-
Key: CORBA34-283
-
Legacy Issue Number: 7313
-
Status: closed
-
Source: Syracuse University ( Joncheng Kuo)
-
Summary:
The title of Section 1.7, End-to-End Secure Connection, is misleading. There is no end-to-end security in the firewall traversal spec. All security mechanisms described in this spec are essentially mechanisms between a client, firewalls, and a server, not end-to-end. Thus, it is susceptible to the man-in-the-middle attack.
I'm saying we should fix the problem, but the title of this section and the caption of Figure 1-4 is certainly misleading. Besids, if the firewall traversal scheme described in the spec is actually susceptible to the man-in-the-middle attack, we may want to consider stating it somewhere in the spec rather than making people have a wrong impression that it is secure
-
Reported: CORBA 2.5 — Thu, 6 May 2004 04:00 GMT
-
Disposition: Deferred — CORBA 3.4
-
Disposition Summary:
Deferred
This proposal was generated automatically by request of the Task Force Chair Adam Mitz.
-
Updated: Wed, 1 Feb 2023 21:59 GMT
CORBA34 — Firewall FTF Issue: No ene-to-end security for firewall traversal
- Key: CORBA34-283
- OMG Task Force: CORBA 3.4 RTF