[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ballot: Remote Network Monitoring MIB Protocol Identifier Reference to Draft Standard (Revised)

To: IESG Secretary <iesg-secretary@ietf.org>
Subject: Re: Ballot: Remote Network Monitoring MIB Protocol Identifier Reference to Draft Standard (Revised)
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Wed, 11 Jun 2003 17:14:27 -0400
Cc: Internet Engineering Steering Group <iesg@ietf.org>

In message <200306051255.IAA22857@ietf.org>, IESG Secretary writes:
>

>                    Yes    No-Objection  Discuss *  Abstain
>
>Steve Bellovin      [   ]     [   ]       [ x ]      [   ]

Mmm -- I think I'd like the Security Considerations to say something 
like this:

	The security sensitivity of a macro is at least as great as
	the sensitivity of any of its components, and sometimes greater.
	For example, read access to port numbers alone is of mild
	interest; the same is true for read access to host addresses
	and TCP sequence numbers.  However, the set of all of that
	information for any one connection allows easy session
	hijacking.


		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)

Prev by Date: Re: 57th IETF WG/BOF Scheduling - Draft Agenda (as of June 10th)
Next by Date: Re: 57th IETF WG/BOF Scheduling - Draft Agenda (as of June 10th)
Previous by thread: draft-ietf-bgmp-spec-05.txt
Next by thread: RE: Ballot: Remote Network Monitoring MIB Protocol Identifier Reference to Draft Standard (Revised)
Index(es):
- Date
- Thread