OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-transport message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: DDOS and TRP Error Handling Spec Draft

>>>I don't think that the security environment for the messaging is well
enough
defined that we can throw out useful messaging constructs based on the
alleged defects of the non-defined security apparatus.<<<

I agree.

David

-----Original Message-----
From: Moberg, Dale [mailto:Dale_Moberg@stercomm.com]
Sent: Wednesday, September 06, 2000 9:04 AM
To: 'Christopher Ferris'; Burdett, David
Cc: ebXML Transport (E-mail)
Subject: DDOS and TRP Error Handling Spec Draft


I think that if lessening the chances of a DDOS are within the scope
of TRP, it is certainly an issue for the security focused sub group.

The adversary currently is assumed to have acquired the destination URLs
for many ebXML speakers and then proceeds to go on to submit
bad data, directing error responses to some unfortunate other victim.

The intended victim's destination URL for errors is also presumed static
and known by the adversary.

While I think in general that there are far too many other ways to launch
a DDOS, I suppose it is worth thinking about what can be done to block
the adversary's approach.

1. The destination URLs can be made hard to find. This means a problem
for the Registry; the TPA template access needs to be defined.

2. The URL for an error reply can be made per message specific and
dynamically
generated so that every error gets a non-reused URL for any errors. So
even if the adversary manages to snoop out one error destination URL, 
all the error responses after the first get a 404 or similar refusal. 
In other words, don't reuse the error destination URL when
the DDOS threat is regarded as significant.

3. There are surely other mechanisms that will lessen the threat, including
screening submissions for HTTP authentication from ebXML request messages,
checking SSL certificates during session setup, and so on. But clearly
all these things should be addressed as part of the overall security
TRP sub workgroup. There will be a lot of opportunities potentially for
man in the middle style malaciousness as well as more standard DDOS.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Search: Match: Sort by:
Words: | Help

Powered by eList eXpress LLC