[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
draft-ietf-msdp-spec
Since it's Experimental rather than standards track, I'll describe the
Security Considerations as "quite inadequate" rather than "grossly
inaadequate". It boils down to "use IPsec", without giving enough
detail, or "use MD5" without saying *anything* about the syntax. (TLS
is another obvious choice that's omitted.) Beyond that, there's no
discussion of the authorization model.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)