[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [DNA] Issue 8: Modify Security Considerations

To: JinHyeock Choi <jinchoe@diffeo.com>
Subject: Re: [DNA] Issue 8: Modify Security Considerations
From: Vijay Devarapalli <vijayd@iprg.nokia.com>
Date: Wed, 25 Aug 2004 18:32:08 -0700
Cc: JinHyeock Choi <jinchoe@samsung.com>, Greg Daley <greg.daley@eng.monash.edu.au>, Pekka Nikander <pekka.nikander@nomadiclab.com>, margaret@thingmagic.com, narten@us.ibm.com, dna@eng.monash.edu.au, Jari Arkko <jari.arkko@piuha.net>
In-reply-to: <20b401c48aac$600bf1a0$f69e93dd@syoung>
References: <01ae01c485c1$405b63d0$ed2f024b@jinchoe><028d01c48a7a$10411380$ed2f024b@jinchoe><02a201c48a7a$e02375c0$ed2f024b@jinchoe><02a801c48a7b$c1be9640$ed2f024b@jinchoe><20ae01c48aab$2b123230$f69e93dd@syoung> <20b401c48aac$600bf1a0$f69e93dd@syoung>
Sender: owner-dna@ecselists.eng.monash.edu.au
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.2)Gecko/20040804 Netscape/7.2 (ax)

I am not sure I understood the issue. I agree that some secure
mechanism is need to detect crossing security boundaries before
a personal firewall is turned off. but why is this tied to SEND?
I dont see anything in SEND for detecting crossing security
boundaries.

it might suffice to say, in the Security Considerations section,
that a secure mechanism is needed to detect crossing security
boundaries before taking actions like turning off personal
firewall and that DNA mechanisms might not be sufficient.

Vijay

JinHyeock Choi wrote:

> Dear DNA WG 
>  
> This is an attempt to resolve this issue:
> 
> Issue 8 
> Jari Arkko proposed to modify Security Consideration 
>  
>    "You may want to add something like what Bernard wrote in his DNAv4 
>    document about not trusting the DNA procedures to turn on/off your personal 
>     firewall based on "recognizing" your home network."
> 
> Suggested resolution: We propose  to modify Security Considerations as belows. 
>  
>    Because DNA schemes are based on Neighbor Discovery, its trust models
>    and threats are similar to the ones presented in [9].  Nodes
>    connected over wireless interfaces may be particularly susceptible to
>    jamming, monitoring and packet insertion attacks.
> 
>    As a result, when Neighbor Discovery is not secured, it is
>    inadvisable for a host to adjust its security based on which network
>    it believes it is attached to.  For example, it would be
>    inappropriate for a host to disable its personal firewall based on
>    the belief that it had connected to a home network.
> 
>    Use of [7] to secure Neighbor Discovery is important in achieving
>    reliable detecting network attachment.  DNA schemes SHOULD
>    incorporate the solutions developed in IETF SEND WG if available,
>    where assessment indicates such procedures are required.
> 
> * We  add something like what Bernard  wrote in DNAv4 I-D between 
>    "... packet insertion attacks' and 'Use of...'
>  
> Please register your opinion if you have any comments, otherwise 
> we'll update the goals draft accordingly and move it forward.
>  
> Thanks to Greg's kind work, we now have the issue list at 
>  
> http://ctieware.eng.monash.edu.au/twiki/bin/view/DNA/DNAGoals
>  
> Thanks for your kind consideration. 
>  
> Best Regards
>  
> JinHyeock

Follow-Ups:
- [DNA] Closing the Goals Issues
  - From: JinHyeock Choi <jinchoe@samsung.com>
- Re: [DNA] Issue 8: Modify Security Considerations
  - From: JinHyeock Choi <jinchoe@samsung.com>

References:
- [DNA] Issue 3: Remove Subsection 3.2 - Inadequacies in RA information
  - From: JinHyeock Choi <jinchoe@samsung.com>
- [DNA] Issue 4: Attain and retain prefixes with certainty as a new goal
  - From: JinHyeock Choi <jinchoe@samsung.com>
- [DNA] Issue 5: Manage connection to multiple links as a new goal
  - From: JinHyeock Choi <jinchoe@samsung.com>
- [DNA] Issue 6: Describe properties of L2 for routing or link change as a newgoal
  - From: JinHyeock Choi <jinchoe@samsung.com>
- [DNA] Issue 7: Clarify Goal 7 SEND/IPsec Compatability
  - From: JinHyeock Choi <jinchoe@diffeo.com>
- [DNA] Issue 8: Modify Security Considerations
  - From: JinHyeock Choi <jinchoe@diffeo.com>

Prev by Date: [DNA] Issue 8: Modify Security Considerations
Next by Date: Re: [DNA] Issue 8: Modify Security Considerations
Prev by thread: [DNA] Issue 8: Modify Security Considerations
Next by thread: Re: [DNA] Issue 8: Modify Security Considerations
Index(es):
- Date
- Thread