This might sound like a nit, but we have this text in the draft, as
a use case for null auth: "User wants to get some simple action from the remote device. Consider garage door opener: it must authenticate user to open the door, but it is not necessary for the user to authenticate the door opener. In this case one-way authentication is sufficient." The problem is, this is an incorrect protocol. Specifically, a MITM (who might be physically located by the kitchen door), could redirect the protocol exchange to a door different from the one I intended to open. Seeing that nothing happens, I will simply press the remote again and open the garage door, too. This is of course a generic problem, where unauthenticated protocols have unforeseen consequences. Thanks, Yaron |
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec