[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: identifiers and security
> > If we add some multihoming signaling whereby an attacker, which was on
> > the path (e.g., by being on the same WiFi subnet as the victim) for a
> > short
> > time period, can cause damage by essentially using the state creation
> > as a way to preserve it's on-path'ness forever, then folks are
> > concerned.
> And justifyably so. But wouldn't it be possible to address this in
> other ways? Such as having per-direction or even per-session state
> rather than per-address?
If you assume that there is an upper timelimit on how long a (TCP)
connection can last one could take such an approach.
But as far as I know the designers of TCP didn't envision such
an upper limit, thus some connections might last forever.
> I think if the redirection problem by attackers that are on-path
> temporarily is limited to individual unprotected sessions, we are not
> materially worse off than today as the same attacker could break the
> sessions today also, and redirecting an unprotected session presumably
> isn't worse than breaking it as the contents aren't secret.
I think there is a difference between
- someone breaking into to office looking at the pieces of paper on
- someone breaking into my office and installing a device which allows
them to look at all future pieces of paper I will place on my desk
Thus there is a difference between looking at unprotected communication
while being on the path, and looking at unprotected communication
long after having left the path.
But this might be a case where we can make things be slightly worse than
in today's Internet since this communication was unprotected in any case.