Jürgen Schönwälder <[email protected]> wrote: >> Since the communication is stateless, you have observed that any node on the >> network can impersonate the Registrar, send what appears to be reply traffic >> towards a join proxy (from the secured/authenticated side of the network), >> and the traffic will get sent to the unauthenticated/insecure side of the network.
> I think there are two scenarios to consider. My understanding is that
> we have this situation:
Let me label the networks:
> Pledges --(a)-- Proxy --(b)-- Registrar
> 1) A malicious pledge sending spoofed requests to the Registrar where
> the answer then hits some other target pledge.
(a) operates unencrypted (or perhaps weakly encrypted with a well-known key)
(b) operates encrypted.
A malicious pledge can not send traffic on network (a) purporting to be from
network (b). So I don't think that this can happen.
The proxy should not respond to malicious traffic on the (a) network.
> 2) A malicious node on the network where the Registrar resides using
> the proxy to send messages to arbitrary pledges.
Yes, I agree that this can happen.
> While doing bad things to the registrar is one aspect, there is also
> the aspect of doing bad things to pledges, no?
Yes, they could, and the could do this directly using unencrypted LL packets.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
