[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: node-to-node security breach
On Mon, 23 Aug 2004, Karen E. Nielsen (AH/TED) wrote:
> > I'm not sure if I understand your comment. I wasn't arguing for
> > node-to-node communication :) -- I was just pointing out that the
> > mitigation strategy simply doesn't work, so the document should say
> > that direct tunneling issues cannot be mitigated (that way) because it
> > would break the protocol. Either the protocol must not have direct
> > tunneling, or the risks must always be acceptable.
>
>
> The essence here is that direct tunnelling isn't an explicit goal
> of zeroconf wherefore it isn't discussed in any detail
> (and thats made perfectly clear).
>
> But now that you bring it up we can say something
> to this effect in the security section
> - something like:
>
> "Direct Tunnelling:
>
> If in addition direct tunnelling is provided,
> the tunnel protocol should not impose any new vulnerability to the
> nodes implementing the tunnel protocol than what is already present
> in existing IPv6 networks, where multiple hosts are served by the
> same router (possible multiple routers).
>
> Note that the mitigation strategy
> discussed above would break direct tunnelling,
> etc. etc."
>
> I don't know if the other authors agree, but would this
> mitigate your concerns ?
No that wouldn't be good. The point is that it does not just break
*direct tunneling*, but it breaks node-to-node communication inside
the "direct tunneling range". That is unacceptable, and therefore
such mitigation should not be listed.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings