[secdir] Heads up: security model at PCP today at 1740: no authentication to open firewall holes
Sam Hartman <hartmans-ietf@mit.edu> Thu, 11 November 2010 06:30 UTC
Return-Path: <hartmans@mit.edu>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0D1373A6A24 for <secdir@core3.amsl.com>; Wed, 10 Nov 2010 22:30:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.132
X-Spam-Level:
X-Spam-Status: No, score=-103.132 tagged_above=-999 required=5 tests=[AWL=-0.867, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BXJ4gEte7BzK for <secdir@core3.amsl.com>; Wed, 10 Nov 2010 22:30:36 -0800 (PST)
Received: from mail.suchdamage.org (permutation-city.suchdamage.org [69.25.196.28]) by core3.amsl.com (Postfix) with ESMTP id 064ED3A69F5 for <secdir@ietf.org>; Wed, 10 Nov 2010 22:30:34 -0800 (PST)
Received: from carter-zimmerman.suchdamage.org (dhcp-2392.meeting.ietf.org [130.129.35.146]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id 4BBCA202B3 for <secdir@ietf.org>; Thu, 11 Nov 2010 01:30:41 -0500 (EST)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 017554761; Thu, 11 Nov 2010 01:30:57 -0500 (EST)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: secdir@ietf.org
Date: Thu, 11 Nov 2010 01:30:57 -0500
Message-ID: <tsltyjomkwu.fsf@carter-zimmerman.suchdamage.org>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: [secdir] Heads up: security model at PCP today at 1740: no authentication to open firewall holes
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Nov 2010 06:30:42 -0000
Folks, to my great surprise, we seem to have chartered work to standardize a protocol for opening holes in NATs and firewalls. They are meeting oposite KARP, so I can't go, but you should. They have a presentation to discuss their security model: http://tools.ietf.org/agenda/79/slides/pcp-6.pdf The idea is that there is no authenticatino at all for the on-link case and ingress filtering (IP ACL authentication) for the off-link case. That's actually probably fine for the NAT case. however, for the firewall control case, which is explicitly within their charter, that is very much problematic. This is early work, they need help not flames. (I'll admit that because it's fairly late before the session, I've focused on shock value in the subject of this message.) Also, note that this presentation is a summary of a fairly long mailing list thread. If you have time to read that, please do.