Jürgen Schönwälder <j.schoenwaelder@xxxxxxxxxxxxxxxxxxxx> wrote:
>> Since the communication is stateless, you have observed that any node on the
>> network can impersonate the Registrar, send what appears to be reply traffic
>> towards a join proxy (from the secured/authenticated side of the network),
>> and the traffic will get sent to the unauthenticated/insecure side of the network.
> I think there are two scenarios to consider. My understanding is that
> we have this situation:
Let me label the networks:
> Pledges --(a)-- Proxy --(b)-- Registrar
> 1) A malicious pledge sending spoofed requests to the Registrar where
> the answer then hits some other target pledge.
(a) operates unencrypted (or perhaps weakly encrypted with a well-known key)
(b) operates encrypted.
A malicious pledge can not send traffic on network (a) purporting to be from
network (b). So I don't think that this can happen.
The proxy should not respond to malicious traffic on the (a) network.
> 2) A malicious node on the network where the Registrar resides using
> the proxy to send messages to arbitrary pledges.
Yes, I agree that this can happen.
> While doing bad things to the registrar is one aspect, there is also
> the aspect of doing bad things to pledges, no?
Yes, they could, and the could do this directly using unencrypted LL packets.
--
Michael Richardson <mcr+IETF@xxxxxxxxxxxx> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
Attachment:
signature.asc
Description: PGP signature
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
