: )
I used the heavy weaponry in -25; madi minimal a normative reference and added:
"
6.7. Deeper Considerations
The reader is encouraged to review the security section of
[I-D.ietf-6tisch-minimal-security], which discusses 6TiSCH security
issues in more details.
"
Works?
Pascal
On Thu, Aug 22, 2019 at 05:00:39PM -0400, Michael Richardson wrote:
>
> Pascal Thubert (pthubert) wrote:
> > I’m reading a question of possibility multiple JRC whereby the pledge
> > would indicate which JRC to use and possibly leverage that for an
> > attack on anyone outside.
>
>
Pascal Thubert (pthubert) wrote:
> I’m reading a question of possibility multiple JRC whereby the pledge
> would indicate which JRC to use and possibly leverage that for an
> attack on anyone outside.
No, the pledge intentionally has no way to signal alternate destinations.
--
]
Many thanks Malisa
I agree but I’m not sure it’s just that.
I’m reading a question of possibility multiple JRC whereby the pledge would
indicate which JRC to use and possibly leverage that for an attack on anyone
outside.
For all I know the knowledge of the JRC is in the root, and it’s not
Hello Pascal,
The issue that Ben outlines was solved through two separate mechanisms that are
detailed in draft-ietf-6tisch-minimal-security:
1) The traffic that JP redirects into the network on behalf of unauthenticated
pledges is tagged using IPv6 DSCP such that it can be distinguished from
Michael Richardson wrote:
> Pascal Thubert (pthubert) wrote:
>> I'm looking for a consensus on how to address the following review
>> comment on the 6TiSCH Architecture by Benjamin:
> a) I don't think that any details about the Join Proxy belongs in the
> architecture
Pascal Thubert (pthubert) wrote:
> I'm looking for a consensus on how to address the following review
> comment on the 6TiSCH Architecture by Benjamin:
a) I don't think that any details about the Join Proxy belongs in the
architecture document.
Any text in the architecture
Dear all:
I'm looking for a consensus on how to address the following review comment on
the 6TiSCH Architecture by Benjamin:
> I'd like to see some discussion somewhere that the Join Proxy needs to take
> care
> to not be an open redirector by which an unauthenticated pledge can attack
>