[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Evaluation: draft-ietf-idmr-igmp-mrdisc - Multicast Router Discovery to Proposed Standard
Russ Housley [ ] [ X ] [ ] [ ]
Comment:
I think that the Security Considerations section is pretty weak. I do not
feel strongly enough to delay the document, but I want to document my
concerns. I have two points.
First, if a rogue sends a Multicast Router Advertisement message, then
legitimate routers will send multicast traffic to the associated port. The
authors correctly point out that this is an easy way to
eavesdrop. However, further explanation is needed to understand how these
can become a denial of service attack on legitimate multicast flows.
Second, the authors assert that the messages are extensible, and thus
security features could be added later. While I see how this is possible
for data integrity and authentication, I do not see how this is possible
for confidentiality. I do not see the benefits of encryption in this
protocol, but the authors raise it as a possibility in the future. What is
the threat that they are thinking about?
Russ