Hi, thanks for the quick response! One comment below.
Ben.
On 27 Sep 2016, at 4:44, [email protected] wrote:
- section 3: "This may lead to setting a different IPv4 service
continuity mechanism than the one initially preferred by the
network
side"
Are there consequences of that that should be discussed? E.g.
bid-down
attacks, ability to direct packets via a compromised path, etc? (I'm
not
saying there are; I'm just asking.)
[Med] We didn't include examples of such consequences because those
attacks depend on the modification of other DHCPv6 options that are
not defined in this document. For example, the ability to direct
packets via a compromised path will require the modification of the
content of DHCPv6 Option #64 or #90 to redirect packets to an
illegitimate AFTR/BR.
What about the following change:
OLD:
Misbehaving intermediate nodes may alter the content of the S46
Priority Option. This may lead to setting a different IPv4 service
continuity mechanism than the one initially preferred by the
network
side.
NEW:
Misbehaving intermediate nodes may alter the content of the S46
Priority Option. This may lead to setting a different IPv4 service
continuity mechanism than the one initially preferred by the
network
side. For example, a misbehaving node may alter the context of the
S46
Priority Option and other DHCPv6 options (e.g., DHCPv6 Option #64
or #90)
so that the traffic is intercepted by an illegitimate node.
That helps. I was thinking more in terms of the S46 priority option
specifically, but I guess it doesn't hurt to mention others. If one can
modify the DHCPv6 options in general, one can do plenty of mischief
without S46 Priority. Does adding S46 priority add any _new_ issues to
that? I suspect the answer is "no", but if so it would be worth saying
that.
_______________________________________________
Softwires mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/softwires
