[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RRG] draft-farinacci-lisp-05
On Dec 21, 2007, at 7:04 PM, Iljitsch van Beijnum wrote:
This is one of the big problems with GSE: if someone contacts you
with EID=windowsupdate.com and RLOC=l33th4x0r, and you trust this
relationship, an attacker gets to redirect traffic for that EID to
a random place. This is especially bad when the attacker can set up
this state just as you're about to set up an outgoing connection to
that EID, because then they get to intercept your outgoing traffic.
Let's be reasonable here. This is clearly not sane. In any
reasonable version of ANY solution, you do not create a trusted
locator mapping based on incoming packet information.
In the case of content sites that only receive incoming sessions it
is probably possible to come up with a set of contraints within
which there are no problems, but that would still make me EXTREMELY
uncomfortable as people do stuff that they weren't planning on
doing when they set up their networks all the time. Also, as
someone who has spent a fair bit of time debugging network
problems, I am very much in favor of deterministic behavior.
Agreed. However, distinguishing between a cache entry created for
anonymous responses and one that is created because of an outbound
request is not hard.
So one set of behavior when the connection is set up from A to B
and another when it's from B to A is not good.
If you can distinguish between them, then you still have determinism.
Tony
--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg