Re: TSVDIR review of draft-ietf-intarea-shared-addressing-issues-02

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi, Fernando,

On 2/2/2011 12:03 AM, Fernando Gont wrote:
On 01/02/2011 10:35 p.m., Joe Touch wrote:
...
...
7.  Geo-location and Geo-proximity

?INT? This section is, IMO, odd; IP address never meant physical
location anyway, and tunnels obviate that meaning regardless of the
impact of NATs or other sharing techniques.

Agreed. But geo-location is nevertheless widely used for marketing purposes.

Agreed, but whether it works now is arbitrary; it's not a design consideration of the protocols.

At the least, it's worth noting that geolocation is already broken by tunnels, and that IP addressing does not ensure geographic proximity before attributing breakage on NATs or other sharing.

13.4.  Port Randomisation
...
    It should be noted that guessing the port information may not be
    sufficient to carry out a successful blind attack.   The exact TCP
    Sequence Number (SN) should also be known.

There are data injection attacks that are possible even without knowing
the exact SN.

draft-ietf-tcpm-tcp-security may be of use here.

rfc5961 is already published and describes the issue in specific, and may be more useful as a reference for this.

Further, port randomization is just one way to protect a connection
(another includes timestamp verification, as noted in RFC4953).

RFC4953 is a little bit vague in this respect.

Yes, but it does refer to the issue. The point is just that the current doc focuses on one way, there are others, and that's worth noting IMO.

Joe
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]