[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[resend] security considerations for draft-ietf-magma-snoop (Forwarded)

To: mjc@tt.dk, karen.kimball@hp.com, solenskyf@acm.org
Subject: [resend] security considerations for draft-ietf-magma-snoop (Forwarded)
From: Steve Bellovin <smb@research.att.com>
Date: Tue, 02 Sep 2003 16:06:29 -0400
Cc: iesg@ietf.org

------- Forwarded Message

From: Steve Bellovin <smb@research.att.com>
To: mjc%tt.dk.karen.kimball@hp.com, solenskyf@acm.org
Subject: security considerations for draft-ietf-magma-snoop
cc: iesg@ietf.org
Date: Tue, 02 Sep 2003 15:53:40 -0400

The Security Considerations section for this document essentially
refers the readers to the security considerations sections of the
protocol definition documents.  It isn't clear to me that that's
adequate.  In particular, Section 9.2 of RFC 3376 says

   Forged
   Report messages from the local network are meaningless, since joining
   a group on a host is generally an unprivileged operation, so a local
   user may trivially gain the same result without forging any messages.

With snooping switches, that's no longer true -- the router is looking
at the IP address, but the switch is looking at the port.  Furthermore
(and this is based on a quick scan of 3376) 9.1 speaks of semantics
associated with the numeric value of the IP address; again, there's
a disconnect between address-based behavior and port-based behavior.

Does this sort of thing warrant additional text in this draft?

------- End of Forwarded Message

		--Steve Bellovin, http://www.research.att.com/~smb

Prev by Date: security considerations for draft-ietf-magma-snoop
Next by Date: Re: Withdrawal of draft-ietf-dhc-unused-optioncodes
Previous by thread: security considerations for draft-ietf-magma-snoop
Next by thread: Evaluation: draft-ietf-secsh-architecture-14
Index(es):
- Date
- Thread