[secdir] Heads up: security model at PCP today at 1740: no authentication to open firewall holes

Sam Hartman <hartmans-ietf@mit.edu> Thu, 11 November 2010 06:30 UTC

Return-Path: <hartmans@mit.edu>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0D1373A6A24 for <secdir@core3.amsl.com>; Wed, 10 Nov 2010 22:30:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.132
X-Spam-Level:
X-Spam-Status: No, score=-103.132 tagged_above=-999 required=5 tests=[AWL=-0.867, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BXJ4gEte7BzK for <secdir@core3.amsl.com>; Wed, 10 Nov 2010 22:30:36 -0800 (PST)
Received: from mail.suchdamage.org (permutation-city.suchdamage.org [69.25.196.28]) by core3.amsl.com (Postfix) with ESMTP id 064ED3A69F5 for <secdir@ietf.org>; Wed, 10 Nov 2010 22:30:34 -0800 (PST)
Received: from carter-zimmerman.suchdamage.org (dhcp-2392.meeting.ietf.org [130.129.35.146]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id 4BBCA202B3 for <secdir@ietf.org>; Thu, 11 Nov 2010 01:30:41 -0500 (EST)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 017554761; Thu, 11 Nov 2010 01:30:57 -0500 (EST)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: secdir@ietf.org
Date: Thu, 11 Nov 2010 01:30:57 -0500
Message-ID: <tsltyjomkwu.fsf@carter-zimmerman.suchdamage.org>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: [secdir] Heads up: security model at PCP today at 1740: no authentication to open firewall holes
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Nov 2010 06:30:42 -0000

Folks, to my great surprise, we seem to have chartered work to
standardize a protocol for opening holes in NATs and firewalls.  They
are meeting oposite KARP, so I can't go, but you should.

They have a presentation to discuss their security model:

http://tools.ietf.org/agenda/79/slides/pcp-6.pdf

The idea is that there is no authenticatino at all for the on-link case
and ingress filtering (IP ACL authentication) for the off-link case.

That's actually probably fine for the NAT case.  however, for the
firewall control case, which is explicitly within their charter, that is
very much problematic.

This is early work, they need help not flames. (I'll admit that because
it's fairly late before the session, I've focused on shock value in the
subject of this message.)  Also, note that this presentation is a
summary of a fairly long mailing list thread.  If you have time to read
that, please do.