by a multi6
> solution.

I'll add this to the draft.

  Erik

> Apart from these comments my first read of this draft (especially some
> of the sections on identification spoofing attacks) read like an account
> of how to get into trouble with ssh tunneling - these things happens
> today all the time. This is not to say that there are solutions in this
> space because there isn't The lack of efficient key-management is
> the root of all evil to paraphrase Knuth.