On Mar 27, 2013, at 8:59 AM, Tom Taylor <[email protected]> wrote:
> The meeting minutes record a disagreement over what port mapping algorithm to > use. This affects both MAP-E and LW 4over6. As I understand it: > > - either of these two technologies will work with either contiguous ports or > ports scattered according to the GMA algorithm > > - the real objection to GMA comes from Alain Durand, who wants to set up > simple min-port, max-port filters on his network equipment. > > > We all agree that port scattering offers negligible security advantage. Port scattering, using GMA, provides tiny security advantage. An attacker can determine the Generalized Modulus Algorithm, by causing a victim to open a bunch of TCP connections. One way an attacker can cause a bunch of TCP connections to be opened is by sending an email with a bunch of <img src> tags to servers where the attacker can observe the TCP source ports for the connections. Another way is to do the same with a web page. GMA is a good amount of engineering and confusion for little gain, but the *appearance* of a gain because to a person the port numbers will appear random. On other words, a false sense of security. Port numbers are being used in courts of law and explaining GMA to the lay person will be complex. I believe it is an unnecessary complexity. -d > > The reason that I heard given for preferring GMA for MAP-E is that it > eliminates a restriction on the End-User Ipv6 address because the PSID is > free to range from 0 upwards rather than from some higher number upwards. I > don't follow this argument for two reasons: > > - you now have a restriction that the offset field A must range from 1 upwards > > - the PSID field has an upper limit 2^k-1 imposed by the sharing ratio, > imposing a further restriction on the End-User IPv6 address value. > > Could someone spell out more clearly why the GMA was seen as necessary for > MAP-E? > _______________________________________________ > Softwires mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/softwires _______________________________________________ Softwires mailing list [email protected] https://www.ietf.org/mailman/listinfo/softwires
