[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: R41 in draft-ietf-v6ops-cpe-simple-security-07

To: Yaron Sheffer <yaronf@checkpoint.com>
Subject: RE: R41 in draft-ietf-v6ops-cpe-simple-security-07
From: Rémi Denis-Courmont <remi@remlab.net>
Date: Wed, 05 Aug 2009 08:41:50 +0200
Cc: Mark Baugher <mbaugher@cisco.com>, Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>, Brian E Carpenter <brian.e.carpenter@gmail.com>, james woodyatt <jhw@apple.com>, IPv6 Operations <v6ops@ops.ietf.org>
In-reply-to: <7F9A6D26EB51614FBF9F81C0DA4CFEC80133E557D292@il-ex01.ad.checkpoint.com>
Organization: Remlab.net
References: <7F9A6D26EB51614FBF9F81C0DA4CFEC80133E557D28F@il-ex01.ad.checkpoint.com> <3C35AAD7-D7F7-4E6D-A7E0-C6DA2CF95946@cisco.com> <7F9A6D26EB51614FBF9F81C0DA4CFEC80133E557D292@il-ex01.ad.checkpoint.com>
User-agent: RoundCube Webmail/0.1





On Wed, 5 Aug 2009 01:03:55 +0300, Yaron Sheffer <yaronf@checkpoint.com>

wrote:

> Hi Mark,

> 

> My security reflexes tell me that authenticated is better than un-, and I

> agree that the protocol MUST support such a mode. But in practice, this

> protocol will be used by applications, which most likely will store the

> auth

> credentials somewhere. Malware can subvert the applications and/or get

> directly at the credentials. At which point I'm not sure this is so

secure

> any more.



Supporting authenticated mode, sure. But by definition, this won't work in

an unmanaged network... As for more controlled networks, it is questionable

whether hosts should be allowed to modify the firewall configuration at

all, anyway.



-- 

Rémi Denis-Courmont

References:
- RE: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: Yaron Sheffer <yaronf@checkpoint.com>
- Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: Mark Baugher <mbaugher@cisco.com>
- RE: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: Yaron Sheffer <yaronf@checkpoint.com>

Prev by Date: Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
Next by Date: Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
Previous by thread: Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
Next by thread: Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
Index(es):
- Date
- Thread