On Fri, Mar 15, 2013 at 10:09:56AM -0400, Wendy Roome wrote: > Seems to me that if the "bad guys" can subvert DHCP and DNS servers, > they've already taken over the network. Why would they bother spoofing an > ALTO server?
for the P2P use case you are probably right - if you control DNS you can probably do much cooler things than pessimize P2P traffic patterns. on the other hand, you could subert DNS, change as little as possible hoping it remains undetected, but spoof the ALTO server in order to turn a large P2P network in a DDoS infrastructure. OK, maybe this is a bit silly ... ... on the other hand we should really care about security in our base protocol. There is more than just the P2P use case, look at the various proposed extensions and think of use cases that didn't even come to our minds yet. Furhermore it is in general a good practice to have several lines of defense. Attacks against DNS and DHCP get less interesting if every applications (including the presumably "boring" ones) can detect spoofing. Adding this detection mechanisms may be easier than making DNS and DHCP secure in the first place. Thanks Sebastian _______________________________________________ alto mailing list [email protected] https://www.ietf.org/mailman/listinfo/alto
