RE: [NSIS] new draft about security threats for the NAT/firewall NSLP

[Martin Stiemerling <stiemerling at netlab.nec.de>]

[...]
|
| Section 4.1 (Flooding with 'create session' messages from outside)
| describes three threats:
|
| 1) Attacks due to NSLP state: For each of these messages the middlebox
| needs to store state information such as the policy rules to be loaded,
| i.e. the middlebox could run out of memory.
|
| 2) Attacks due to authentication complexity: This kind of attack is
| possible if authentication is based on mechanisms that require computing
| power e.g. digital signatures.
|
| 3) Attacks to the NTLP.
|
| These attacks seem to be different than the one discussed. The target, as
| well as the damages seem to differ. In the threat discussed, the victim
| is the end point. Also the undesired effects are consumption of the
| access link bandwidth, shorter battery lifetime. Would you agree?
|
| I agree that section 4.1 is where the threat should be described, but it
| does not seem to be presented yet. If you want, I can try to provide you
| with some text,


That would be great if you could provide text on this!

Thanks,

 Martin 

_______________________________________________
nsis mailing list
nsis at ietf.org
https://www1.ietf.org/mailman/listinfo/nsis