#13: Protection of Data Outside Tunnel > Section 4.2.3 > > "If modification of this information can cause > vulnerabilities, the tunnel method MUST provide protection against > modification of this data." > > This seems a bit vague. Why not just require secure > confirmation of the protocol version and/or type code, either > implicitly or explicitly? > This is vague because a tunnel method may include other data outside the tunnel. How about adding:
"The tunnel method MUST provide implicit or explicit confirmation of the protocol version and type code." > Section 6.3 > > " The tunnel method will use data that is outside the TLS tunnel such > as the EAP type code or version numbers. If an attacker can > compromise the protocol by modifying these values the tunnel method > MUST protect this data from modification." > > Why is it necessary to protect the data from modification in > order to address the attacks? For example, if the key > derivation is unique to an EAP type, then modifying the type > would cause proof of key possession to fail. Wouldn't this > be sufficient? Yes, the text says if an attacker can compromise the method by modifying the data. In the example you cite as long as you are sure the proof of possession will fail then the EAP type does not need additional protection. We could add a sentence: "In some cases external data may not need additional protection because it is implicitly verified during the protocol operation." -- Ticket URL: <http://trac.tools.ietf.org/wg/emu/trac/ticket/13> emu <http://tools.ietf.org/wg/emu/> _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
