[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IPSECKEY] Security Considerations (pass 2)



On Sun, May 25, 2003 at 03:48:37PM -0400, Rob Austein wrote:
> > In an environment in which active attacks are likely to happen, both key
> > information and gateway option are extremely vulnerable without the
> > use of end-to-end integrity protection. Thus, in such an environment,
> > the dns client MUST refuse any gateway field different from the RR owner
> > name. Note that this implies coherence of types between RR owner name
> > and gateway field (both IPv4 or both FQDN or both IPv6 etc), thus the
> > use of self "." is recommanded for ease of use.
> 
> Yeah, I was wondering if I should have punted the stuff about the RR
> owner name matching the gateway field and just said that a client
> which has to worry about active attacks on the DNS data MUST NOT trust
> IPSECKEY records with a non-zero gateway type field.

That's good question. Besides, on the server side, section 3.1 mandates:

If no gateway is to be indicated, then the gateway type field MUST be
zero, and the gateway type MUST be "."

BTW, s/gateway type/gateway field/ ?

Is there a peticular difference between the following 2 cases ?

- No gateway (type=0 gateway=".")
- The gateway is the same as the RR owner (ex: type=1
  gateway=192.0.2.38)

I would take type=0 as a clue that the host will accept transport mode
SA, and (type != 0 && address == RR_owner) as a clue that the host will
take only tunnel mode proposals. Is it the original intent ?

--
Jean-Jacques Puig
-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.