[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: draft-nordmark-multi6-threats-01.txt
> Well, I think that authenticated at this layer is very difficult. One could
> make a case that you could authenticate Santa Claus' IP address but not
> Santa himself - what if one of his elves is actually talking to you, Erik?
Of course. The names at this layer are some identifier - and many proposals
have identifiers that are binary 128 bits. Thus "santa claus" was
merely a prettier way than using 9993:8192:56bb:9258:34:99:8192:5882
as the example.
So restating my example, a threat might be that an attacker can impersonate
9993:8192:56bb:9258:34:99:8192:5882 at the IP/multi6 layer.
But I don't think this impersonation is a means to the end of being able
to attack integrity, confidentiality, or availability.
Thus to me it doesn't seem to add anything listing "impersonation"
at the same level as integrity, confidentiality, and availability.
What does make sense is to look at how the ability to cause redirection
has an impact on I, C, and A.
Erik