[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

3gpp-analysis-04: Security considerations

To: v6ops@ops.ietf.org
Subject: 3gpp-analysis-04: Security considerations
From: Pekka Savola <pekkas@netcore.fi>
Date: Fri, 25 Jul 2003 06:19:52 +0300 (EEST)

Hi,

The security consideration section of the 3GPP analysis document is still 
very weak; in principle, they only cover three points related to NAT-PT 
and/or DNSSEC.  A more thorough analysis is required.  

In addition to NAT-PT/DNSSEC issues (I'm not sure if the three points are 
a conclusive list, though), the security properties of different 
transition scenarios and mechanisms should be briefly described.  

The exact contents depends a lot on which mechanisms we seem to get
rough consensus on.

=====
 5. Security Considerations
                                                                                                                      
         1. NAT-PT DNS ALG problems are described in [NATPT-DNS] and
            [v4v6trans].
                                                                                                                      
         2. The 3GPP specifications do not currently define the usage
            of DNS Security. They neither disallow the usage of DNSSEC,
            nor do they mandate it.
                                                                                                                      
         3. NAT-PT breaks DNSSEC.
-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Prev by Date: 3gpp-analysis-04: SIP/SDP transition
Next by Date: 3gpp-analysis-04: Automatic tunneling inside 3GPP operator's network
Previous by thread: 3gpp-analysis-04: SIP/SDP transition
Next by thread: RE: 3gpp-analysis-04: Security considerations
Index(es):
- Date
- Thread