[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
comments on draft-ietf-bgmp-spec-05.txt
The Security Considerations section is grossly inadequate. There are
lots of ways to secure TCP, such as TLS or (in some situations) IPsec.
In a document of this form, the threat and authorization model should
be spelled out, as well as what an attacker can do if confidentiality
and/or integrity is compromised.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)