[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: 3gpp-analysis-04: Security considerations
On Thu, 24 Jul 2003, Soliman Hesham wrote:
> Do you want to send text? Perhaps when you get back.
> This comment is a bit too open.
I think we had better to first try to settle the rest of the document
(wrt. transition scenarios, etc.) because changes in those would affect
the security considerations a lot too.
> > -----Original Message-----
> > From: Pekka Savola [mailto:pekkas@netcore.fi]
> > Sent: Thursday, July 24, 2003 11:20 PM
> > To: v6ops@ops.ietf.org
> > Subject: 3gpp-analysis-04: Security considerations
> >
> >
> > Hi,
> >
> > The security consideration section of the 3GPP analysis
> > document is still
> > very weak; in principle, they only cover three points
> > related to NAT-PT
> > and/or DNSSEC. A more thorough analysis is required.
> >
> > In addition to NAT-PT/DNSSEC issues (I'm not sure if the
> > three points are
> > a conclusive list, though), the security properties of different
> > transition scenarios and mechanisms should be briefly described.
> >
> > The exact contents depends a lot on which mechanisms we seem to get
> > rough consensus on.
> >
> > =====
> > 5. Security Considerations
> >
> >
> > 1. NAT-PT DNS ALG problems are described in [NATPT-DNS] and
> > [v4v6trans].
> >
> >
> > 2. The 3GPP specifications do not currently define the usage
> > of DNS Security. They neither disallow the usage
> > of DNSSEC,
> > nor do they mandate it.
> >
> >
> > 3. NAT-PT breaks DNSSEC.
> > --
> > Pekka Savola "You each name yourselves king, yet the
> > Netcore Oy kingdom bleeds."
> > Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
> >
> >
> >
>
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings