Re: [RRG] draft-farinacci-lisp-05

[Tony Li <tli@cisco.com>]

On Dec 21, 2007, at 7:04 PM, Iljitsch van Beijnum wrote:

> This is one of the big problems with GSE: if someone contacts you  
> with EID=windowsupdate.com and RLOC=l33th4x0r, and you trust this  
> relationship, an attacker gets to redirect traffic for that EID to  
> a random place. This is especially bad when the attacker can set up  
> this state just as you're about to set up an outgoing connection to  
> that EID, because then they get to intercept your outgoing traffic.


Let's be reasonable here.  This is clearly not sane.  In any  
reasonable version of ANY solution, you do not create a trusted  
locator mapping based on incoming packet information.


> In the case of content sites that only receive incoming sessions it  
> is probably possible to come up with a set of contraints within  
> which there are no problems, but that would still make me EXTREMELY  
> uncomfortable as people do stuff that they weren't planning on  
> doing when they set up their networks all the time. Also, as  
> someone who has spent a fair bit of time debugging network  
> problems, I am very much in favor of deterministic behavior.


Agreed.  However, distinguishing between a cache entry created for  
anonymous responses and one that is created because of an outbound  
request is not hard.


> So one set of behavior when the connection is set up from A to B  
> and another when it's from B to A is not good.


If you can distinguish between them, then you still have determinism.

Tony

--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg