On 9/9/20 23:17, Uri Blumenthal wrote:
Capability-wise, what's the likelihood that the attacker would be
present on the southbound interface, but *not* on the northbound one?
I'm not sure I could talk about "likelihood" in any measurable way.
But I'd argue that, generally speaking, anyone that shares the same
LAN/Connection will be on the southbound interface (e.g., think of a
cyber-cafe, university network, enterprise network, or whatever) whereas
in order to be present on the northbound interface you'd probably
normally be:
* A rogue ISP
* A state actor, or,
* Somebody that managed to get to the right cable.
For the "normal" attacker, I'd say it's much more likely to be present
on the south-bound interface, whereas for other cases, I guess it could
be both.
Thanks,
--
Fernando Gont
e-mail: fernando@xxxxxxxxxxx || fgont@xxxxxxxxxxxxxxx
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
