[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

comments on draft-ietf-bgmp-spec-05.txt

To: iesg-secretary@ietf.org
Subject: comments on draft-ietf-bgmp-spec-05.txt
From: Steve Bellovin <smb@research.att.com>
Date: Wed, 11 Jun 2003 22:32:52 -0400
Cc: iesg@ietf.org

The Security Considerations section is grossly inadequate.  There are 
lots of ways to secure TCP, such as TLS or (in some situations) IPsec.  
In a document of this form, the threat and authorization model should 
be spelled out, as well as what an attacker can do if confidentiality 
and/or integrity is compromised.

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)

Prev by Date: Re: Evaluation: draft-ietf-avt-srtp - The Secure Real-time Transport Protocol to Proposed Standard
Next by Date: Please withdraw draft-pillay-esnault-ospf-flooding
Previous by thread: Re: Evaluation: draft-ietf-avt-srtp - The Secure Real-time Transport Protocol to Proposed Standard
Next by thread: Please withdraw draft-pillay-esnault-ospf-flooding
Index(es):
- Date
- Thread