[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Evaluation: draft-ietf-vrrp-spec-v2-09

To: Russ Housley <housley@vigilsec.com>
Subject: Re: Evaluation: draft-ietf-vrrp-spec-v2-09
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Wed, 29 Oct 2003 20:26:17 -0500
Cc: iesg@ietf.org
In-reply-to: Your message of "Wed, 29 Oct 2003 09:28:18 EST." <5.2.0.9.2.20031029092702.01ffb5d8@mail.binhost.com>

In message <5.2.0.9.2.20031029092702.01ffb5d8@mail.binhost.com>, Russ Housley w
rites:
>draft-ietf-vrrp-spec-v2-09.txt
>Virtual Router Redundancy Protocol (Draft Standard)
>
>   Russ Housley         [   ]     [   ]     [ X ]     [   ]
>
>   Section 10, the security considerations, clearly indicates that 
>incorrectly configured or hostile routers can become VRRP masters.  This 
>statement proves the need for an authentication mechanism  However, 
>previously supported authentication is being removed.  I believe that the 
>section should be expanded to state what harm a malicious router can cause 
>if it becomes the VRRP master.
>
>
The authentication option was removed because it did nothing in the 
face of arp-spoofing.  

		--Steve Bellovin, http://www.research.att.com/~smb

References:
- Evaluation: draft-ietf-vrrp-spec-v2-09
  - From: Russ Housley <housley@vigilsec.com>

Prev by Date: RE: Comments on draft-ietf-ipr-submission-rights-08 and draft-ietf-ipr-technology-rights-12
Next by Date: discuss on draft-ietf-geopriv-dhcp-lci-option
Previous by thread: Evaluation: draft-ietf-vrrp-spec-v2-09
Next by thread: Re: Evaluation: draft-ietf-vrrp-spec-v2-09
Index(es):
- Date
- Thread