> Very good point Erik, thank you. We will certainly take that into > consideration going forward. This is also why we are proposing a mix of > two to three CER/ISP Edge determining characteristics (e.g. Including the > CER_ID option as well as the /48 prefix check, etc.).
Yeah, well about that: I don't see any discussion of the security of this CER_ID option. If a hipnet device were operating in an environment in which such a thing could be spoofed then it would be trivial to punch open a hipnet network. Furthermore, it will be bad press when someone inevitably publishes an article documenting that your ISP can punch open your hipnet network if they so choose just by publishing a CER_ID to you. Really bad press. Maybe this is discussed in the CER_ID doc and you intended to pull its security considerations in by transitive closure, I don't know. _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
