[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Evaluation: draft-ietf-vrrp-spec-v2-09
In message <5.2.0.9.2.20031029092702.01ffb5d8@mail.binhost.com>, Russ Housley w
rites:
>draft-ietf-vrrp-spec-v2-09.txt
>Virtual Router Redundancy Protocol (Draft Standard)
>
> Russ Housley [ ] [ ] [ X ] [ ]
>
> Section 10, the security considerations, clearly indicates that
>incorrectly configured or hostile routers can become VRRP masters. This
>statement proves the need for an authentication mechanism However,
>previously supported authentication is being removed. I believe that the
>section should be expanded to state what harm a malicious router can cause
>if it becomes the VRRP master.
>
>
The authentication option was removed because it did nothing in the
face of arp-spoofing.
--Steve Bellovin, http://www.research.att.com/~smb