[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Evaluation: draft-ietf-idmr-igmp-mrdisc - Multicast Router Discovery to Proposed Standard

To: iesg-secretary@ietf.org, iesg@ietf.org
Subject: Re: Evaluation: draft-ietf-idmr-igmp-mrdisc - Multicast Router Discovery to Proposed Standard
From: Russ Housley <housley@vigilsec.com>
Date: Fri, 28 Mar 2003 17:04:33 -0500
In-reply-to: <200303282133.QAA19779@ietf.org>

Russ Housley [ ] [ X ] [ ] [ ]

Comment:

I think that the Security Considerations section is pretty weak. I do not feel strongly enough to delay the document, but I want to document my concerns. I have two points.

First, if a rogue sends a Multicast Router Advertisement message, then legitimate routers will send multicast traffic to the associated port. The authors correctly point out that this is an easy way to eavesdrop. However, further explanation is needed to understand how these can become a denial of service attack on legitimate multicast flows.

Second, the authors assert that the messages are extensible, and thus security features could be added later. While I see how this is possible for data integrity and authentication, I do not see how this is possible for confidentiality. I do not see the benefits of encryption in this protocol, but the authors raise it as a possibility in the future. What is the threat that they are thinking about?

Russ

References:
- Evaluation: draft-ietf-idmr-igmp-mrdisc - Multicast Router Discovery to Proposed Standard
  - From: IESG Secretary <iesg-secretary@ietf.org>

Prev by Date: Telechat Agenda and Package will be sent soon
Next by Date: Evaluation: draft-ietf-atommib-opticalmib - Definitions of Managed Objects for the Optical Interface Type to Proposed Standard
Previous by thread: Evaluation: draft-ietf-idmr-igmp-mrdisc - Multicast Router Discovery to Proposed Standard
Next by thread: Re: Evaluation: draft-ietf-idmr-igmp-mrdisc - Multicast RouterDiscovery to Proposed Standard
Index(es):
- Date
- Thread