Please check this updated REQ6 in draft-ietf-dmm-requirements-02:
REQ6: Security considerations
DMM protocol solutions MUST consider security aspects,
including confidentiality and integrity. Examples of aspects
to be considered are authentication and authorization
mechanisms that allow a legitimate mobile host/router to use
the mobility support provided by the DMM solution; signaling
message protection in terms of authentication, encryption,
etc.; data integrity and confidentiality; opt-in or opt-out
data confidentiality to signaling messages depending on
network environments or user requirements.
Motivation: Mutual authentication and authorization between a
mobile host/router and an access router providing the DMM
service to the mobile host/router are required to prevent
potential attacks in the access network of the DMM service.
Various attacks such as impersonation, denial of service, man-
in-the-middle attacks, and so on, can be mounted against a DMM
service and need to be protected against.
Signaling messages can be subject to various attacks since
they carry critical context information about a mobile node/
router. For instance, a malicious node can forge a number of
signaling messages thus redirecting traffic from its
legitimate path. Consequently, the specific node is under a
denial of service attack, whereas other nodes do not receive
their traffic. As signaling messages may travel over the
Internet, end-to-end security could be required.
H Anthony Chan
_______________________________________________
dmm mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmm
