[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: alias BOF
Warning: Post from an "implicated" person.
For the last few weeks, I've been talking to Kevin Fall to try to get a
handle around the security issues discussed in ALIAS, such as how to secure
ICMP traffic between a router and a host. Today we typically ignore ICMP
traffic in situations that would be security critical -- such an ICMP "port
unreachable" message that would indicate to the IKE Initiator that the
destination does not support IKE. I see this part of the work as an
extension of SEND -- so that it probably best not done in a Transport Area
WG where the participants would probably lack the security and IPv6
expertise to get it right. But this is a somewhat generic security issue.
There is also the need for a thoughtful look at what is available from L2,
and what we might be able to do with it (either on hosts or intermediaries).
This is a survey document that I think would be valuable and maybe even
educational. Here the answers probably depend quite a bit on the scenario
-- L2 jitter and retransmissions in 802.11 multipoint is unlikely to affect
a TCP connection operating over the Internet (as opposed to a connection on
a local LAN). On the other hand, if you take measurements on the Bay Area
Wireless Research Network (BARWN) point-to-point links across the Bay, you'd
probably find some interesting behavior. There's a fair amount of
literature here, some practical experience and also maybe even some
opportunity to discuss measurements, so I think it's worth doing.
I agree with Sally that we probably already have enough info on PEPs so that
we need not charter ALIAS to work on that.
I'm quite comfortable with Kevin as a potential ALIAS WG chair, but think
that a very tight charter will need to be written to essentially limit the
WG to "studying" the problem and demonstrating an appropriate level of
thoughtfullness and care before they can be granted the right to play with
knives (solutions, such as protocol design).
_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail