[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: 3gpp-analysis-04: Security considerations [issue 11]

To: <pekkas@netcore.fi>, <H.Soliman@flarion.com>
Subject: RE: 3gpp-analysis-04: Security considerations [issue 11]
From: <juha.wiljakka@nokia.com>
Date: Fri, 22 Aug 2003 16:06:52 +0300
Cc: <v6ops@ops.ietf.org>

Yep, let's freeze this for a moment and try to complete the content of the doc first.

Cheers,
	-Juha-

-----Original Message-----
From: ext Pekka Savola [mailto:pekkas@netcore.fi]
Sent: 06 August, 2003 12:05
To: Soliman Hesham
Cc: v6ops@ops.ietf.org
Subject: RE: 3gpp-analysis-04: Security considerations


On Thu, 24 Jul 2003, Soliman Hesham wrote:
> Do you want to send text? Perhaps when you get back.
> This comment is a bit too open.

I think we had better to first try to settle the rest of the document 
(wrt. transition scenarios, etc.) because changes in those would affect 
the security considerations a lot too.

>  > -----Original Message-----
>  > From: Pekka Savola [mailto:pekkas@netcore.fi]
>  > Sent: Thursday, July 24, 2003 11:20 PM
>  > To: v6ops@ops.ietf.org
>  > Subject: 3gpp-analysis-04: Security considerations
>  > 
>  > 
>  > Hi,
>  > 
>  > The security consideration section of the 3GPP analysis 
>  > document is still 
>  > very weak; in principle, they only cover three points 
>  > related to NAT-PT 
>  > and/or DNSSEC.  A more thorough analysis is required.  
>  > 
>  > In addition to NAT-PT/DNSSEC issues (I'm not sure if the 
>  > three points are 
>  > a conclusive list, though), the security properties of different 
>  > transition scenarios and mechanisms should be briefly described.  
>  > 
>  > The exact contents depends a lot on which mechanisms we seem to get
>  > rough consensus on.
>  > 
>  > =====
>  >  5. Security Considerations
>  >                                                              
>  >                                                          
>  >          1. NAT-PT DNS ALG problems are described in [NATPT-DNS] and
>  >             [v4v6trans].
>  >                                                              
>  >                                                          
>  >          2. The 3GPP specifications do not currently define the usage
>  >             of DNS Security. They neither disallow the usage 
>  > of DNSSEC,
>  >             nor do they mandate it.
>  >                                                              
>  >                                                          
>  >          3. NAT-PT breaks DNSSEC.
>  > -- 
>  > Pekka Savola                 "You each name yourselves king, yet the
>  > Netcore Oy                    kingdom bleeds."
>  > Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
>  > 
>  > 
>  > 
> 

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Follow-Ups:
- RFC 2893-style automatic tunneling
  - From: Fred Templin <ftemplin@iprg.nokia.com>

Prev by Date: RE: 3gpp-analysis-04: DNS guidelines [issue 5]
Next by Date: I-D ACTION:draft-ietf-v6ops-ipv4survey-intro-02.txt
Previous by thread: RE: 3gpp-analysis-04: DNS guidelines [issue 5]
Next by thread: RFC 2893-style automatic tunneling
Index(es):
- Date
- Thread