RE: ISCSI: Urgent Flag requirement violates TCP.

["Douglas Otis" <dotis@sanlight.net>]

David,

A protocol that allows a simple random scan to locate critical information
is less secure than one that remains obscure.  A reason for not attaching
text names to logical devices within the transport.  This tagging and
marking facilitates a simple low overhead snooping of the transport.  Such
consideration should not be seen as a rat hole.  For those wishing to add
high overhead of compression and encryption to ensure data remains obscured
in all cases, as would be advised in public environments with critical
information, then how data is revealed within the transport is less
important.  There are cases where being careful to obscure information by
sheer opaque quantities is also a legitimate practice in less vulnerable
environments.  Locking your car door is not 100% assurance, but leaving the
keys in the ignition is being careless.  Should a transport leave the keys?

Doug


> > In the same manner an urgent pointer would be useful to an analyzer, it
> > would also be useful to a snooper in that this mechanism can be seen to
> > weaken security.  Yet another reason to make this an optional
> feature.  As
> > an analyzer would need to be fully in the path to see switched
> packets, an
> > analyzer should be able to remain synchronous with the stream.
>
> With my co-chair hat off.  This is not a useful security property - can we
> avoid sending discussion down this rathole, please?  Assuming that an
> adversary does not understand the information s/he has obtained is
> usually a mistake in a security analysis.
>
> --David
>
> ---------------------------------------------------
> David L. Black, Senior Technologist
> EMC Corporation, 42 South St., Hopkinton, MA  01748
> +1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
> black_david@emc.com       Mobile: +1 (978) 394-7754
> ---------------------------------------------------
>
>