The MPLS WG Archive[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index][Thread Index][Author Index][Subject Index] Security issue re draft-ietf-mpls-in-ip-or-gre-07
On Sat, 20 Mar 2004, Bora Akyol wrote: > I think we are in agreement here,the text as it stands is fine, the > additional requirement for checking the source address provides > really no additional protection for even the most clueless attacker. The quote you took was taken out of context, and my intent was to convey exactly the opposite message -- not sure how it got through. I think your argument is, "let's not bother to specify decapsulation checks, because we can just specify that operators must deploy destination-based checks if they want to be safe". My argument is, "source-based decapsulation checks are very useful on their own, and sufficient in most cases, as all the operators should have deployed source-address based checks at their borders already (and deploying destination-based checks is infeasible, and can't be assumed/ensured, so we'll end up with a lot of vulnerable MPLS networks)". > The text however should mention uRPF somewhere in the security section > with a reference to BCP-38. And if one is doing uRPF is it "loose" mode > or "strict" mode. BCP-38 only describes the "strict" mode. Loose mode is practically useless in this context. See recently published RFC3704 (BCP84) for more. It's much better than BCP38 (even if may say so: I'm co-author). > And as far as GRE keying, I doubt that you can use that to assure the > security of the packets especially in high speed implementations. People just haven't implemented it.. so it likely doesn't help you much *today* but if folks believe this is important for them, and this would be the best way to tackle the problem, it would get done, I'd wager. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
|
|