Dear all: I'm looking for a consensus on how to address the following review comment on the 6TiSCH Architecture by Benjamin:
> I'd like to see some discussion somewhere that the Join Proxy needs to take > care > to not be an open redirector by which an unauthenticated pledge can attack > arbitrary network elements (whether within the LLN or on the broader > network), e.g., by performing some validation on the claimed MASA identifier. > Similarly, that the JRC will be exposed to lots of untrusted input and needs > to be > implemented in an especially robust manner. Then again I'd like to discuss the split of what goes in the architecture and what goes in Minimal security or elsewhere. What do you think? Pascal
_______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
