On Apr 4, 2011, at 4:32 AM, Hannes Gredler wrote: > > so my question is: "why do we need to solve the same problem > (= protecting message integrity) 2 times in different ways" ?
This new machinery simply introduces object-level integrity functions in the application (i.e., BGP), it does nothing to ameliorate attacks at lower layers - all those substrate attack vectors (e.g., transport connection resets, injection or replay attacks) still exist and require controls as well -- else things might break in even uglier ways at higher layers. Viva la layered security, -danny _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
