On 12/7/2020 4:31 AM, Bernie Volz
(volz) wrote:
FYI:
I understand that solutions like RA
Guard will in practice provide some protection, but the use of these solutions are
not discussed in RFC 8213. The DHCP WG might want to address that.
RFC8415’s security considerations is rather extensive and includes reference to many techniques to reduce the issues. 8213 was written while 8415 was under development.
In the context of the draft, I am concerned in particular with the "resource-exhaustion" DoS attack, through exhaustion of delegatable prefixes. The attack is mentioned in the security section of 8415, but I have not seen the proposed mitigation.
-- Christian Huitema
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
