On Jul 24, 2007, at 10:46 AM, Jun-ichiro itojun Hagino wrote:
as far as i understand, UPnP has no authentication whatsoever (if there is, you would face a bootstrap problem for secret sharing). so, once your UPnP-client box gets hijacked, bad guys can open up any TCP/UDP ports in your network. i'd rather have no UPnP on my router. UPnP adds more complexity onto the complexity of NAT/ firewall, so what would you expect? :-)
To be honest, I don't know much about UPnP. What you say is consistent with what I have heard, and not consistent with what I said a few moments ago.
That doesn't make the AAA issue wrong.
what i've been repeatedly trying to deliver is that, (it is more of IAB stuff) access controls at organization borders and/or based on address has to stop now. if you wish to be sure you are communicating with murai-san you have to check his identity using crypto signature.
I understand that point. I am saying that I disagree with it. For one thing, the same key sharing issue applies. Basing identity on address is, as you say, whacked; it has to be based on something much more relevant. But IMHO, that is about identification and authentication. I am saying that authorization, which is something different, is not a given and should not be a given. Authorization is something I grant to a subset of those I encounter, and only to those that I can identify with some appropriate level of strength.
Attachment:
PGP.sig
Description: This is a digitally signed message part