New I-D: Teredo Security Concerns Beyond What Is In RFC 4380

[Jim Hoagland <jim_hoagland@symantec.com>]

Hello,

Some months ago, when he was reviewing a version of [1], Christian Huitema
suggested that I submit my Teredo security concerns to the v6ops working
group as an Internet Draft.  You now see the result of this, documenting
what I feel are security concerns not mentioned in RFC 4380.  I hope this
proves useful.

http://www.ietf.org/internet-drafts/draft-hoagland-v6ops-teredosecconcerns-0
0.txt

I need to disclose that I, unfortunately, only have a limited amount of time
to spend on this draft going forward; I can monitor discussion on this
mailing list, but I won't be able to travel to any IETF meetings.
Therefore, I feel that I need one or more co-authors in order for this draft
to progress.  If you are interested, please contact me off-list.

Incidentally, I am aware that certain of the concerns I mention derive from
Teredo being a tunnel.  Without having done a similar study for
6to4/4to6/ISATAP/etc, I cannot reliably compare the security implications
for each, to say whether Teredo is better or worse than most (though I
suspect worse).  In any case, I feel the concerns are valid, even if they
are typical of tunnels.

Sincerely,

  Jim

[1] http://www.symantec.com/avcenter/reference/Teredo_Security.pdf

P.s.  My views cannot be assumed to be necessarily reflective of my
employer.

-- 
Jim Hoagland, Ph.D., CISSP
Principal Security Researcher
Advanced Threats Research
Symantec Security Response
www.symantec.com