[Fvga-wg] New document on a protocol specificatin for dynamicopening of firewall ports
Gian Luca Volpato
volpato at rrzn.uni-hannover.de
Thu Mar 5 06:21:41 CST 2009
Dear All,
I would like to share with you some comments and thoughts about the
latest version of our FiTP document.
First some questions about the conceptual design of FiTP:
- the use of SSH-NONE with HMAC cipher protocol guarantees that
messages cannot be modified while transferred from the user-CH to the
auth-CH. However only user-CH and auth-CH can verify the integrity of
the messages; firewalls along the communication path have no
possibility to verify message integrity.
Is there any risk that an attacker modifies an FiTP command or an FiTP
reply with the purpose of deceiving an FiTP-aware firewall and making
it to enforce an unauthorized access rule?
If this is the case we should consider the possibility to sign message
digests with the private key of the sender instead of with the secret
key shared between user-CH and auth-CH.
- what happens when the auth-PI crashes?
During the restart operation, are all granted rules invalidated and
accordingly are commands to FiTP-unaware firewalls sent?
This should happen because an FiTP-unaware firewall cannot understand
that a major failure (closing) on the control connection implies
deleting all access grants.
And now some minor remarks on the document:
- page 6, definition of access-rule: why in the case of IP or IPSEC
protocol are sport1,sport2,dport1,dport2 ignored?
- page 8, the definition of user-CH is missing
- page 11, in the definition of the command syntax
"[4_digit_message_code],GAcR,Auth,[textstring"]: what is the meaning
of parameter "Auth" ?
- page 15, in the structure of FiTP reply codes: why do we define
reply codes 1xyz and 2xyz and then we never explain nor use them in
the document?
- page 20, in the command "9000,PathCntl,Encrypted(9000,PathCntl)":
what is the meaning of the parameter "Encrypted(9000,PathCntl)" ?
I wish you a very useful FVGA session at OGF25.
Kind regards
/Gian Luca
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4417 bytes
Desc: not available
Url : http://www.ogf.org/pipermail/fvga-wg/attachments/20090305/85dd68a5/attachment-0001.bin
More information about the fvga-wg
mailing list