eap Mailing List: RE: RE: Comments on draft-adrangi-eap-network-discovery-07.txt

[Adrangi, Farid (farid.adrangi]

Thanks Geln.  Please see my comments inline.
Farid

> -----Original Message-----
> From: Glen Zorn (gwz) [mailto:gwz [at] cisco.com] 
> Sent: Friday, February 11, 2005 6:25 PM
> To: gwz [at] cisco.com; Adrangi, Farid; iesg [at] ietf.org
> Cc: Lortz, Victor; farooq.bari [at] attws.com; 
> Pasi.Eronen [at] nokia.com; eap [at] frascone.com
> Subject: RE: [eap] RE: Comments on 
> draft-adrangi-eap-network-discovery-07.txt
> 
> 
> Glen Zorn (gwz) <> supposedly scribbled:
> 
> ...
> 
> >> 
> >> In security section, we mention possible attack scenarios and
> some
> >> methods to prevent them.  Did we miss any?  What is the attack
> >> scenario that you have in mind?
> 
> Sorry, I missed this one.  It seems that it enables attacks against
> the greater network; 
[FA] Right.  But, what are they? We mentioned some in the document --
let's identify the ones that we missed.
> it's not an attack against your protocol, per
> se, 
[FA] The draft does not provide any new protocol.  We are using existing
EAP protocol with no changes.

>but it seems that your protocol is giving away (by design) a lot
> of information about network topology and even contracts to anybody
> who happens along.

[FA] yes, roaming partners of the access network is given away.  So,
let's identify how MITM can take advantage of the information and attack
the network, in addition to what we already mentioned it in the draft.

>  That's almost never a good idea.  It would be
> far less revealing if the EAP peer were to send a list of realms it
> was willing to use.
> 
> Hope this helps,
> 
> ~gwz
> 
> Why is it that most of the world's problems can't be solved by
> simply
>   listening to John Coltrane? -- Henry Gabriel
>