On 6/24/2011 12:40 AM, Jari Arkko wrote: > We discussed this draft today. The remaining Discuss was about how > mandatory we should make IPsec. You had discussed about a SHOULD with > Stephen. I suggested that while interoperability is useful and > mandatory-to-implement mechanisms are good for it, we also have to talk > about how much value we bring with a security mechanism. In this case > there are some issues like MITMs able to block PANA packets. However, > some of these vulnerabilities are not helped by relay - PAA security, as > the relay can still do bad things, and because ARP/ND vulnerabilities > between the client and relay in any case make it possible to become a > MITM. Stephen had some suggested text that I agree with: > > "PRE/PAA security is OPTIONAL since PANA messages are designed to be > used in untrusted networks, but if cryptographic mechanism is supported, > it SHOULD be IPsec."
This is an interesting statement. Just one question: if it is not possible to use the protocol in a secure fashion (the claim being that MITM attacks are impossible to prevent), how is it that the protocol is "designed to be used in untrusted networks"? ...
<<attachment: gwz.vcf>>
_______________________________________________ Pana mailing list Pana@ietf.org https://www.ietf.org/mailman/listinfo/pana
