I would consider grouping REQ-6 and REQ-7 as a minimum security requirements for a DMM solution..
- Jouni On May 7, 2012, at 9:15 PM, h chan wrote: > REQ-7: Signaling message protection > Signaling messages of the protocol solutions for DMM SHALL be protected in > terms of authentication, data integrity, and data confidentiality. Data > confidentiality to signaling messages SHALL be opt-in or opt-out depending on > network environments or user requirements. > > REQ-7M (Motivation and problem statement) > Signaling messages are subject to various attacks since those messages carry > context of a mobile host/router. For instance, a malicious node can forge and > send a number of signaling messages to redirect traffic to a specific node. > The result of such an attack is both the specific node becomes under a denial > of service attack and other nodes do not receive their traffic. As signaling > messages travel over the Internet, the end-to-end security is required. > > > (The above has been drafted with contributions, inputs and discussions from > various people. Additional contributions and comments are most welcome.) > > H Anthony Chan > > > _______________________________________________ > dmm mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmm _______________________________________________ dmm mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmm
