[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

draft-ietf-ppvpn-requirements

To: iesg-secretary@ietf.org
Subject: draft-ietf-ppvpn-requirements
From: Steve Bellovin <smb@research.att.com>
Date: Thu, 06 Mar 2003 20:40:40 -0500
Cc: iesg@ietf.org

3.3	It might be worth clarifying that extranets often have port 
number restrictions, as well as host restrictions.

4.5 strongly suggests NAT.  Do we really want to encourage that sort of 
thing?  It even speaks of non-IP NAT, which is certainly not our 
business.

5.9 There is text about how customer security measures must not hide 
QoS information from the SP.  That's very wrong.  At least, if it's wrong 
if they mean "you must show us port numbers".  But more fundamentally, 
it says "a security solution deployed by a customer must not hide 
information...".  I don't think this document should be specifying that 
sort of requirements for customer behavior. 

6.9.1	Replay protection has nothing to do with man-in-the-middle 
attacks.

	DES is deprecated and shouldn't be suggested here.  AES should 
	be listed.


		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)

Follow-Ups:
- Re: draft-ietf-ppvpn-requirements
  - From: Harald Tveit Alvestrand <harald@alvestrand.no>

Prev by Date: Re: Evaluation: draft-ietf-pilc-link-design - Advice for Internet Subnetwork Designers to BCP
Next by Date: Re: prob stmt tweek
Previous by thread: Re: Evaluation: draft-ietf-pilc-link-design - Advice for Internet Subnetwork Designers to BCP
Next by thread: Re: draft-ietf-ppvpn-requirements
Index(es):
- Date
- Thread