Hi, Fernando,
On 2/2/2011 12:03 AM, Fernando Gont wrote:
On 01/02/2011 10:35 p.m., Joe Touch wrote:
...
...
7. Geo-location and Geo-proximity
?INT? This section is, IMO, odd; IP address never meant physical
location anyway, and tunnels obviate that meaning regardless of the
impact of NATs or other sharing techniques.
Agreed. But geo-location is nevertheless widely used for marketing purposes.
Agreed, but whether it works now is arbitrary; it's not a design
consideration of the protocols.
At the least, it's worth noting that geolocation is already broken by
tunnels, and that IP addressing does not ensure geographic proximity
before attributing breakage on NATs or other sharing.
13.4. Port Randomisation
...
It should be noted that guessing the port information may not be
sufficient to carry out a successful blind attack. The exact TCP
Sequence Number (SN) should also be known.
There are data injection attacks that are possible even without knowing
the exact SN.
draft-ietf-tcpm-tcp-security may be of use here.
rfc5961 is already published and describes the issue in specific, and
may be more useful as a reference for this.
Further, port randomization is just one way to protect a connection
(another includes timestamp verification, as noted in RFC4953).
RFC4953 is a little bit vague in this respect.
Yes, but it does refer to the issue. The point is just that the current
doc focuses on one way, there are others, and that's worth noting IMO.
Joe
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf