Oskar Batuner wrote:
b) Correct if I'm wrong here but it seems to me the (original?)
idea of this document was to document the *additional/specific*
security threats the addition of an OPES impose. The document as
it stands today basically lists more or less all attacks known to
man. [...]
The problem you are pointing to does exist, but I hope it is
limited to a few subsections in section 2, namely 2.1.1 - 2.1.5.
I agree with both, the problem exists, in particular in Section 2.1.
This section should be structured in a way that it talks only about
network level threats *introduced by the new OPES components*, rather
then explaining tnetwork level threats in general.
Example in Section 2.1.4: It isn't necessary to explain what
eavesdropping is, and it isn't necessary to explain that this is an
issue for transmitting information between a client and a server. But
it is important to point out that the introduction of OPES processors
and callout servers opens new possibilities for eavesdropping, namely
on the link between OPES processor and callout server. This is a *new*
threat compared to non-OPES environments, and has direct implications
on the OPES requirements. The section - and the document in general -
should focus on threats introduced by the new OPES elements, and
explicitely spell those out.
I think this can easily be fixed.
-Markus