After reviewing this document, I have one concern below, and some nits
that I'll send to the editor. Otherwise it looks good to me.
In sections 4.1 and 4.2, there are two different to-be-signed
structures. If I understand correctly, the same router keys will be used
to sign data from both structures. It might be possible for an attacker
to take a valid signature of data from the structure in 4.2, and present
it as a valid signature of the same bytes interpreted with the structure
in 4.1. I'm not sure anything malicious could be done this way, but
reinterpreting the meaning of signed data seems like a bad idea to me.
It would be easy to prevent this by prepending both structures with a
single byte that MUST BE 0 for 4.1 and MUST BE 1 for 4.2. Apologies if
this has already been discussed and is not an issue.
--
David Eric Mandelberg / dseomn
http://david.mandelberg.org/
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
