Hi Tony, Thanks for reviewing the draft!
Replying to your concern on the security considerations "t would be nice to have a warning text such as: "Note that if a Secure Proxy ND is corrupted, it can impersonate all the node in the subnet in which it is authorized to act as a proxy." I wouldn't use the term impersonate -- the delegation certificate doesn't allow the proxy to impersonate nodes (they're only used for SEND), only to issue ND signalling on their behalf. So a compromised proxy is able, like a compromised router, to siphon off traffic from the host, or mount a man-in-the-middle attack. Looking at RFC 3971 for compromised router, it states: SEND does not protect against brute force attacks on the router, such as DoS attacks, or against compromise of the router, as described in Sections 4.4.2 and 4.4.3 of [RFC3756]. (as a side note the sections number of RFC 3756 being referred to above do not exist, I believe it should say 4.2.2 and 4.2.3. Could be fixed in a revision of RFC 3971) So maybe we want to say something like: Thanks to the authorization certificate it is provisioned with, a proxy ND is authorized to issue ND signalling on behalf of nodes on the subnet. Thus, a compromised proxy is able, like a compromised router, to siphon off traffic from the host, or mount a man-in-the-middle attack. As for SEND, which does not protect against against compromise of the route as described in Sections 9.2.4 of [RFC3971], Secure Proxy ND Support for SEND does not protect against compromise of the proxy ND. What do you think? --julien ________________________________________ From: [email protected] [[email protected]] On Behalf Of Tony Cheneau [[email protected]] Sent: Thursday, November 19, 2009 2:54 AM To: [email protected] Cc: [email protected] Subject: [CGA-EXT] Comments on draft-ietf-csi-proxy-send-01 Hello, I reviewed draft-ietf-csi-proxy-send-01 and have the following comments/remarks: - In section 4.1, "figure 1: Proxy ND operations", in the first message, I think the "SLLAO = B_LL" should be "SLLAO = A_LL" - Small typo in section 6, "(PSO.)" should be "(PSO)." - I have a concern about the content of the Security Considerations (Section 8). It would be nice to have a warning text such as: "Note that if a Secure Proxy ND is corrupted, it can impersonate all the node in the subnet in which it is authorized to act as a proxy." - The section 10 (normative references) contains a reference to [I-D.ietf-netlmm-proxymip6] that is now RFC 5213 As you can see, I have only minor comments. The document is in a good shape. Hope it helps. Regards, Tony Cheneau _______________________________________________ CGA-EXT mailing list [email protected] https://www.ietf.org/mailman/listinfo/cga-ext _______________________________________________ CGA-EXT mailing list [email protected] https://www.ietf.org/mailman/listinfo/cga-ext
