[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[DNA] Issue 8: Modify Security Considerations

To: JinHyeock Choi <jinchoe@diffeo.com>, JinHyeock Choi <jinchoe@samsung.com>, Greg Daley <greg.daley@eng.monash.edu.au>, Pekka Nikander <pekka.nikander@nomadiclab.com>, margaret@thingmagic.com, narten@us.ibm.com
Subject: [DNA] Issue 8: Modify Security Considerations
From: JinHyeock Choi <jinchoe@diffeo.com>
Date: Wed, 25 Aug 2004 23:03:56 +0900
Cc: dna@eng.monash.edu.au, Jari Arkko <jari.arkko@piuha.net>, JinHyeock Choi <jinchoe@diffeo.com>
References: <01ae01c485c1$405b63d0$ed2f024b@jinchoe><028d01c48a7a$10411380$ed2f024b@jinchoe><02a201c48a7a$e02375c0$ed2f024b@jinchoe><02a801c48a7b$c1be9640$ed2f024b@jinchoe><20ae01c48aab$2b123230$f69e93dd@syoung>
Sender: owner-dna@ecselists.eng.monash.edu.au

Dear DNA WG 
 
This is an attempt to resolve this issue:

Issue 8 
Jari Arkko proposed to modify Security Consideration 
 
   "You may want to add something like what Bernard wrote in his DNAv4 
   document about not trusting the DNA procedures to turn on/off your personal 
    firewall based on "recognizing" your home network."

Suggested resolution: We propose  to modify Security Considerations as belows. 
 
   Because DNA schemes are based on Neighbor Discovery, its trust models
   and threats are similar to the ones presented in [9].  Nodes
   connected over wireless interfaces may be particularly susceptible to
   jamming, monitoring and packet insertion attacks.

   As a result, when Neighbor Discovery is not secured, it is
   inadvisable for a host to adjust its security based on which network
   it believes it is attached to.  For example, it would be
   inappropriate for a host to disable its personal firewall based on
   the belief that it had connected to a home network.

   Use of [7] to secure Neighbor Discovery is important in achieving
   reliable detecting network attachment.  DNA schemes SHOULD
   incorporate the solutions developed in IETF SEND WG if available,
   where assessment indicates such procedures are required.

* We  add something like what Bernard  wrote in DNAv4 I-D between 
   "... packet insertion attacks' and 'Use of...'
 
Please register your opinion if you have any comments, otherwise 
we'll update the goals draft accordingly and move it forward.
 
Thanks to Greg's kind work, we now have the issue list at 
 
http://ctieware.eng.monash.edu.au/twiki/bin/view/DNA/DNAGoals
 
Thanks for your kind consideration. 
 
Best Regards
 
JinHyeock

Follow-Ups:
- Re: [DNA] Issue 8: Modify Security Considerations
  - From: Vijay Devarapalli <vijayd@iprg.nokia.com>

References:
- [DNA] Issue 3: Remove Subsection 3.2 - Inadequacies in RA information
  - From: JinHyeock Choi <jinchoe@samsung.com>
- [DNA] Issue 4: Attain and retain prefixes with certainty as a new goal
  - From: JinHyeock Choi <jinchoe@samsung.com>
- [DNA] Issue 5: Manage connection to multiple links as a new goal
  - From: JinHyeock Choi <jinchoe@samsung.com>
- [DNA] Issue 6: Describe properties of L2 for routing or link change as a newgoal
  - From: JinHyeock Choi <jinchoe@samsung.com>
- [DNA] Issue 7: Clarify Goal 7 SEND/IPsec Compatability
  - From: JinHyeock Choi <jinchoe@diffeo.com>

Prev by Date: [DNA] Issue 7: Clarify Goal 7 SEND/IPsec Compatability
Next by Date: Re: [DNA] Issue 8: Modify Security Considerations
Prev by thread: [DNA] Issue 7: Clarify Goal 7 SEND/IPsec Compatability
Next by thread: Re: [DNA] Issue 8: Modify Security Considerations
Index(es):
- Date
- Thread