Op 7 nov. 2012, om 16:39 heeft Dan York het volgende geschreven: > Teco, > > I am participating in IETF 85 remotely and Lee Howard went to the mic in > today's session to relay this question (thanks, Lee!). However, I did not > hear any answer. My question is: > ---- > Has any security analysis been done on the approach suggested in > draft-boot-homenet-brdp? Not in detail. BRDP runs on ND RA, and inherits much of it. That said, BRIO is dissemination is multi-hop. This has impact.
> Is any security analysis planned? I see the Security Considerations section > of the draft is "TBD" but on a brief read of the draft I worry an attacker > could misuse it. There are mechanisms protecting roque RAs. Or have security at sub-IP. > ---- > > For instance, an immediate question in my mind was whether an attacker could > somehow inject an advertisement with the "D" flag off and causing internal > routers to believe that the Border Router is NOT acting as a DHCP server? > Could an attacker inject modified BRIOs to, for instance, modify the cost of > routes? Yes, thinks can happen. I do not see much difference with other attacks on RA. > > Are these valid concerns? Or are they protected against by other mechanisms? > I don't know. > > For someone new to reading this draft, it would be helpful to have some > commentary in "Security Considerations" about how secure this proposal is. Agreed. As said, cleanup is needed. A next version will have the Security Considerations. Hopefully the -01. Teco > > Just my 2 cents, > Dan > > -- > Dan York dy...@lodestar2.com > http://www.danyork.me/ skype:danyork > Phone: +1-802-735-1624 > Twitter - http://twitter.com/danyork > > >
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet