[Fvga-wg] New document on a protocol specificatin for dynamicopening of firewall ports

Gian Luca Volpato volpato at rrzn.uni-hannover.de
Thu Mar 5 06:21:41 CST 2009 

Dear All,

I would like to share with you some comments and thoughts about the  
latest version of our FiTP document.

First some questions about the conceptual design of FiTP:
- the use of SSH-NONE with HMAC cipher protocol guarantees that  
messages cannot be modified while transferred from the user-CH to the  
auth-CH. However only user-CH and auth-CH can verify the integrity of  
the messages; firewalls along the communication path have no  
possibility to verify message integrity.
Is there any risk that an attacker modifies an FiTP command or an FiTP  
reply with the purpose of deceiving an FiTP-aware firewall and making  
it to enforce an unauthorized access rule?
If this is the case we should consider the possibility to sign message  
digests with the private key of the sender instead of with the secret  
key shared between user-CH and auth-CH.

- what happens when the auth-PI crashes?
During the restart operation, are all granted rules invalidated and  
accordingly are commands to FiTP-unaware firewalls sent?
This should happen because an FiTP-unaware firewall cannot understand  
that a major failure (closing) on the control connection implies  
deleting all access grants.


And now some minor remarks on the document:
- page 6, definition of access-rule: why in the case of IP or IPSEC  
protocol are sport1,sport2,dport1,dport2 ignored?
- page 8, the definition of user-CH is missing
- page 11, in the definition of the command syntax  
"[4_digit_message_code],GAcR,Auth,[textstring"]: what is the meaning  
of parameter "Auth" ?
- page 15, in the structure of FiTP reply codes: why do we define  
reply codes 1xyz and 2xyz and then we never explain nor use them in  
the document?
- page 20, in the command "9000,PathCntl,Encrypted(9000,PathCntl)":  
what is the meaning of the parameter "Encrypted(9000,PathCntl)" ?


I wish you a very useful FVGA session at OGF25.
Kind regards
/Gian Luca

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4417 bytes
Desc: not available
Url : http://www.ogf.org/pipermail/fvga-wg/attachments/20090305/85dd68a5/attachment-0001.bin

More information about the fvga-wg mailing list