Opened 7 years ago

Closed 7 years ago

#33 closed enhancement (fixed)

Security Considerations: Justify only describing attacks

Reported by: bob.briscoe@… Owned by: draft-ietf-conex-abstract-mech@…
Priority: minor Milestone:
Component: abstract-mech Version:
Severity: Waiting for Expert Review Keywords:
Cc:

Description

Suggested wording to replace part of the beginning of Security Considerations (initial thoughts, to be stitched in more carefully at edit time):

Security attacks and their defences are best discussed against a concrete protocol specification, not the abstract mechanism of this document. A concrete ConEx? protocol(s) will need to be accompanied by a document describing how the protocol and its audit mechanisms defend against likely attacks.

[Refb-dis] will be a useful source for such a document. It gives a comprehensive inventory of attacks against audit that have been proposed by various parties. It includes pseudocode for both deterministic and statistical audit functions designed to thwart these attacks and analyses the effectiveness of an implementation.

However, [Refb-dis] is specific to the re-ECN protocol, which signalled ECN & loss together, whereas ConEx? signals them separately. Therefore, although likely attacks will be similar, there will be more combinations of attacks to worry about, and defences and their analysis are likely to be a little different for ConEx?.

The main known attacks that a security document for a concrete ConEx? protocol will need to address are listed below, and [Refb-dis] should be referred to for how re-ECN was designed to defend against similar attacks:

Change History (1)

comment:1 Changed 7 years ago by bob.briscoe@…

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.