ietf-openproxy
[Top] [All Lists]

Re: Some comments on draft-ietf-opes-threats-00

2002-10-26 10:58:54

Oskar Batuner wrote:

b) Correct if I'm wrong here but it seems to me the (original?) idea of this document was to document the *additional/specific* security threats the addition of an OPES impose. The document as it stands today basically lists more or less all attacks known to
man. [...]

The problem you are pointing to does exist, but I hope it is limited to a few subsections in section 2, namely 2.1.1 - 2.1.5.

I agree with both, the problem exists, in particular in Section 2.1. This section should be structured in a way that it talks only about network level threats *introduced by the new OPES components*, rather then explaining tnetwork level threats in general.

Example in Section 2.1.4: It isn't necessary to explain what eavesdropping is, and it isn't necessary to explain that this is an issue for transmitting information between a client and a server. But it is important to point out that the introduction of OPES processors and callout servers opens new possibilities for eavesdropping, namely on the link between OPES processor and callout server. This is a *new* threat compared to non-OPES environments, and has direct implications on the OPES requirements. The section - and the document in general - should focus on threats introduced by the new OPES elements, and explicitely spell those out.

I think this can easily be fixed.

-Markus


<Prev in Thread] Current Thread [Next in Thread>