Re: TSVDIR review of draft-ietf-intarea-shared-addressing-issues-02
Joe Touch <touch@isi.edu> Wed, 02 February 2011 17:36 UTC
Return-Path: <touch@isi.edu>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 24CF63A6D67; Wed, 2 Feb 2011 09:36:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.603
X-Spam-Level:
X-Spam-Status: No, score=-102.603 tagged_above=-999 required=5 tests=[AWL=-0.004, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3wf2Wx0Yi8ww; Wed, 2 Feb 2011 09:36:08 -0800 (PST)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by core3.amsl.com (Postfix) with ESMTP id 5ECF13A6D44; Wed, 2 Feb 2011 09:36:08 -0800 (PST)
Received: from [128.9.160.166] (abc.isi.edu [128.9.160.166]) (authenticated bits=0) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id p12HcsJV000763 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT); Wed, 2 Feb 2011 09:38:54 -0800 (PST)
Message-ID: <4D4996AE.8060302@isi.edu>
Date: Wed, 02 Feb 2011 09:38:54 -0800
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7
MIME-Version: 1.0
To: Fernando Gont <fernando@gont.com.ar>
Subject: Re: TSVDIR review of draft-ietf-intarea-shared-addressing-issues-02
References: <4D48B4EA.20503@isi.edu> <4D490FED.6060303@gont.com.ar>
In-Reply-To: <4D490FED.6060303@gont.com.ar>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: "tsv-ads@tools.ietf.org" <tsv-ads@tools.ietf.org>, draft-ietf-intarea-shared-addressing-issues@tools.ietf.org, IETF discussion list <ietf@ietf.org>, TSV Dir <tsv-dir@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Feb 2011 17:36:09 -0000
Hi, Fernando, On 2/2/2011 12:03 AM, Fernando Gont wrote: > On 01/02/2011 10:35 p.m., Joe Touch wrote: ... >> ... >>> 7. Geo-location and Geo-proximity >> >> ?INT? This section is, IMO, odd; IP address never meant physical >> location anyway, and tunnels obviate that meaning regardless of the >> impact of NATs or other sharing techniques. > > Agreed. But geo-location is nevertheless widely used for marketing purposes. Agreed, but whether it works now is arbitrary; it's not a design consideration of the protocols. At the least, it's worth noting that geolocation is already broken by tunnels, and that IP addressing does not ensure geographic proximity before attributing breakage on NATs or other sharing. >>> 13.4. Port Randomisation >> ... >>> It should be noted that guessing the port information may not be >>> sufficient to carry out a successful blind attack. The exact TCP >>> Sequence Number (SN) should also be known. >> >> There are data injection attacks that are possible even without knowing >> the exact SN. > > draft-ietf-tcpm-tcp-security may be of use here. rfc5961 is already published and describes the issue in specific, and may be more useful as a reference for this. >> Further, port randomization is just one way to protect a connection >> (another includes timestamp verification, as noted in RFC4953). > > RFC4953 is a little bit vague in this respect. Yes, but it does refer to the issue. The point is just that the current doc focuses on one way, there are others, and that's worth noting IMO. Joe
- Re: TSVDIR review of draft-ietf-intarea-shared-ad… Jari Arkko
- Re: TSVDIR review of draft-ietf-intarea-shared-ad… Joe Touch
- Re: TSVDIR review of draft-ietf-intarea-shared-ad… Fernando Gont
- Re: TSVDIR review of draft-ietf-intarea-shared-ad… Masataka Ohta
- TSVDIR review of draft-ietf-intarea-shared-addres… Joe Touch
- Re: TSVDIR review of draft-ietf-intarea-shared-ad… Fernando Gont
- Re: TSVDIR review of draft-ietf-intarea-shared-ad… Masataka Ohta
- Re: TSVDIR review of draft-ietf-intarea-shared-ad… Joe Touch
- Re: TSVDIR review of draft-ietf-intarea-shared-ad… Joe Touch
- Re: TSVDIR review of draft-ietf-intarea-shared-ad… Fernando Gont
- Re: TSVDIR review of draft-ietf-intarea-shared-ad… Joe Touch
- Re: TSVDIR review of draft-ietf-intarea-shared-ad… Fernando Gont
- Re: TSVDIR review of draft-ietf-intarea-shared-ad… Fernando Gont
- Re: TSVDIR review of draft-ietf-intarea-shared-ad… Joe Touch
- Re: TSVDIR review of draft-ietf-intarea-shared-ad… Joe Touch
- Re: TSVDIR review of draft-ietf-intarea-shared-ad… Joe Touch
- Re: TSVDIR review of draft-ietf-intarea-shared-ad… Masataka Ohta
- Re: TSVDIR review of draft-ietf-intarea-shared-ad… Masataka Ohta
- TSVDIR review of draft-ietf-mboned-addrarch-07 Joe Touch