RE: [pim] last-hop threats by hosts to PIM (fwd)
Pekka Savola <pekkas@netcore.fi> Wed, 12 January 2005 13:15 UTC
Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA10059 for <pim-archive@lists.ietf.org>; Wed, 12 Jan 2005 08:15:22 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Coi8N-0004ZE-FV; Wed, 12 Jan 2005 08:01:59 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Coi2B-0002hI-Gc for pim@megatron.ietf.org; Wed, 12 Jan 2005 07:55:35 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA08319 for <pim@ietf.org>; Wed, 12 Jan 2005 07:55:34 -0500 (EST)
Received: from netcore.fi ([193.94.160.1]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CoiGC-0004S4-JZ for pim@ietf.org; Wed, 12 Jan 2005 08:10:05 -0500
Received: from localhost (pekkas@localhost) by netcore.fi (8.11.6/8.11.6) with ESMTP id j0CCsiS26216; Wed, 12 Jan 2005 14:54:51 +0200
Date: Wed, 12 Jan 2005 14:54:44 +0200
From: Pekka Savola <pekkas@netcore.fi>
To: James Lingard <James.Lingard@dataconnection.com>
Subject: RE: [pim] last-hop threats by hosts to PIM (fwd)
In-Reply-To: <53F74F5A7B94D511841C00B0D0AB16F80358130D@baker.datcon.co.uk>
Message-ID: <Pine.LNX.4.61.0501121445470.24451@netcore.fi>
References: <53F74F5A7B94D511841C00B0D0AB16F80358130D@baker.datcon.co.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8b431ad66d60be2d47c7bfeb879db82c
Cc: pim@ietf.org
X-BeenThere: pim@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Protocol Independent Multicast <pim.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/pim>, <mailto:pim-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:pim@ietf.org>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/pim>, <mailto:pim-request@ietf.org?subject=subscribe>
Sender: pim-bounces@ietf.org
Errors-To: pim-bounces@ietf.org
Hi, Thanks for comments James and Beau. I'll follow up with them off-list. I'll just comment at this point on the generic observations: (It would be interesting to see more input from the WG on what they think this would be useful for, if anything :) On Fri, 7 Jan 2005, James Lingard wrote: > I'm not sure that this draft makes a useful contribution, given the existing > Security Considerations section of draft-ietf-pim-sm-v2-new and > draft-ietf-mboned-mroutesec. There seems to be very little here that is not > in one of those two documents. And although this document does bring > together the material into one place, I fear that the creation of a third > document may only confuse matters. Mmm. The security considerations section of draft-ietf-pim-sm-v2-new has gotten better since I last looked at it; I recall that it was mostly a guide how to use IPsec with PIM. draft-ietf-mboned-mroutesec tried to cover only the "off-link" part of PIM, i.e., if you would be able to control the DRs and other routers, what you could do. (I agree that hosts sending PIM registers is a tricky business). I believe this doc spells out the specific threats and attacks a little bit further than what's in the spec, and analyzes other mitigation techniques rather than just IPsec. In hindsight, it might have made sense to put this draft-ietf-mboned-mroutesec but that's too late now. Now, the question still stays, what to do here. Try to beef up draft-ietf-pim-sm-v2's security considerations to include this material? Keep going as is, maybe consider merging later, e.g., when PIM-SM is going for DS? Something else? > Secondly, I find it hard to understand what assumption you are making about > the level of PIM knowledge of the reader. I feel that someone without a > reasonable knowledge of the protocol would be unable to understand the > document, yet in several places it attempts to give explanation that would > be unnecessary to a more knowledgeable reader. Perhaps an up-front > statement of assumptions would be useful. True enough -- I've assumed that the reader is familiar with PIM basics, but not necessarily the latest developments of the spec. For example, a reader from security community evaluating PIM. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings _______________________________________________ pim mailing list pim@ietf.org https://www1.ietf.org/mailman/listinfo/pim
- [pim] last-hop threats by hosts to PIM Pekka Savola
- [pim] last-hop threats by hosts to PIM (fwd) Pekka Savola
- Re: [pim] last-hop threats by hosts to PIM (fwd) Beau Williamson
- RE: [pim] last-hop threats by hosts to PIM (fwd) James Lingard
- RE: [pim] last-hop threats by hosts to PIM (fwd) Pekka Savola