Hi all, I just read through the security consideration section of http://tools.ietf.org/html/draft-ietf-alto-protocol-14 and it raised some questions for me.
As someone who has not followed the work closely I unfortunately have to say that I do not understand why you came up with the current security solution. It is not clear to me what the threats are. Just as an example: Why would someone want to sent a client fake ALTO information or impersonate a server? What would be their benefit? If they do that wouldn't it be easier to then attack the discovery mechanism? What is the relationship between the client and the server? Is it always dynamically discovered or are there cases where the client has an ALTO server address pre-configured? Do you need confidentiality protection of the exchange between the client and the server? Would you consider the information that the server provides as public information? There is text about denial of service attacks but that is not really core to the topic since the usage of TLS will likely make the DoS vulnerable worse. The reference to SIP puzzles is misleading (since you are not using SIP nor cryptographic puzzles in TLS). I don't understand from the reading whether client authentication functionality has to be provided or not. It is too fuzzy; you cannot develop an interoperable based on the current description. There are many ways to do client authentication and there is always the question about key management. Ciao Hannes PS: Please stop using the term SSL since it shows that you have no idea about security. SSL was the precursor to TLS; the work on TLS (of the different versions) had fixed security vulnerabilities of SSL. Have a look at the Wikipedia to get a brief summary of the history: http://en.wikipedia.org/wiki/Transport_Layer_Security _______________________________________________ alto mailing list [email protected] https://www.ietf.org/mailman/listinfo/alto
