[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-cifs
Subject:    Re: possible port number solution?
From:       Paul Leach <paulle () MICROSOFT ! COM>
Date:       1998-01-28 19:51:36
[Download RAW message or body]


> ----------
> From:         Danilo Almeida[SMTP:dalmeida@MIT.EDU]
> Reply To:     Common Internet File System
> Sent:         Tuesday, January 27, 1998 6:57 PM
> To:   CIFS@DISCUSS.MICROSOFT.COM
> Subject:      Re: possible port number solution?
>
> On Jan 23 1998, Paul Leach <paulle@MICROSOFT.COM> wrote:
>
> > I didn't say or mean to imply that they were trivial. And some of them
> might
> > not even better except in one or two ways. One of them for example,
> would
> > imply a change to TCP -- not likely, to say the least. The idea would be
> to
> > set a flag in the TCP SYN header that said to the TCP stack on the
> target
> > host "only accept this connection if a trusted process is listening for
> it".
> > This would essentially enlarge the space of possible priviliged ports,
> so
> > that they wouldn't need to be rationed any more stringently than the
> > unprivileged ones. Another is have a server use more than one IP address
> --
> > one for the system and one for the untrusted users; the kernel would not
> > allow user processes to listen() on the "trusted" IP address. The neat
> thing
> > about this is that it generalizes to multiple groups of mutually
> distrusting
> > users -- each one could have its own IP address, and the system would
> > prevent one group's processes from starting services on the other
> groups' IP
> > address. This is not a great solution for IPv4, because IP addresses are
> > almost in short supply as ports, but for IPv6 it might be feasible.
>
> These ideas are in the same domain as priviledged ports.  That is,
> they do not address the fundamental security issue: authentication --
> specifically, server authentication.
>
> As long as it is impossible to authenticate the server, there is no
> change to TCP that will lead to proper security.  (Well, unless the
> change to TCP does server authentication :-)
>
> I am not sure Paul believes that what he wrote above is a good idea, but
> I don't want others getting the wrong idea.
>
I only said they were better than privileged ports. We both agree that
server authentication is the way to go.

Paul

----------------------------------------------------------------
Users Guide http://www.microsoft.com/sitebuilder/resource/mailfaq.asp
contains important info including how to unsubscribe.  Save time, search
the archives at http://discuss.microsoft.com/archives/index.html

[prev in list] [next in list] [prev in thread] [next in thread]