> Your attacker is often a legitimate user of the link.
>
Right, that's the point I was trying to bring up in my response to Alex.
Just because someone has undergone
AAA successfully doesn't mean that they won't disrupt the link.
> A person who's trusted on the link can forge packets from any other
> user on the link... including the router, or any other neighbors.
>
> In a perfect world, ND would allow a host to only do host-type things,
and
> then only on behalf of the host itself.
>
> You _might_ be able to separate out the router-advertising functions
of ND by
> using an AH auth transform that is a digital signature, but processing
this
> in interrupt context would be painful.
>
> Solve the aforementioned Jeff Schiller problem, and you probably can
secure
> ND. If you can't, all such solutions will just limit your
troublemakers to
> who is allowed on the LAN.
>
> To be fair, in some cases that's Good Enough (TM). Perhaps I should
bring
> back link-shared secret from the dead.
>
What we were trying to do in the ABK draft was provide a way that a node
on the link could determine definitively that a particular ND/RA message
came from the node/router possessing that identity. There main issue is
some way to establish the right of the node to possess that identity
beforehand, and we included sketches of a couple ways that seem
consistent with current practice. We probably need to flesh these out
some.
That said, ABK is a new an largely unknown technology. In the security
area, old and well trusted technologies are often easier to make work,
because the holes are well known and can be patched around. So a
solution based on IPsec, should it be possible to make it work and prove
secure, would certainly be of interest.
jak
jak
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
