[btns] rfc 5387

jb27@cec.wustl.edu Thu, 23 April 2009 21:14 UTC

Return-Path: <jb27@cec.wustl.edu>
X-Original-To: btns@core3.amsl.com
Delivered-To: btns@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5C43F3A687C for <btns@core3.amsl.com>; Thu, 23 Apr 2009 14:14:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.67
X-Spam-Level:
X-Spam-Status: No, score=-1.67 tagged_above=-999 required=5 tests=[AWL=0.930, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G4ekrV9DHJdZ for <btns@core3.amsl.com>; Thu, 23 Apr 2009 14:14:41 -0700 (PDT)
Received: from mail.cec.wustl.edu (express.cec.wustl.edu [128.252.21.16]) by core3.amsl.com (Postfix) with ESMTP id 905DA3A681D for <btns@ietf.org>; Thu, 23 Apr 2009 14:14:41 -0700 (PDT)
Received: from webmail.cec.wustl.edu (localhost.localdomain [127.0.0.1]) by mail.cec.wustl.edu (Postfix) with ESMTP id 014F21E809F; Thu, 23 Apr 2009 16:15:59 -0500 (CDT)
Received: from 172.16.1.131 (SquirrelMail authenticated user jb27) by webmail.cec.wustl.edu with HTTP; Thu, 23 Apr 2009 16:15:59 -0500 (CDT)
Message-ID: <023070630846bf76af405743608d413b.squirrel@webmail.cec.wustl.edu>
In-Reply-To: <49ECADDD.9060204@ese.wustl.edu>
References: <8ab37b7001d3c3eb657cf4094244ccdc.squirrel@webmail.cec.wustl.edu> <49A4CDFF.3050907@ese.wustl.edu> <4c1c9a1604e5bb3ac960f4dfff3c88e0.squirrel@webmail.cec.wustl.edu> <49C3A0C3.8000303@ese.wustl.edu> <7610b87c95062b678eaf5b91da2e2670.squirrel@webmail.cec.wustl.edu> <49D9EFAC.7010602@ese.wustl.edu> <9568b97276e9e104429445829e257532.squirrel@webmail.cec.wustl.edu> <49ECADDD.9060204@ese.wustl.edu>
Date: Thu, 23 Apr 2009 16:15:59 -0500 (CDT)
From: jb27@cec.wustl.edu
To: "Alan Johnston" <alan@ese.wustl.edu>, btns@ietf.org
User-Agent: SquirrelMail/1.4.15
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Mailman-Approved-At: Tue, 05 May 2009 10:32:08 -0700
Subject: [btns] rfc 5387
X-BeenThere: btns@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Better-Than-Nothing-Security Working Group discussion list <btns.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/btns>, <mailto:btns-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/btns>
List-Post: <mailto:btns@ietf.org>
List-Help: <mailto:btns-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/btns>, <mailto:btns-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2009 21:22:30 -0000

Hello!  I am a student taking Internet Communications and our class is
just finishing up our "security" section and I have a few questions about
rfc 5387.


-In the section 1.1 (Authentication) it is mentioned that is possible to
use a trusted third party, could this be a third “peer”, proxy, and or
STUN server?
-Could BTNS use Chords?
-In section 1.2, it is mentioned “the peer's identity is the same for the
lifetime of the packet flow”, can this identity be reused so it is open to
attacks?
-In this RFC it is mentioned that obtaining a security certificate could
take a while.  I’ve never had to get one, so how long does it take?  Why
would it be necessary to skip?
-MitM attacks are mentioned frequently, how are users detecting them to
ensure they can use BTNS?
-Although it can be cumbersome, what’s wrong with having redundancy?
“. . . authentication at both the network layer and a higher layer for the
   same connection.”  Or is this where one authentication might fail?
-Is BTNS a form of best effort encryption?
-From section 4, BTNS protects security associations after they are
established by reducing vulnerability to attacks from parties that are not
participants in the association.”  Doest this include MitM attacks?