[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
Le mardi 28 juillet 2009 19:17:13 Yaron Sheffer, vous avez écrit :
> It pains me to advocate *less* security than Iljitsch, but yes, this should
> be done from the host, and no, there is no reasonable way to establish
> trust between the host and the CPE router in a home environment. So the
> (default) protocol will likely be unauthenticated.
>
> Let's just make sure the protocol is NOT HTTP-based, because there've been
> attacks on UPNP where the host is "convinced" to open a pinhole in the
> router. These attacks are a variant of cross-site scripting, and here's a
> link: http://blogs.zdnet.com/soho-networking/?p=120.
Generally speaking, any protocol that has a URI scheme is vulnerable. *Also* I
think this should anyway be a light-weight binary protocol, rather than XML
over HTTP over... you get the idea - purely for practical reasons.
That said, not to put the full blame of UPnP. Manual HTTP configuration
interfaces with default passwords are also prone to abuse - regardless of
UPnP. And really, I don't see any credible alternatives for vendors to use.
--
Rémi Denis-Courmont
http://www.remlab.net/