RE: [Pana] Re: review pana spec

To: "'Yoshihiro Ohba'" <yohba at tari.toshiba.com>, "'Mohan Parthasarathy'" <mohanp at sbcglobal.net>
Subject: RE: [Pana] Re: review pana spec
From: "Alper Yegin" <alper.yegin at yegin.org>
Date: Fri, 1 Dec 2006 17:44:13 +0200
Cc: pana at ietf.org
In-reply-to: <20061130200748.GG10356@steelhead>
List-help: <mailto:pana-request@ietf.org?subject=help>
List-id: Protocol for carrying Authentication for Network Access <pana.ietf.org>
List-post: <mailto:pana@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/pana>, <mailto:pana-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/pana>, <mailto:pana-request@ietf.org?subject=unsubscribe>
Thread-index: AccUu0rRfstOQYS1RmCFxAWj1dzGbgAozd/A

> "
> 11.8.  IP Address Spoofing
> 
>    Without use of SEND (SEcure Neighbor Discovery [RFC 3971], there is
>    no way to prove the ownership of the IP address presented by
>    the PaC.  Hence an attacker can launch a redirect attack by
>    spoofing a victim's IP address.  It is RECOMMENDED to use SEND to
>    avoid such an attack.
> "

I think it is best if we simply acknowledge the problem and state that the
solution is outside the scope of PANA. Trying to solve that, or make
recommendations, is not our business.

I'd recommend:

   PANA does not provide any means to prove ownership of the IP address 
   presented by the PaC. Hence, an authorized PaC can launch a redirect 
   attack by spoofing a victim's IP address. This problem and its 
   solution are outside the scope of PANA.

Alper


> 
> Regards,
> Yoshihiro Ohba
> 
> 
> >
> >
> >
> > -mohan
> >
> >
> >
> >
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: Yoshihiro Ohba [mailto:yohba at tari.toshiba.com]
> > > Sent: Sunday, November 19, 2006 10:39 AM
> > > To: pana at ietf.org
> > > Subject: [Pana] Preliminary pana-pana draft (13a)
> > >
> > > is available at:
> > >
> > > http://www.panasec.org/docs/editing/pana-spec.html
> > >
> > > (Now we get 17 pages reduction.)
> > >
> > > Please do sanity check to make sure that all resolutions discussed in
> > > IETF67 and over mailing list are reflected appropriately.  Diff from
> > > revision 12 is also available.
> > >
> > > As soon as sanity check is done, I will submit a new revision (13)
> > > which is to be used for IETF last call.
> > >
> > > Regards,
> > > Yoshihiro Ohba
> > >
> > > _______________________________________________
> > > Pana mailing list
> > > Pana at ietf.org
> > > https://www1.ietf.org/mailman/listinfo/pana
> >
> >
> >
> >
> >
> > _______________________________________________
> > Pana mailing list
> > Pana at ietf.org
> > https://www1.ietf.org/mailman/listinfo/pana
> >
> >
> 
> _______________________________________________
> Pana mailing list
> Pana at ietf.org
> https://www1.ietf.org/mailman/listinfo/pana


_______________________________________________
Pana mailing list
Pana at ietf.org
https://www1.ietf.org/mailman/listinfo/pana

References:
- Re: [Pana] Re: review pana spec
  - From: Yoshihiro Ohba

Prev by Date: Re: [Pana] Preliminary pana-pana draft (13a)
Next by Date: RE: [Pana] Re: review pana spec
Previous by thread: Re: [Pana] Re: review pana spec
Next by thread: Re: [Pana] Re: review pana spec
Index(es):
- Date
- Thread

RE: [Pana] Re: review pana spec

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.