Hi, Reading draft-ietf-i2rs-architecture-02 I notice that the draft only talks about ³client authentication² with the possible exception of:
³all control exchanges between the I2RS client and agent should be authenticated and integrity protected² (Which could indicate that messages from the agent is authenticated and not only integrity protected.) My view is that the client and the agent should always be mutually authenticated. Otherwise I2RS is open for attacks with fake agents falsly claiming to be a Routing Element. E.g. the current draft of "ETSI Network Functions Virtualisation (NFV); NFV Security; Problem Statement" states that: "It is important, of course, for there to be two-way authentication between the controller and switching/routing entities. Should the controller be spoofed, the switching fabric is at risk of being taken over and misused. On the other hand, should the switches be spoofed, there are equally concerning issues: The intended topology of the virtual network may be revealed to an attack, yielding useful mapping and attack data; The controller, which should act as a trusted holder of knowledge of the state of the network, ceases to hold this role. " In any case, text talking about the requirements on agent authentication should be added to the architecture draft. - Small editorial in section 4: "requires integrity, privacy and replay protection." -> "requires integrity, confidentiality and replay protection." --------------------------------------------------------------------------- ----------------------------------------- JOHN MATTSSON MSc Engineering Physics, MSc Business Administration and Economics Ericsson IEFT Security Coordinator Senior Researcher, Security Ericsson AB Security Research Färögatan 6 SE-164 80 Stockholm, Sweden Phone +46 10 71 43 501 SMS/MMS +46 76 11 53 501 [email protected] _______________________________________________ i2rs mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2rs
