[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
draft-ietf-ipo-framework
Mumble. They did the minimum to respond to my comments
from last time. Not to put too fine a point on it, they
mostly took my text and incorporated it, without (as best
I can tell) even thinking about the issue. For example, I said:
There's another
possible denial of service attack that might be worth thinking
about: could requests for improbable paths (i.e., paths for
which the network wasn't heavily provisioned) consume all of
the ports on internal OXCs? If so, global co-ordination of
service requests might be needed.
The I-D says this:
Optical networks may also be subject to subtle forms of denial of
service attacks. An example of this would be requests for optical
connections with explicit routes that induce a high degree of
blocking for subsequent requests. This aspect might require some
global coordination of resource allocation.
Are there further implications?
I also noted this:
Optical routing is strictly more dangerous than IP routing,
since attacks on the former show up via traceroute and the
like. But optical elements are invisible (so to speak)
to IP nodes. Thus, the output of RPSEC should be considered
in eventual protocols.
I see no new text that addresses this point.
I'm not sure it's worth holding the document up yet again just for
these, but if it's going back, I'd sure like some more work on security.
As I said, mumble.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)