Changes between Version 8 and Version 9 of TypicalSECAreaIssues


Ignore:
Timestamp:
09/11/22 13:45:55 (3 months ago)
Author:
rdd@…
Comment:

guidance on limited domains

Legend:

Unmodified
Added
Removed
Modified
  • TypicalSECAreaIssues

    v8 v9  
    66
    77The primary and foremost question for a security analysis is: what environment (and thus threat model) does the system run in?  Absent disclaimer, the Internet Threat Model of [https://www.rfc-editor.org/rfc/rfc3552.html RFC 3552] is assumed, and we have to consider that an attacker can modify, drop, or spoof any protocol message.  It's important to consider the potential for off- vs. on-path attackers (e.g., as in [https://www.rfc-editor.org/rfc/rfc7430.html RFC 7430]), privacy considerations ([https://www.rfc-editor.org/rfc/rfc6973.html RFC 6973]), and the potential interaction with pervasive monitoring ([https://www.rfc-editor.org/rfc/rfc7258.html RFC 7258]).  Additionally, a sufficiently powerful off-path attacker can become on-path using techniques like DNS poisoning and BGP hijacking.
     8
     9Citing that a specification will be fielded in a limited domain (e.g., referencing [https://www.rfc-editor.org/rfc/rfc8799 RFC 8799]) is not a sufficient discussion of security considerations.  The bounds and administrative controls of the limited domain should be discussed.  In addition to the considerations noted above, the specification must described how the specification behavior will be constrained or contained in the limited domain.
    810
    911== (Un)trusted Parties ==