Hello! I am a student taking Internet Communications and our class is just finishing up our "security" section and I have a few questions about rfc 5387. -In the section 1.1 (Authentication) it is mentioned that is possible to use a trusted third party, could this be a third ?peer?, proxy, and or STUN server? -Could BTNS use Chords? -In section 1.2, it is mentioned ?the peer's identity is the same for the lifetime of the packet flow?, can this identity be reused so it is open to attacks? -In this RFC it is mentioned that obtaining a security certificate could take a while. I?ve never had to get one, so how long does it take? Why would it be necessary to skip? -MitM attacks are mentioned frequently, how are users detecting them to ensure they can use BTNS? -Although it can be cumbersome, what?s wrong with having redundancy? ?. . . authentication at both the network layer and a higher layer for the same connection.? Or is this where one authentication might fail? -Is BTNS a form of best effort encryption? -From section 4, BTNS protects security associations after they are established by reducing vulnerability to attacks from parties that are not participants in the association.? Doest this include MitM attacks?
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.