[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: shim6 control packets coming from unkown locators



Hi Brian,


El 27/09/2007, a las 21:51, Brian E Carpenter escribió:

Marcelo,

On 2007-09-28 02:45, marcelo bagnulo braun wrote:

<big snip>
...
For the R1bis message, it would result in a reduction of security, since anyone knowing the context tag value could tear down a context even if he is not located along the path. this could be enough, though So, the question is general for all the spec, should we support control messages from unknown locators?

This makes me very nervous that we'd be opening a fairly big security
hole that would be quite painful to close.


agree that security issues should be addressed carefully, but i think this is possible, at least for UPDATE packets. Probe packets may require a bit more thought, and will require an UPDATE before actually sending packets to the locators, but i think it should work.

Regards, marcelo


   Brian