[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [DNA] Issue 8: Modify Security Considerations

To: JinHyeock Choi <jinchoe@samsung.com>
Subject: Re: [DNA] Issue 8: Modify Security Considerations
From: Vijay Devarapalli <vijayd@iprg.nokia.com>
Date: Fri, 27 Aug 2004 11:29:31 -0700
Cc: Greg Daley <greg.daley@eng.monash.edu.au>, Pekka Nikander <pekka.nikander@nomadiclab.com>, dna@eng.monash.edu.au
In-reply-to: <002b01c48bd4$a0694e40$ed2f024b@jinchoe>
References: <01ae01c485c1$405b63d0$ed2f024b@jinchoe><028d01c48a7a$10411380$ed2f024b@jinchoe><02a201c48a7a$e02375c0$ed2f024b@jinchoe><02a801c48a7b$c1be9640$ed2f024b@jinchoe><20ae01c48aab$2b123230$f69e93dd@syoung> <20b401c48aac$600bf1a0$f69e93dd@syoung>
Sender: owner-dna@ecselists.eng.monash.edu.au
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040430

thanks.

Vijay

JinHyeock Choi wrote:
> Vijay
> 
> 
>>>Our line of thoughts are like below.
>>>
>>>1. With SEND, we can secure Router Discovery, such as Router 
>>>    Advertisement. 
>>>2. With secured RA messages, we can secure DNA.  
>>
>>this reasoning is flawed. who said all DNA mechanisms will be
>>based on RA messages?
> 
> 
> Even though, at this point, we can't be certain that DNA will be 
> based on RA message, I think that's highly likely and will bet a
> dinner on it. :-) Thinking it over, 'ALL' is a very hard qualitifier to 
> satisfy.  
> 
> 
>>>3. With secured DNA mechanisms, a host can safely adjust its 
>>>    security based on which network link it believe it is attached to. 
>>>4. Without secured DNA schemes, it's inadvisable to do so.  
>>>
>>>We think that DNA schemes can be used to detect crossing security 
>>>boundaries indirectly and SEND can be used to secure DNA, so the 
>>>connection.  
>>
>>that is your opinion. IMO, it doesnt belong in a Goals document.
>>what if I have never planned on using SEND. :)
> 
> 
> I see your point. It may be premature to mention SEND in goals draft 
> because, right now, we can't say what form DNA schemes will
> take. It maybe be better for us to mention SEND in Solution drafts. 
> 
> [omitted] 
> 
>>just delete the second paragraph. you can still convey what you
>>want to in the Security Considerations section without that text.
>>
>>   Because DNA schemes are based on Neighbor Discovery, its trust models
>>   and threats are similar to the ones presented in [9].  Nodes
>>   connected over wireless interfaces may be particularly susceptible to
>>   jamming, monitoring and packet insertion attacks.
>>
>>   With unsecured DNA schemes, it is inadvisable for a host to adjust
>>   its security based on which network it believes it is attached to.
>>   For example, it would be inappropriate for a host to disable its
>>   personal firewall based on the belief that it had connected to a home
>>   network.
> 
> 
> I agree. I'll modify as you proposed. It may be better for us to include 
> the second paragraph in Security Consideration of Solution drafts.  
>  
> 
>>ps: Reference [9] is RFC 3775. you probably wanted to say RFC 3756
>>which is reference [10]
> 
> 
> The reference number is from the new version. In it, [9] is RFC 3756.  
> This comment warms my heart because it showed that you really paid 
> attention. :-)  
> 
> Thanks for your kind and helpful comments. 
> 
> Best Regards
> 
> JinHyeock

References:
- [DNA] Issue 3: Remove Subsection 3.2 - Inadequacies in RA information
  - From: JinHyeock Choi <jinchoe@samsung.com>
- [DNA] Issue 4: Attain and retain prefixes with certainty as a new goal
  - From: JinHyeock Choi <jinchoe@samsung.com>
- [DNA] Issue 5: Manage connection to multiple links as a new goal
  - From: JinHyeock Choi <jinchoe@samsung.com>
- [DNA] Issue 6: Describe properties of L2 for routing or link change as a newgoal
  - From: JinHyeock Choi <jinchoe@samsung.com>
- [DNA] Issue 7: Clarify Goal 7 SEND/IPsec Compatability
  - From: JinHyeock Choi <jinchoe@diffeo.com>
- [DNA] Issue 8: Modify Security Considerations
  - From: JinHyeock Choi <jinchoe@diffeo.com>
- Re: [DNA] Issue 8: Modify Security Considerations
  - From: JinHyeock Choi <jinchoe@samsung.com>

Prev by Date: Re: [DNA] Issue 8: Modify Security Considerations
Next by Date: [DNA] Tree Discovery
Prev by thread: Re: [DNA] Issue 8: Modify Security Considerations
Next by thread: [DNA] Closing the Goals Issues
Index(es):
- Date
- Thread